在 ASP.NET Core Identity 中创建寿命较短的较短令牌 [英] Create shorter tokens with small lifespan in ASP.NET Core Identity

问题描述

使用 ASP.NET Core 3.1 我正在创建用户的电子邮件确认令牌以通过电子邮件发送:

String token = await _userManager.GenerateEmailConfirmationTokenAsync(user);

我得到以下信息:

<预> <代码> CfDJ8IjJLi0iO61KsS5NTyS4wJkSvCyzEDUBaVlXCkbxz6zwI1LocG8 + WPubx5Rvoi4tFuiWAVFut4gfTnhgsdihE0gY + o7JyJrNtfXmzGLnczwbKZ3Wwy15 + IUEi1h2qId72IRKvFqBSFv7rJdECSR/thZphpTQm7EnOuAA7loHlQFRWuMUVBce8HUsv1odbLNsKQ ==

如何创建寿命较短的较短令牌而不是巨大令牌?

解决方案

如果我理解这个问题，您正在考虑更换一个 TokenProvider，这可以在服务容器配置阶段完成

TokenProvider.cs

公共类TokenProvider:IUserTwoFactorTokenProvider{公共任务<字符串>GenerateAsync(字符串目的，UserManager manager，IdentityUser 用户){//在此处生成您的令牌}公共任务ValidateAsync(字符串目的，字符串令牌，UserManager manager，IdentityUser 用户){//在此处验证您的令牌}公共任务CanGenerateTwoFactorTokenAsync(UserManager manager, IdentityUser 用户){//检查用户是否有电子邮件并且已被确认.或者做你自己的逻辑}}

在构建时注入你的容器

services.AddIdentityCore(o =>{o.Tokens.EmailConfirmationTokenProvider = "MyTokenProvider";}).AddEntityFrameworkStores().AddTokenProvider<TokenProvider>(MyTokenProvider");

或在运行时:

_userManager.RegisterTokenProvider(um.Options.Tokens.ChangeEmailTokenProvider, new TokenProvider());String token = await _userManager.GenerateEmailConfirmationTokenAsync(user);

默认情况下有一些令牌提供程序可供您使用(电子邮件、PhoneNumber 和 Authenticator 是一些)，您可以探索和构建.据我所知，EmailTokenProvider 将实际代码生成推迟到 TotpSecurityStampBasedTokenProvider 您可以探索并查看是否可以通过使用 TOTP 算法实现

Using ASP.NET Core 3.1 I am creating an User's Email confirmation token to send by email:

String token = await _userManager.GenerateEmailConfirmationTokenAsync(user);

And I get the following:

CfDJ8IjJLi0iO61KsS5NTyS4wJkSvCyzEDUBaVlXCkbxz6zwI1LocG8+WPubx5Rvoi4tFuiWAVFut4gfTnhgsdihE0gY+o7JyJrNtfXmzGLnczwbKZ3Wwy15+IUEi1h2qId72IRKvFqBSFv7rJdECSR/thZphpTQm7EnOuAA7loHlQFRWuMUVBce8HUsv1odbLNsKQ==

How can I create shorter tokens with a small lifespan instead of huge tokens?

解决方案

If I understand the problem, you're looking at swapping out a TokenProvider, which can either be done at service container configuration stage

TokenProvider.cs

public class TokenProvider : IUserTwoFactorTokenProvider<IdentityUser>
    {
        public Task<string> GenerateAsync(string purpose, UserManager<IdentityUser> manager, IdentityUser user)
        {
            // generate your token here
        }

        public Task<bool> ValidateAsync(string purpose, string token, UserManager<IdentityUser> manager, IdentityUser user)
        {
            // validate your token here
        }

        public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<IdentityUser> manager, IdentityUser user)
        {
            // check if user has email and it's been confirmed. or do your own logic
        }
    }

inject into your container at build time

services.AddIdentityCore<IdentityUser>(o =>
{
    o.Tokens.EmailConfirmationTokenProvider = "MyTokenProvider";
}).AddEntityFrameworkStores<IdentityDbContext>()
.AddTokenProvider<TokenProvider>("MyTokenProvider");

or at run time:

_userManager.RegisterTokenProvider(um.Options.Tokens.ChangeEmailTokenProvider, new TokenProvider());
String token = await _userManager.GenerateEmailConfirmationTokenAsync(user);

there are a few token providers available to you by default (Email, PhoneNumber and Authenticator being some), which you can explore and build upon. As far as I can see the source, EmailTokenProvider defers actual code generation to TotpSecurityStampBasedTokenProvider which you can explore and see if your lifetime requirement can be changed by playing with the TOTP algorithm it implements

这篇关于在 ASP.NET Core Identity 中创建寿命较短的较短令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！