c# - Bearer token Authorization -

-

i having problem identity server 3 , bearer token authentication.

basically, can call web api methods expired access token , web api authenticates user , returns data.

i have set client have access token lifetime of 360 seconds , indeed case when check claim.

how go ensuring web api cannot called expired access token. need set in identityserverbearertokenauthenticationoptions?

thanks.

when request comes in first thing check if identity authenticated , authentication type "bearer". 

    private static bool requestisauthenticated(httpactioncontext actioncontext)     {         return (actioncontext.requestcontext.principal.identity.authenticationtype == "bearer" && actioncontext.requestcontext.principal.identity.isauthenticated);     }

if returns false return httpstatuscode.unauthorized.


Comments

Post a Comment

Popular posts from this blog

java - Ebean enhancement ignores a model -

-
we using avaje-agentloader enhance our ebeans. ebeans in same package. including loader, agent & base ebean library in our project (via sbt): "org.avaje" % "avaje-agentloader" % "1.1.2", "org.avaje.ebeanorm" % "avaje-ebeanorm" % "4.5.5", "org.avaje.ebeanorm" % "avaje-ebeanorm-agent" % "4.5.2", however, when loader runs enhancement, skips 1 ebean. each ebean annotated @entity , extends com.avaje.ebean.model . there seem no differences between ones enhanced , 1 not. there no includes, or extends, etc. basically, i'm wondering if has run across issue in past, or has insights. things we've tried: specifying actual classes enhanced via serverconfig.setclasses(...) specifying pakages analyse/enhance via serverconfig.addpackage(...) or setpackages(...) not specifying @ , having loader analyse all. we've set break-point @ transformer.transform , bean in questio...
Read more

ubuntu - How to disable Kernel Module Signing in linux -

-
i'm working real time scheduler developed @ university , when run "module verification failed: signature and/or required key missing - tainting kernel". i've learned might because of kernel module signing. possible dissable on ubuntu? i'm using ubuntu vmplayer. module signing enabled within kernel configuration file starting kernel version 3.7, can disable running make menuconfig within kernel source directory , deselecting module signature verification option within enable loadable kernel module menu option. after have recompile kernel.
Read more

SQL php on different pages to Insert (mysqli) -

-
i have piece of php code, works when placed on index page ( index.php ), nothing if put in page, i.e. add.php for example: having code add.php page, tried go to: www.myhost.com/add.php , nothing happen. if copy code index.php , go page www.myhost.com/index.php add row in sql table. why that? <?php $server="mysql.server.com"; $user="randomusr"; $pass="randompwd"; $db="randomdb"; $link=mysqli_connect($server, $user, $pass, $db); $result=mysqli_query($link,"select * `battery` `id`"); $query = "insert battery (id,type,owner,charge,time) values ('1','lily002','maisnow','15','2015-04-22 17:20:28')"; mysqli_query($link, $query); header("location: index.php"); //this 1 comment out when copied index.php ?> l # name type collation attributes null 1 id int(16) no ...
Read more