ASP.NET-MVC – IdentityServer MVC token expire

I am new to Identity Server, and I am missing a key concept in my understanding.
I am using the code from the MVC tutorial.

If I Use the attribute [Authorize] to decorate my Home controller and visit my website, I will be redirected to IdentityServer. Then I use my username and password to log in. Then I use some custom code and authenticate. I get an AccessToken , And then I can access the Home controller.

My client settings are as follows:

new Client {
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets = new List{new Secret("secret".Sha256())},
RequireConsent = false,
AccessTokenLifetime = 1,

// where to redirect to after login
RedirectUris = new List{"http://localhost:5002/signin -oidc"},

// where to redirect to after logout
PostLogoutRedirectUris = new List{"http://localhost:5002"},

AllowedScopes = new List
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.OfflineAccess.Name,
}
}

My The access token is

{
"nbf": 1474697839,
"exp": 1474697840,
"iss": "http: //localhost:5000",
"aud": "http://localhost:5000/resources",
"client_id": "mvc",
"scope": [
"openid",
"profile"
],
"sub": "26296",
"auth_time": 1474697838,
"idp": " local",
"amr": [
"pwd"
]
}

When I set AccessTokenLifetime to 1, my token is in It will be invalidated when it is sent to call the API etc. But I can still access the website.

What is the best way to let the MVC website confirm that my token has not expired? This may be where the refresh token comes in.

Note that
AccessTokenLifetime is set to 1 for testing only, so I can test quickly.

Maybe this is the case?

var user = HttpContext.Current.User.Identity;
if (!user.IsAuthenticated)

I am new to Identity Server, and I am missing a key concept in my understanding.
I am using the code of the MVC tutorial.

If I decorate me with the attribute [Authorize] Home controller and visit my website, I will be redirected to IdentityServer. Then I log in with my username and password. Then I use some custom code and authenticate. I get an AccessToken and then I can access the Home control

My client settings are as follows:

new Client {
ClientId = "mvc",
ClientName = " MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets = new List{new Secret("secret".Sha256())},
RequireConsent = false,
AccessTokenLifetime = 1,

// where to redirect to after login
RedirectUris = new List{"http://localhost:5002/signin-oidc"},

// where to redirect to after logout
PostLogoutRedirectUris = new List{"http://localhost:5002"},

AllowedScopes = new List
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.OfflineAccess.Name,
}
}

My access token is

{
"nbf": 1474697839,
"exp": 1474697840,
"iss": "http://localhost:5000",
"aud": "http://localhost:5000/resources",
"client_id": "mvc",
"scope": [
"openid",
"profile"
],
"sub": "26296",
"auth_time": 1474697838,
"idp": "local",
"amr": [
"pwd"
]
}

When I set AccessTokenLifetime to 1, my token will be invalid when it is sent to call API etc. But I can still Visit the website.

What is the best way to let the MVC website confirm that my token has not expired? This may be where the refresh token comes in.

Note
AccessTokenLifetime is set to 1 for testing only, so I can test quickly.

Maybe so?

var user = HttpContext.Current.User.Identity;
if (!user.IsAuthenticated)

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 2103 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.