Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AddDefaultTokenProviders: what is it and how to use those "default providers"?

Tags:

asp.net

asp.net-core

I found this in my Startup.cs file in ConfigureServices in a default Visual Studio 2015 ASP.NET 5 project:

services.AddIdentity<ApplicationUser, IdentityRole>()                 .AddEntityFrameworkStores<AuthorizationDbContext>()                 .AddDefaultTokenProviders();

What does it exactly do, and how to use those "default providers"? Does it configure all token-based authentication for me? Where can I read more about it?

like image 768
Piotrek Avatar asked Feb 16 '16 13:02

Piotrek

People also ask

What is a SecurityStamp in ASP net Identity and what is it used for?

The security stamp is a Guid stored in the database against the user. It gets updated when certain actions take place within the Identity UserManager class and provides a way to invalidate old tokens when an account has changed.

What is token provider?

A token provider in Windows Communication Foundation (WCF) is used for supplying credentials to the security infrastructure. The token provider in general examines the target and issues appropriate credentials so that the security infrastructure can secure the message.

What is security stamp C#?

This is a signed token which is not stored on the server. The security timestamp is used for tracking changes made to the user profile. It is used for security purposes when important properties of a user change, such as changing the password.

1 Answers

Despite their name, the token providers have nothing to do with token authentication: they are exclusively used to generate opaque tokens for account operations (like password reset or email change) and two-factor authentication.

There are currently 3 built-in providers:

  • DataProtectorTokenProvider: as the name suggests, it uses the data protection block (machine keys' equivalent in ASP.NET Core 1.0) to serialize encrypted tokens that can later be deserialized by the server.

  • EmailTokenProvider and PhoneNumberTokenProvider: these providers are derived from TotpSecurityStampBasedTokenProvider, which implements the Time-based One-time Password Algorithm (TOTP), a protocol designed to produce user-friendly and short tokens that can be sent in a SMS or in an email.

ASP.NET Core 1.0 doesn't offer native token authentication support (only token validation is supported: you can't produce your own tokens). You can read these SO posts for more information:

  • Simple JWT authentication in ASP.NET Core 1.0 Web API.
  • Web API Authentication in ASP.NET 5.
  • Configure the authorization server endpoint.
like image 115
Kévin Chalet Avatar answered Sep 18 '22 17:09

Kévin Chalet
Sign in to Comment

Related questions

Why does a call to an ASP.NET MVC Controller not execute a DelegatingHandler?
ASP.NET URL Rewriting
ASP.NET Image uploading with Resizing
Displaying a 404 Not Found Page for ASP.NET Core MVC
Longitude and latitude value from IP address
How is the order of execution for HttpModules determined?
Returning IHttpActionResult vs IEnumerable<Item> vs IQueryable<Item>
Dealing with large file uploads on ASP.NET Core 1.0
How can I compile Asp.Net Aspx Pages before loading them with a webserver?
Routing optional parameters in ASP.NET MVC 5
How to configure ASP.NET Core 1.0 to use Local IIS instead of IIS Express?
Use Browser Search (Ctrl+F) through a button in website?
Why is Asp.Net Identity IdentityDbContext a Black-Box?
How to add ASP.NET MVC5 Identity Authentication to existing database
How should I pass data between classes and application layers?
Website needs force refresh after deploy
Check that email address is valid for System.Net.Mail.MailAddress
Best Server-side .NET PDF editing library [closed]
Free ASP.Net and/or CSS Themes [closed]
Verifying event registration using Moq

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!