ASP.NET的Web API授权令牌到期早 [英] ASP.NET Web API Authorization tokens expiring early

问题描述

我已经实现安全我的网络API（个人账户）所讨论的这里。

I have implemented security for my web api (individual accounts) as discussed here.

我主持的GoDaddy的（共享主机）和它的做工精细的网站。
当我问令牌通过使用URLdomain.com/token，我得到令牌的15天内到期日期。我已将这StartupAuth.cs使用

I have hosted the website on godaddy (shared hosting) and its working fine. When I ask for token by using url "domain.com/token", I get the token with expiration date of within 15 days. I have set this in "StartupAuth.cs" using

AccessTokenExpireTimeSpan = TimeSpan.FromDays(15)

例如：

{
  "access_token":"qwertyuiop.....",
  "token_type":"bearer",
  "expires_in":1209599, 
  "userName":"user@example.com",
  ".issued":"Wed, 11 Feb 2015 01:00:00 GMT",
  ".expires":"Thu, 26 Feb 2015 01:00:00 GMT"
}

（我放值高于code，但你的.expires字段的想法。

(I put values in above code, but you get the idea of the ".expires" field.

5分钟得到令牌，当我尝试访问get或后或者通过授权在我的API的任何方法后：承载令牌头为：

5 minutes after getting the token, when I try and access "get" or "post" or any method in my API by passing authorization: bearer token in header as:

Authorization: Bearer qwertyuiop.....

我得到这个错误：

I get this error:

{"Message":"Authorization has been denied for this request."}

虽然它刚刚5分钟，令牌应该持续15天，这5分钟内到期。
当我请求任何方法得到5分钟间隔内/后，我得到与我的JSON数据适当的反应。总之，授权成功。

Although its just been 5 minutes and token is supposed to last 15 days, it expires within 5 minutes. When I request any method "get"/"post" within interval of 5 minutes, I get the proper response with my data in JSON. In short, authorization succeeds.

我已经通过的提琴手，Chrome浏览器插件，REST，并通过它使用API​​移动应用测试它重复这种行为。

I have repeated this behavior by testing it via Fiddler, REST plugin of Chrome and via the mobile app which uses the API.

我有如下会话的web.config值（我以为其相关）

I have web.config values for session as below (I thought its related)

<sessionState timeout="180" />

注意，形成未使用的验证，所以在web.config中该条超时是没有必要的。

Note that forms authentication is not used, so timeout on that section in web.config is not necessary.

任何想法是怎么回事？此超时导致其使用API​​现在，然后重新登录每一个移动应用程序的用户。任何帮助将是AP preciated。

Any idea what's going on? This timeout is causing the users of mobile apps which use the API to re-login every now and then. Any help would be appreciated.

感谢。

推荐答案

检查Web服务器，IIS中的计算机密钥可以在应用程序级别进行设置，每一个应用程序池回收你需要一个新的计算机密钥，因此生成的时间新的令牌。您可以设置在网站级别或根服务器级计算机密钥。也许这可以帮助

Check the WebServer, In IIS the Machine Key can be set at the application level, every time the app pool recycles a new Machine Key is generated hence you need a new token. You can set the Machine key on the Website level or Root Server Level. Maybe this might help

这篇关于ASP.NET的Web API授权令牌到期早的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！