在ASP.NET Core Identity中创建寿命短的较短令牌 [英] Create shorter tokens with small lifespan in ASP.NET Core Identity
问题描述
使用ASP.NET Core 3.1,我正在创建要通过电子邮件发送的用户电子邮件确认令牌:
字符串令牌=等待_userManager.GenerateEmailConfirmationTokenAsync(user);
我得到以下信息:
<预> <代码> CfDJ8IjJLi0iO61KsS5NTyS4wJkSvCyzEDUBaVlXCkbxz6zwI1LocG8 + WPubx5Rvoi4tFuiWAVFut4gfTnhgsdihE0gY + o7JyJrNtfXmzGLnczwbKZ3Wwy15 + IUEi1h2qId72IRKvFqBSFv7rJdECSR/thZphpTQm7EnOuAA7loHlQFRWuMUVBce8HUsv1odbLNsKQ ==如何创建寿命较短的代币,而不是较大的代币?
如果我理解此问题,那么您正在寻找换出TokenProvider的方法,该方法可以在服务容器配置阶段完成
TokenProvider.cs
公共类TokenProvider:IUserTwoFactorTokenProvider< IdentityUser>{公共任务< string>GenerateAsync(字符串用途,UserManager< IdentityUser>管理器,IdentityUser用户){//在这里生成您的令牌}公共任务< bool>ValidateAsync(字符串用途,字符串令牌,UserManager< IdentityUser>管理器,IdentityUser用户){//在这里验证您的令牌}公共任务< bool>CanGenerateTwoFactorTokenAsync(UserManager< IdentityUser>管理员,IdentityUser用户){//检查用户是否有电子邮件,并且已经确认.或做你自己的逻辑}}
在构建时注入您的容器
services.AddIdentityCore< IdentityUser>(o =>{o.Tokens.EmailConfirmationTokenProvider ="MyTokenProvider";}).AddEntityFrameworkStores< IdentityDbContext>().AddTokenProvider< TokenProvider>("MyTokenProvider");
或在运行时:
_userManager.RegisterTokenProvider(um.Options.Tokens.ChangeEmailTokenProvider,new TokenProvider());字符串令牌=等待_userManager.GenerateEmailConfirmationTokenAsync(user);
默认情况下,您可以使用一些令牌提供程序( 电子邮件
, Authenticator
等),您可以在其上进行探索和构建.据我所见, EmailTokenProvider
将实际的代码生成推迟到它实现的TOTP 算法
Using ASP.NET Core 3.1 I am creating an User's Email confirmation token to send by email:
String token = await _userManager.GenerateEmailConfirmationTokenAsync(user);
And I get the following:
CfDJ8IjJLi0iO61KsS5NTyS4wJkSvCyzEDUBaVlXCkbxz6zwI1LocG8+WPubx5Rvoi4tFuiWAVFut4gfTnhgsdihE0gY+o7JyJrNtfXmzGLnczwbKZ3Wwy15+IUEi1h2qId72IRKvFqBSFv7rJdECSR/thZphpTQm7EnOuAA7loHlQFRWuMUVBce8HUsv1odbLNsKQ==
How can I create shorter tokens with a small lifespan instead of huge tokens?
If I understand the problem, you're looking at swapping out a TokenProvider, which can either be done at service container configuration stage
TokenProvider.cs
public class TokenProvider : IUserTwoFactorTokenProvider<IdentityUser>
{
public Task<string> GenerateAsync(string purpose, UserManager<IdentityUser> manager, IdentityUser user)
{
// generate your token here
}
public Task<bool> ValidateAsync(string purpose, string token, UserManager<IdentityUser> manager, IdentityUser user)
{
// validate your token here
}
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<IdentityUser> manager, IdentityUser user)
{
// check if user has email and it's been confirmed. or do your own logic
}
}
inject into your container at build time
services.AddIdentityCore<IdentityUser>(o =>
{
o.Tokens.EmailConfirmationTokenProvider = "MyTokenProvider";
}).AddEntityFrameworkStores<IdentityDbContext>()
.AddTokenProvider<TokenProvider>("MyTokenProvider");
or at run time:
_userManager.RegisterTokenProvider(um.Options.Tokens.ChangeEmailTokenProvider, new TokenProvider());
String token = await _userManager.GenerateEmailConfirmationTokenAsync(user);
there are a few token providers available to you by default (Email
, PhoneNumber
and Authenticator
being some), which you can explore and build upon. As far as I can see the source, EmailTokenProvider
defers actual code generation to TotpSecurityStampBasedTokenProvider
which you can explore and see if your lifetime requirement can be changed by playing with the TOTP algorithm it implements
这篇关于在ASP.NET Core Identity中创建寿命短的较短令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!