本文介绍了撤销令牌通过UserTokenProvider在ASP.NET 2.0身份产生的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有没有办法撤销例如ASP NET 2.0的身份通过的UserManager生成的电子邮件标记构?

Is there a way to revoke for example an email conformation token generated by an usermanager in ASP NET Identity 2.0?

上下文

我想给用户重新发送确认邮件的可能性。要做到这一点,我生成一个新的令牌: UserManager.GenerateEmailConfirmationTokenAsync(user.Id),并与生成的令牌新的发送电子邮件。不幸的是我做的时候这个previously生成的标记仍在工作,有没有办法撤销呢?

Context
I would like to give the user the possibility to resend an confirmation email. To do this I generate a new token with: UserManager.GenerateEmailConfirmationTokenAsync(user.Id), and send an email with the new generated token. Unfortunately when I do this the previously generated tokens are still working, is there a way to revoke them?

示例code

在类的UserManager:

Example code
In the UserManager class:

manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(options.DataProtectionProvider.Create("ASP.NET Identity"));

在的AccountController:

In the AccountController:

var user = await UserManager.FindByEmailAsync("email");

// All generated tokens below will work to confirm the email. 
// I only want the last token to be valid when confirming the email address.
var token1 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var token2 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var token3 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var token4 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var token5 = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);

var result = await UserManager.ConfirmEmailAsync(user.Id, token5);

有关的生成的令牌,以及如何生成这些令牌也欢迎!

的存储位置信息
我会很感激,如果你可以给我这个信息。

Information about the storage location of the generated token and how these tokens are generated are also welcome!

I will be grateful if you can send me this information.

推荐答案

默认UserTokenProvider生成基于用户的SecurityStamp令牌,所以直到改变(如用户的密码改变时),令牌将始终是相同的,并仍然有效。所以,如果你想简单无效的老令牌,只需调用manager.UpdateSecurityStampAsync()。

The default UserTokenProvider generates tokens based on the users's SecurityStamp, so until that changes(like when the user's password changes), the tokens will always be the same, and remain valid. So if you want to simply invalidate old tokens, just call manager.UpdateSecurityStampAsync().

这篇关于撤销令牌通过UserTokenProvider在ASP.NET 2.0身份产生的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-29 10:37