ASP.NET标识的IUserSecurityStampStore<TUser>接口是什么?查看ASP.NET标识(ASP.NET中的新成员关系实现),我在实现自己的接口时遇到了这个接口UserStore://Microsoft.AspNet.Identity.Core.dllnamespace Microsoft.AspNet.Identity{
public interface IUserSecurityStampStore<TUser> :
{
// Methods
Task<string> GetSecurityStampAsync(TUser user);
Task SetSecurityStampAsync(TUser user, string stamp);
}}IUserSecurityStampStore在默认情况下实现。EntityFramework.UserStore<TUser>从本质上获取并设置TUser.SecurityStamp财产。经过进一步的挖掘,似乎SecurityStamp是Guid中的关键点新生成的UserManager(例如,更改密码)。除了这个,我不能破译更多的代码,因为我正在检查这段代码反射器..几乎所有的符号和异步信息都被优化了。此外,谷歌对此也没有多大帮助。问题如下:什么是SecurityStamp在ASP.NET标识中,它用于什么?是否SecurityStamp在创建身份验证cookie时扮演什么角色?是否需要采取任何安全措施或预防措施?例如,不要将此值向下发送给客户端?这里有源代码:https://github.com/aspnet/Identity/https://github.com/aspnet/Security/
3 回答
MM们
TA贡献1886条经验 获得超2个赞
更新为2.0.0。SecurityStamp
OnValidateIdentityCookieMiddlewareSecurityStamprefreshInterval
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider {
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}});UserManager.UpdateSecurityStampAsync(userId);
隔江千里
TA贡献1906条经验 获得超10个赞
services.Configure<SecurityStampValidatorOptions>(o => o.ValidationInterval = TimeSpan.FromSeconds(10));
- 3 回答
- 0 关注
- 497 浏览
添加回答
举报
0/150
提交
取消