如何设置使用asp indentiy生成的密码重置链接的有效时间 [英] How to set the valid time for a password reset link generated with asp indentiy

问题描述

对于我们的新项目，我们希望尽可能多地利用asp.net mvc 5.这包括使用AspNet.Identity工具集来进行用户管理.

For our new project we want to leverage as much of the asp.net mvc 5 as we can. This includes making use of the AspNet.Identity toolset for our user administration.

我们正在使用以下版本:

We are using the following version(s):

  "Microsoft.AspNet.Identity.Core" version="2.2.1" targetFramework="net46" 
  "Microsoft.AspNet.Identity.EntityFramework" version="2.2.1" targetFramework="net46"

在我们以前的自助式应用程序中，我们确保重置链接只能使用一次，并且它们会在一天左右的时间内失效.

In our previous roll-your-own applications we made sure that reset links can be used only once, and that they expire within a day or so.

AspNet.Identiy是否支持类似功能?我在文档中找不到它.

Does does AspNet.Identiy support something similar? I could not find it in the documentation.

要通过我们的安全检查，链接至少应该失效.

To pass our security checks the link should at least expire.

如何实现这一目标?

推荐答案

ASP.NET Identity默认情况下会根据现有用户属性生成重置令牌.这意味着当这些属性更改时，重置令牌将自动失效.这将满足您的一次性使用要求(当他们使用令牌并重置密码时，令牌将不再有效.)

ASP.NET Identity by default generates reset tokens based on existing user properties. This means that when those properties change, the reset token is automatically invalidated. This will meet your one time use requirement (when they use the token and reset their password, the token will no longer be valid).

重置令牌到期.

IUserTokenProvider的一个很好的例子是Microsoft.AspNet.Identity.Owin包中的DataProtectorTokenProvider.此类使用前面提到的基于安全标记的令牌，并允许使用TokenLifespan属性设置到期时间.有关如何实现此信息的信息查看此答案.

A good example of IUserTokenProvider is DataProtectorTokenProvider found in the Microsoft.AspNet.Identity.Owin package. This class uses the previously mentioned security stamp based tokens and allows for expiration times to be set using the TokenLifespan property. For info on how to implement this check out this answer.

这篇关于如何设置使用asp indentiy生成的密码重置链接的有效时间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！