asp.net身份20分钟后过期承载令牌 [英] asp.net identity expire bearer token after 20 min
问题描述
我有一个Web服务,用户可以登录到服务,并给予承载令牌。
i have a web service, users can login to service and give bearer token.
在当地的一切都是美好的,但在服务器20分钟后(共享主机,窗2012,IIS 8.5),令牌已过期!
in local everything is good, but in server (shared host, windows 2012, iis 8.5) after 20 min, token has been expired !!!
我AccessTokenExpireTimeSpan是:
my AccessTokenExpireTimeSpan is :
AccessTokenExpireTimeSpan = TimeSpan.FromDays(900),
也是我的第一个要求,我给了约5秒的延迟。是什么问题呢?
also in my first request, i give a delay about 5 sec. what is problem ?
推荐答案
我asume你在生产中有多个服务器。和ASP.NET识别正在使用的服务器的计算机密钥生成令牌承载。因此,20分钟后,你已经被重定向到另一台机器的关键另一台服务器。
I asume that you in production have multiple servers. And ASP.NET Identity is using the server's machine key to generate the token bearer. So after 20 minutes you have been "redirected" to another server with another machine key.
的一个解决方案是重写的服务器计算机密钥。对于设置在web.config机键。因此,所有服务器在同一台计算机的关键。
One solution is to override the machine key of the servers. With setting the machine key in the web.config. So all servers has the same machine key.
<machineKey validationKey="534766AC57A2A2F6A71E6F0757A6DFF55526F7D30A467A5CDE102D0B50E0B58D613C12E27E7E778D137058E" decryptionKey="7059303602C4B0B3459A20F9CB631" decryption="Auto" validation="SHA1"/>
结果
如何生成和设置机键:结果
https://technet.microsoft.com/sv -se /库/ cc755177%28V = ws.10%29.aspx
http://docs.orchardproject.net/Documentation/Setting-up-a -machine键
解决方案2 - 如果没有访问IIS
Solution 2 - If don't have access to IIS
如果你不'要修改的machineKey中的IIS或无法访问它,你可以通过在ovveriding默认设置很容易ovveride ASP.NET身份令牌提供者的 startup.cs 的文件。
If you dont' want to modify the machineKey on the IIS or doesn't have access to it you can ovveride ASP.NET Identity token provider easily by ovveriding the default settings in the startup.cs file.
这方面的一个例子,你可以在这里找到:<一href=\"https://github.com/eashi/Samples/blob/master/OAuthSample/OAuthSample/App_Start/Startup.Auth.cs\" rel=\"nofollow\">https://github.com/eashi/Samples/blob/master/OAuthSample/OAuthSample/App_Start/Startup.Auth.cs
An example of that can you find here: https://github.com/eashi/Samples/blob/master/OAuthSample/OAuthSample/App_Start/Startup.Auth.cs
这篇关于asp.net身份20分钟后过期承载令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
