Identity Framework test if confirm email token is expired

后端 未结 3 1509
死守一世寂寞
死守一世寂寞 2021-02-07 05:18

Is it possible to test whether a confirm email token is expired using Identity Framework\'s UserManager? No matter what the error is, from the following:

         


        
3条回答
  •  野性不改
    2021-02-07 05:44

    I found a way to parse the token for the date issued, which you can then check to see if is within the allowed timespan (default of 24hours if not specified).

    Identity.cs

    ApplicationUserManager

    public IDataProtector Protector { get; set; }
    
    public TimeSpan TokenLifespan { get; set; }
    

    ApplicationUserManager Create()

    // Explicitly set token expiration to 24 hours. 
    manager.TokenLifespan = TimeSpan.FromHours(24);
    var dataProtectionProvider = options.DataProtectionProvider;
    manager.Protector = dataProtectionProvider.Create("ASP.NET Identity");
    
    if (dataProtectionProvider != null)
    {
        manager.UserTokenProvider =
            new DataProtectorTokenProvider(dataProtectionProvider.Create("ASP.NET Identity"))
            {
                TokenLifespan = manager.TokenLifespan
            };
    }
    

    AccountController.cs

    public async Task ConfirmEmail(string Code, string UserId)
    {
    // Try/catch, validation, etc.
    var tokenExpired = false;
    var unprotectedData = UserManager.Protector.Unprotect(Convert.FromBase64String(Code));
    var ms = new MemoryStream(unprotectedData);
    using (BinaryReader reader = new BinaryReader(ms))
    {
        var creationTime = new DateTimeOffset(reader.ReadInt64(), TimeSpan.Zero);
        var expirationTime = creationTime + UserManager.TokenLifespan;
        if (expirationTime < DateTimeOffset.UtcNow)
        {
            tokenExpired = true;
        }
     }
     // Do something if token is expired, else continue with confirmation
    }
    

    I found this blog post and Nkosi's answer to be extremely helpful, and if you want to go through the Identity source code, Microsoft has it here (The previous versions of Identity for MVC5 and lower here). Also, I apologize if its in poor form to answer a question that you, yourself put a bounty on, but I couldn't help but continue looking for a better solution.

提交回复
热议问题