MVC中基于令牌的身份验证 [英] Token based authentication in MVC

问题描述

我想在应用程序中实现基于令牌的身份验证。我想问一下，我在哪里可以在服务器上保存令牌，以便每个请求都可以通过有效令牌进行匹配。我还想知道如何实现令牌验证，以便首先检查每个服务器请求，然后服务器执行所需的操作。



提前致谢。



我的尝试：



当用户登录应用程序时，会生成一个令牌并发送给客户端。客户端然后在每个请求的标头中包含令牌。

I want to implement token based authentication in an application. I want ask, where can I save token on server, so that each request can been matched by valid token. I also want to know how can I implement token validation so that each request to server can be checked first and then server perform required action.

Thanks in advance.

What I have tried:

When User log in the application, a token is generated and send to client. Client then include the token in header of each request.

推荐答案

基本上你需要在服务器上创建令牌，你可以通过映射与用户身份。每个令牌都应具有生命周期，并且也应保留在表中。



令牌可能在认证后提供给客户端。在客户端，您可以将此令牌保留在会话存储或本地存储中。您也可以使用cookie，但我建议您使用会话存储，以便它可以在任何设备上运行。



在向服务器发送任何请求时，必须在标头内包含令牌，并在服务器上匹配令牌和生命时间。你可以有逻辑来增加令牌的生命周期或根据你的需要保持它。



你可以使用OWin身份验证。

查看此帖子使用ASP.NET Web API 2，Owin和身份进行基于令牌的身份验证 - 技术位点 [ ^ ]

Basically you need to create the tokens on the server and you can save those inside database, by mapping with the userid. Each token should have a lifetime and that also should be kept inside the table.

The token should be given to the client perhaps after authentication. At the client end, you can keep this tokens inside the session storage or local storage. You can use cookies as well, but I will suggest you to use session storage so that it can work on any devices.

While sending any request to the server, you have to include the token inside header and match the token and the life time at the server. You can have the logic to increase the token life time or keep it fixed as per your need..

You can you use OWin authentication for this.
Check this post as well Token Based Authentication using ASP.NET Web API 2, Owin, and Identity - Bit of Technology[^]

这篇关于MVC中基于令牌的身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！