ASP.NET 2.0 identifier. Is the expiration time stored in tokens and different subdomains

Question

ASP.NET 2.0 identifier. Is the expiration time stored in tokens and different subdomains

I have a validation token that I use on the system ( system 1). It is installed in 5 minutes in identityconfig.csthe system that generates it:

manager.UserTokenProvider =
    new DataProtectorTokenProvider<ApplicationUser>(
        dataProtectionProvider.Create("ASP.NET Identity"))
    {
        TokenLifespan = TimeSpan.FromMinutes(5)
    };

My question is, does `TokenLifeSpan`the token store in the string itself?

I ask that this token be transferred to another system ( system 2). In the same setup, identityconfig.csthis system uses a life time of 7 days . I want my token to expire after 5 minutes at the confirmation point on system 2.

Generation Code - System 1:

string token_string = await UserManager.GenerateUserTokenAsync("MyPurpose", user_ID);

Confirmation Code - System 2:

var result = await UserManager.VerifyUserTokenAsync(user_ID, "MyPurpose", token_string);

It is also worth noting: system 1located on subdomain.mywebsitedomain.com system 2located onwww.mywebsitedomain.com

Will this token allow me to pass the test? UPDATE: this will not allow the token to be transferred from the system 1 to 2. The reason is that 2 sites will sign the token using their MachineKey. This can be explicitly set in the web.config of each site to allow tokens to pass between sites.

+4

c # asp.net asp.net-mvc asp.net-identity owin

scgough Feb 28 '17 at 14:02

source share

No one has answered this question yet.

See similar questions:

1

How to update claims in a subdomain if an authentication token is created by the parent domain

0

AccessToken generated in MVC application is not valid in Crossdomain API

or similar:

73