access_token在几个小时内过期并发送未经授权的访问错误 - ASP.net web API

Question

我们开发了一个iOS应用程序，使用visual 2013 apache Cordova工具及其使用web API（ASP.net web API 2）进行身份验证服务器。 access_token失效日期默认设置为14天，但是，在几个小时后，此令牌将过期并发送未经授权的访问错误。 当前令牌和用户名存储在本地存储器中。

公共无效ConfigureAuth（IAppBuilder应用） { //配置分贝上下文和用户管理器使用每个请求 app.CreatePerOwinContext（ApplicationDbContext.Create）的单个实例; app.CreatePerOwinContext（ApplicationUserManager.Create）;

 // Enable the application to use a cookie to store information for the signed in user 
     // and to use a cookie to temporarily store information about a user logging in with a third party login provider 
     app.UseCookieAuthentication(new CookieAuthenticationOptions()); 
     app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); 

     // Configure the application for OAuth based flow 
     PublicClientId = "self"; 
     OAuthOptions = new OAuthAuthorizationServerOptions 
     { 
      TokenEndpointPath = new PathString("/Token"), 
      Provider = new ApplicationOAuthProvider(PublicClientId), 
      AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), 
      AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), 
      AllowInsecureHttp = true 

     }; 

     // Enable the application to use bearer tokens to authenticate users 
     app.UseOAuthBearerTokens(OAuthOptions); 

}

Answer 1

如果您使用IIS，确保“计算机密钥”功能在您的web.config文件中正确配置。

您可以使用此PowerShell脚本生成新的静态密钥：

# Generates a <machineKey> element that can be copied + pasted into a Web.config file. 
function Generate-MachineKey { 
    [CmdletBinding()] 
    param (
    [ValidateSet("AES", "DES", "3DES")] 
    [string]$decryptionAlgorithm = 'AES', 
    [ValidateSet("MD5", "SHA1", "HMACSHA256", "HMACSHA384", "HMACSHA512")] 
    [string]$validationAlgorithm = 'HMACSHA256' 
) 
    process { 
    function BinaryToHex { 
     [CmdLetBinding()] 
     param($bytes) 
     process { 
      $builder = new-object System.Text.StringBuilder 
      foreach ($b in $bytes) { 
       $builder = $builder.AppendFormat([System.Globalization.CultureInfo]::InvariantCulture, "{0:X2}", $b) 
      } 
      $builder 
     } 
    } 
    switch ($decryptionAlgorithm) { 
     "AES" { $decryptionObject = new-object System.Security.Cryptography.AesCryptoServiceProvider } 
     "DES" { $decryptionObject = new-object System.Security.Cryptography.DESCryptoServiceProvider } 
     "3DES" { $decryptionObject = new-object System.Security.Cryptography.TripleDESCryptoServiceProvider } 
    } 
    $decryptionObject.GenerateKey() 
    $decryptionKey = BinaryToHex($decryptionObject.Key) 
    $decryptionObject.Dispose() 
    switch ($validationAlgorithm) { 
     "MD5" { $validationObject = new-object System.Security.Cryptography.HMACMD5 } 
     "SHA1" { $validationObject = new-object System.Security.Cryptography.HMACSHA1 } 
     "HMACSHA256" { $validationObject = new-object System.Security.Cryptography.HMACSHA256 } 
     "HMACSHA385" { $validationObject = new-object System.Security.Cryptography.HMACSHA384 } 
     "HMACSHA512" { $validationObject = new-object System.Security.Cryptography.HMACSHA512 } 
    } 
    $validationKey = BinaryToHex($validationObject.Key) 
    $validationObject.Dispose() 
    [string]::Format([System.Globalization.CultureInfo]::InvariantCulture, 
     "<machineKey decryption=`"{0}`" decryptionKey=`"{1}`" validation=`"{2}`" validationKey=`"{3}`" />", 
     $decryptionAlgorithm.ToUpperInvariant(), $decryptionKey, 
     $validationAlgorithm.ToUpperInvariant(), $validationKey) 
    } 
} 

要获取生成，将machineKey在一个新的PowerShell窗口，它会生成一个新的machineKey节为您服务。

PS> Generate-MachineKey 
<machineKey decryption="AES" decryptionKey="..." validation="HMACSHA256" validationKey="..." />