Reputation: 16512
How to handle invalid bearer tokens
I have an ASP.NET MVC website and a Web API 2 project.
I use a bearer token that I store in the identity claims to identify a user on the API.
It works but I noticed that when I use a different server for the API, all the tokens are invalid.
I'm confused about what to do when a token is invalid (because it's a different server or because it's expired).
How are we supposed to handle that?
For the expired token, I guess I could store the expiration date and ask for a new token or implement the OAuth2 Refresh Tokens. But for the other scenario, I don't know what to do.
Thank you
Upvotes: 0
Views: 452
Answers (1)
Reputation: 4763
If you have different server for the API, you have to be sure that all WebConfig files have the same machineKey tag. In case of Windows Azure you can change the web.config file deployed.
<system.web>
...
<machineKey validationKey="57B449BBA8F9E656087FF7848727E122C5F5966F65AC0FC25FB3532193B59CFCD13B370883FFC184C1F1500638F33E6F67B37CAED1D9BC65BBC6CFFB232BFD0B" decryptionKey="6D9FBE88D16B3FA5B5E6B37460BBE50DA85D5B4C482159006B5A337C58AA9E79" validation="SHA1" decryption="AES" />
...
</system.web>
Use this machine Key Generator. Token is created based on the machineKey, so you have to be sure that this field is identical. If not, the token created on one project will not be valid for the other.
Upvotes: 1
Related Questions
- How to do some actions in .net core web api side when receives an invalid token (API is decorated with [authorize] attribute)?
- How to invalidate bearer token at server
- .NET Web API 2 OWIN Bearer Token Authentication direct call
- How do I use bearer Tokens with MVC 6 API?
- Bearer token in MVC controller to access Web API
- Handle bad access_token sent through request using Web API 2 C#
- Explicitly token validation
- How to make Bearer token invalid
- How to force Invalid Bearer token in web api?
- How do you invalidate an ASP.Net Web API 2 Bearer token?