I have implemented security for my web avi (individual accounts), as discussed here .
I posted the site on godaddy (shared hosting) and its performance. When I request a token using the url "domain.com/token", I get a token with an expiration date of 15 days. I set this to "StartupAuth.cs" using
AccessTokenExpireTimeSpan = TimeSpan.FromDays(15)
eg:
{ "access_token":"qwertyuiop.....", "token_type":"bearer", "expires_in":1209599, "userName":" user@example.com ", ".issued":"Wed, 11 Feb 2015 01:00:00 GMT", ".expires":"Thu, 26 Feb 2015 01:00:00 GMT" }
(I am adding values ββto the code above, but you get an idea of ββthe ".expires" field.
5 minutes after receiving the token, when I try to access "get" or "post" or any method in my API, passing authorization: the token-holder in the header as:
Authorization: Bearer qwertyuiop.....
I get this error:
{"Message":"Authorization has been denied for this request."}
Although it was only 5 minutes and the token should last 15 days, it expires in 5 minutes. When I request any get / post method for 5 minutes, I get the correct answer with my data in JSON. In short, authorization failed.
I repeated this behavior by testing it through Fiddler, the REST plugin in Chrome, and through a mobile application that uses the API.
I have web.config values ββfor the session as shown below (I thought this was related)
<sessionState timeout="180" />
Please note that forms authentication is not used, so the timeout in this section in web.config is not required.
Any idea what is going on? This timeout forces mobile app users who use the API to re-enter the system from time to time. Any help would be appreciated.
Thanks.