Token validation on webapi, cache-CodePudding

Token validation of a simple webapi, apart from the request header, cookied way above, how to use the cache way,
Below is the request header, token value in the header, the server-side validation call it verifies the validity time,
Var authHeader=context. Request. Headers. FirstOrDefault (a=& gt; A.K ey=="ApiAuthorization")

Controler:

[ApiActionAuth]
[HttpPost]

Access token methods:

Public string GetToken ()
{
.
Return the token.
}
Excuse me to cache way, how to do,

CodePudding user response:

Your so-called cache refers to throw the token to the cache is this meaning?

But this usually means.

 
String settoken () 
{
Var guid=guid. Newid (). The tostring (); 
Redishelper. Add (guid, guid, 2 hours); 
Return the guid. 
}

Then he placed the guid returned to the client

 
Return new json (new {token=settoken (), time=} now + 2 hours).

But it usually will take the userinfo to save token.

 
Redishelper. Add (guid, loginuserinfo, 2 hours);

Then generally is to take users by authHeader.

 
Var user=redishelper. Get (authHeader); 
If (user==null) 
{
Throw new exp... (" login has expired... "); 
} 
Return the user;

The realization of the whole way probably is this

CodePudding user response:

K/V token and user information and then save redis or cache and set up corresponding time expired

CodePudding user response:

To the local cache memory or third-party libraries can be,

CodePudding user response:

You're in the token into the redis,
Remember to set the expiration time

CodePudding user response:

reference 1st floor by_ love reply:

your so-called cache refers to throw the token to the cache is this meaning?

But this usually means.
 
String settoken () 
{
Var guid=guid. Newid (). The tostring (); 
Redishelper. Add (guid, guid, 2 hours); 
Return the guid. 
} 
Then he placed the guid returned to the client
 
Return new json (new {token=settoken (), time=} now + 2 hours). 
But it usually will take the userinfo to save token.
 
Redishelper. Add (guid, loginuserinfo, 2 hours); 
Then generally is to take users by authHeader.
 
Var user=redishelper. Get (authHeader); 
If (user==null) 
{
Throw new exp... (" login has expired... "); 
} 
Return the user; 
The overall implementation is probably the

Webapi service, the token encrypted string need to run the cycle, when the client request was put request head can be,

CodePudding user response:

refer to 4th floor are nu month god reply:

you the token into the redis,
Remember to set the expiration time

How to ensure the uniqueness of each user submitted, the server will decide the token which corresponds to the user

CodePudding user response:

reference 6 building intelligent vision response:

Quote: refer to 4th floor are nu month god reply:

You're in the token into the redis,
Remember to set the expiration time

How to ensure the uniqueness of each user submitted, the server will decide the token corresponding which user?

The token you also want to let the user passed to you,
You can use the model of JWT, the token is stored in the head, but also need the other two elements are encrypted,
Of course, also can give the user token, directly the client and server side to cache, set an expiration time,

CodePudding user response:

As for the uniqueness, this would be nice to solve,
Uuid + md5

CodePudding user response:

Cache Suggestions put Redis, uniqueness can use timestamp + Guid in use MD5 or Base64 add a secret