c# - Bearer token Authorization -
i having problem identity server 3 , bearer token authentication.
basically, can call web api methods expired access token , web api authenticates user , returns data.
i have set client have access token lifetime of 360 seconds , indeed case when check claim.
how go ensuring web api cannot called expired access token. need set in identityserverbearertokenauthenticationoptions
?
thanks.
when request comes in first thing check if identity authenticated , authentication type "bearer".
private static bool requestisauthenticated(httpactioncontext actioncontext) { return (actioncontext.requestcontext.principal.identity.authenticationtype == "bearer" && actioncontext.requestcontext.principal.identity.isauthenticated); }
if returns false return httpstatuscode.unauthorized.
Comments
Post a Comment