Home > Net >  We do the API token validation is done with what
We do the API token validation is done with what

Time:05-09

Currently in use identity server4, library and some 3, is outside of the charge, but more simple, like auth0 stormpath, everyone is with what ah, feel identityserver4 configuration good trouble, token auth ecosystem has been asp.net a pit

CodePudding user response:

I are writing your own, you said those are used

CodePudding user response:

reference 1st floor foren_whb response:
I oneself are written, you say has not been used for the

, write their own basically flawed, security official certification or use third-party libraries and library is better, the current asp.net and there is no official library: (

CodePudding user response:

Write their own generated token and token expired

CodePudding user response:

Write all the same, the official also write,

CodePudding user response:

Now with the JWT, quite good

CodePudding user response:

The following on behalf of my personal views
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

I think do what various validation API. Really.

You see somebody else tencent of some conventional interface such as WeChat public number to send a message.

Is it not the send? Token=* * * * * * * * * * * * * * * * * * and then post a pile of data?? According to you is it safe?

As for the token expired 2 hours to the latest namely gettoken? Key=* * * * * * is finished in the. Also don't have that much bothersome.

So the somebody else all don't consider things.. What is you do this thing to consider?

CodePudding user response:

Understand the principle, write their own can also be very safe,
Don't understand, with others and may not be safe

CodePudding user response:

Looked at in the asp.net community
The core asp.net web API's personal verification is still in development, visual inspection to the third quarter, before that can only use identity server library, such as the

CodePudding user response:

I hope it can help you,
Based on ASP.NET WebApi JWT Token signature certification (release)
ASP.NET WebApi Token signature certification based on distributed Session

CodePudding user response:

FORM + Basic

CodePudding user response:

This really need not too much trouble.
In the simplest way
Password is encrypted with a rule into a token, valid for 2 hours.
That's it

CodePudding user response:

refer to 6th floor by_ love reply:
the following on behalf of my personal views
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

I think do what various validation API. Really.

You see somebody else tencent of some conventional interface such as WeChat public number to send a message.

Is it not the send? Token=* * * * * * * * * * * * * * * * * * and then post a pile of data?? According to you is it safe?

As for the token expired 2 hours to the latest namely gettoken? Key=* * * * * * is finished in the. Also don't have that much bothersome.

So the somebody else all don't consider things.. What is you do this thing to consider?


I support your point of view, and I have been thinking that what token what sign somebody else can simulate out no matter what you do no eggs with I also saw a sign encryption is only for data encryption keys thinks key values may be too big, the somebody else to modify the key value is still not passed, really is redundant
  • Related