撤销 ASP.NET Identity 2.0 中 UserTokenProvider 生成的令牌 [英] Revoke token generated by UserTokenProvider in ASP.NET Identity 2.0

问题描述

有没有办法撤销例如由用户管理器在 ASP NET Identity 2.0 中生成的电子邮件确认令牌?

Is there a way to revoke for example an email conformation token generated by an usermanager in ASP NET Identity 2.0?

背景
我想让用户可以重新发送确认电子邮件.为此，我使用以下命令生成新令牌:UserManager.GenerateEmailConfirmationTokenAsync(user.Id)，并使用新生成的令牌发送电子邮件.不幸的是，当我这样做时，以前生成的令牌仍在工作，有没有办法撤销它们?

Context
I would like to give the user the possibility to resend an confirmation email. To do this I generate a new token with: UserManager.GenerateEmailConfirmationTokenAsync(user.Id), and send an email with the new generated token. Unfortunately when I do this the previously generated tokens are still working, is there a way to revoke them?

示例代码
在 UserManager 类中:

Example code
In the UserManager class:

manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(options.DataProtectionProvider.Create("ASP.NET Identity"));

在 AccountController 中:

In the AccountController:

var user = await UserManager.FindByEmailAsync("email");

// All generated tokens below will work to confirm the email. 
// I only want the last token to be valid when confirming the email address.
var token1 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var token2 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var token3 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var token4 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var token5 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);

var result = await UserManager.ConfirmEmailAsync(user.Id, token5);

也欢迎提供有关生成令牌的存储位置以及这些令牌是如何生成的信息！

如果您能将此信息发送给我，我将不胜感激.

Information about the storage location of the generated token and how these tokens are generated are also welcome!

I will be grateful if you can send me this information.

推荐答案

默认的 UserTokenProvider 会根据用户的 SecurityStamp 生成令牌，因此在更改之前(例如用户密码更改时)，令牌将始终相同，并且保持有效.因此，如果您只想使旧令牌无效，只需调用

The default UserTokenProvider generates tokens based on the users's SecurityStamp, so until that changes(like when the user's password changes), the tokens will always be the same, and remain valid. So if you want to simply invalidate old tokens, just call

manager.UpdateSecurityStampAsync();

这篇关于撤销 ASP.NET Identity 2.0 中 UserTokenProvider 生成的令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！