我已成功将 ASP.NET 实现到 MVC 网站中,并且很想知道 OWIN/Identity 如何知道身份 token 是否已被使用。
这link微软说:
Once a forgotten password token has been used, it's invalidated.
但是如果 token 没有存储在任何地方,如何执行呢?
最佳答案
来自您链接的同一页面上的文档:
The SecurityStamp field and associated code provides an extra layer of security to your app, when you change your password, you will be logged out of the browser you logged in with. The
SecurityStampValidator.OnValidateIdentitymethod enables the app to validate the security token when the user logs in, which is used when you change a password or use the external login. This is needed to ensure that any tokens (cookies) generated with the old password are invalidated. In the sample project, if you change the users password then a new token is generated for the user, any previous tokens are invalidated and the SecurityStamp field is updated.
关于c# - Identity 如何知道密码重置 token 是否已被使用?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57460649/