As title, using Owin implement OAuth2, generate access_token after deposited in the database? How to validate the database?
I'll find a lot of information, simply use ClaimsIdentity in many articles, and then the controller and the Authorize attribute,
Not lasting token to the database or the cache server, only the user information in the memory, when using nginx, load balance, the client is certainly not normal visit, may I ask a little mess, but I hope you can answer my question,

CodePudding user response:

Look at a lot of examples, is aimed at a single server, haven't seen a distributed solution, very curious, how do you do not use asp.net identity to realize a filter?

CodePudding user response:

Check some information today, found that the access token does not need to do persist, refresh token only need, the access token itself contains the user information, owin just use user information machine key encryption then use base64 conversion, but when the license server and resource server is not the same machine, need additional configuration, currently looking for how to yourself with other encryption algorithm to encrypt and decrypt accesstoken,

CodePudding user response:

The original poster to solve problems of distributed?

CodePudding user response:

He make one, I use a encryption + redis implementation

CodePudding user response:

reference 4 floor qq271136248 response:

make a, I use a encryption + redis implementation

Really should use redis buffer implementation, such as
After all token is expired, database, does not make sense, also increase the trouble in reading and writing,