Geek Answers Handbook

The carrier token becomes invalid after redeployment

We have an ASP.NET MVC 5.x WebAPI 2.x web application running under the Azure cloud service and using token authorization for REST API calls to our service.

The problem is this: every time you redeploy our application, all current tokens become invalid (the server returns an "unauthorized" response for any request).

Question: why is this happening and how to prevent this behavior?

UPD: Here is the code issuing the token:

public string GetOAuthToken(IUser user) {
    if (user  != null) {
        var identity = new ClaimsIdentity(Startup.OAuthOptions.AuthenticationType);
        identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id));
        AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
        var currentUtc = DateTime.UtcNow;
        ticket.Properties.IssuedUtc = currentUtc;
        ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromDays(36600)); //About 100 years
        string AccessToken = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket);
        return AccessToken;
    }
    return "";
}

UPD2: , , (/Token), , ( ) , "handmade". , ( /Token)?

+4
2

. , AccessTokenFormat, , machineKey . , . . Web.Config :

  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" relaxedUrlToFileSystemMapping="true" />

    <machineKey
      validationKey="YOUR VALIDATION KEY GOES HERE"
      decryptionKey="YOUR DECRYPTION KEY GOES HERE"
      validation="SHA1" decryption="AES"
    />

" 5..." : http://bitoftech.net/2014/09/24/decouple-owin-authorization-server-resource-server-oauth-2-0-web-api/

+4

, , .

. , . , , . ( ), . , , ( ), .

, : - ?

+1

More articles:


All Articles