2
in the company we work we do authentication and authorization via Bearer Token in an Asp.net webapi app, but I keep some information about user permissions with Claims... and this makes Token look gigantic.
I found a way to generate the token myself, to mount a hash by extending this class Authenticationtokenprovider.
public class AccessTokenProvider: AuthenticationTokenProvider
{
public override void Create(AuthenticationTokenCreateContext context)
{
var token = Guid.NewGuid();
context.SetToken(token.ToString());
}
}
But at the time of the request this token generated by min does not work, the impression I have is that it does not identify the user by this token...
Is there any other method I need to overwrite ?
Anyway my goal is just to let my token smaller, if there is another way to do this also helps.
Hug!
After some research I implemented this way:
public class AccessTokenProvider: AuthenticationTokenProvider
{
private readonly ConcurrentDictionary<string, AuthenticationTicket> _authenticationCodes =
new ConcurrentDictionary<string, AuthenticationTicket>(StringComparer.Ordinal);
public override Task CreateAsync(AuthenticationTokenCreateContext context)
{
return Task.Run(() =>
{
var token = Guid.NewGuid().ToString();
context.SetToken(token);
_authenticationCodes.TryAdd(token, context.Ticket);
});
}
public override Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
return Task.Run(() =>
{
AuthenticationTicket ticket;
if (_authenticationCodes.TryGetValue(context.Token, out ticket))
{
if (ticket.Properties.ExpiresUtc != null && ticket.Properties.ExpiresUtc.Value < DateTime.UtcNow)
{
_authenticationCodes.TryRemove(context.Token, out ticket);
}
context.SetTicket(ticket);
}
});
}
}
but the method Receiveasync is never called.
Do you really need to create your own token? I advise looking for solutions like Oauth as they are known practices of the market.
– Rodolpho Sa
To be honest it’s not an extreme necessity, but as I showed in my reply, I was able to do.. Thank you for the comment
– rafakwolf