Asp Identity 2 - Change Expiry Time for Mobile Token

Question

I have the following code that ensures the Token lifetime span for email verification tokens expire after 14 days :-

if (Startup.DataProtectionProvider != null)
         


        

Answer 1

If you don't want to override the UserManager class, you can always grab the token after creation and adjust the ExpirationDate manually. For example, we do this in our e-mail sending logic (always refresh the token for another 24 hours if you re-send the e-mail):

// Token already created
UserToken userToken = db.UserTokens.Where(t => t.UserId == user.Id && f.IsActive).FirstOrDefault();
userToken.ExpirationDate = DateTime.Now.AddHours(24);

Answer 2

You need to override

Microsoft.AspNet.Identity.UserManager.GenerateChangePhoneNumberTokenAsync

To do so please have a look here and here how to extend the UserManager first.

In GenerateChangePhoneNumberTokenAsync you need to use a custom Rfc6238AuthenticationService which has call to GenerateCode with timeStep parameter

The GenerateChangePhoneNumberTokenAsync will look like this

public class ApplicationUserManager : UserManager<YourIdentityUser, int>
{
    public ApplicationUserManager(IUserSecurityStampStore<YourIdentityUser, Guid> store)
        : base(store)
    {
    }

    // *** some other code

    public override async Task<string> GenerateChangePhoneNumberTokenAsync(Guid userId, string phoneNumber)
    {
        var user = await FindByIdAsync(userId);
        var code = CustomRfc6238AuthenticationService.GenerateCode(user.SecurityStamp, phoneNumber, "optional modifier", TimeSpan.FromDays(14));
        return code;
    }
}

and the sample implementation of custom Rfc6238AuthenticationService can be found here