Question how to check token if expired before land to page?

khenaya

New member
Joined
Feb 10, 2020
Messages
1
Programming Experience
10+
how to check token if expired before land to page (MVC) (CORE)
we need to check first the token embeded to a link accessed by email link,
then it will go to reset password. but it doesn't check if the token is expired.
so how to check if token is expired before landing to page?
 

jmcilhinney

C# Forum Moderator
Staff member
Joined
Apr 23, 2011
Messages
2,616
Location
Sydney, Australia
Programming Experience
10+
How did you create the token? Are you using Identity? If so then I don't think you can and you may as well not bother anyway. The token might expire between when you display the page and later attempt to reset the password so you will have to account for that anyway, so you may as well rely on just that. That's what we do in our latest app that uses Identity.
 

Sheepings

Senior Programmer
Joined
Sep 5, 2018
Messages
844
Location
UK
Programming Experience
10+

jmcilhinney

C# Forum Moderator
Staff member
Joined
Apr 23, 2011
Messages
2,616
Location
Sydney, Australia
Programming Experience
10+
Why can't you use the DataProtectionTokenProviderOptions.TokenLifespan Property (Microsoft.AspNetCore.Identity) for that

If you only want to know if the token has expired, that's what that't for.
That's to specify how long after a token is generated that it expires. It doesn't tell you whether any particular token has expired. The generic UserManager class has methods to verify various types of tokens but password reset tokens are not among them. Not sure whether you can call VerifyUserTokenAsync if you can specify the appropriate purpose value but I'm guessing not.
 

Sheepings

Senior Programmer
Joined
Sep 5, 2018
Messages
844
Location
UK
Programming Experience
10+
I disagree. That would depend how you implemented it. It's not impossible to check if a token has passed its timespan, and if it has, it would and should be considered invalid. .TokenLifespan = TimeSpan.FromHours(6); You also won't be able to write the logic for the later without a tokenlifespan being set.

You also wouldn't check if a token has expired before landing on a page. It would generally be the landing page that would determine if a token is invalid or expired.

The question being asked is ridiculously broad. With no code to show, the responses will be just as vague.

Doing the research shows many implementations when searching c# using "TokenLifespan" to check if token expired online.
 
Top Bottom