Identity 如何知道密码重置令牌是否已被使用?
How does Identity know if a password reset token has been used?
我已成功将 ASP.NET 实施到 MVC 网站中,我很想知道 OWIN/Identity 如何知道身份标记是否已被使用。
Microsoft 上的这个 link 说:
Once a forgotten password token has been used, it's invalidated.
但是如果令牌没有存储在任何地方,这将如何执行?
来自您链接的同一页面上的文档:
The SecurityStamp field and associated code provides an extra layer of security to your app, when you change your password, you will be logged out of the browser you logged in with. The SecurityStampValidator.OnValidateIdentity method enables the app to validate the security token when the user logs in, which is used when you change a password or use the external login. This is needed to ensure that any tokens (cookies) generated with the old password are invalidated. In the sample project, if you change the users password then a new token is generated for the user, any previous tokens are invalidated and the SecurityStamp field is updated.
ASP.Identity 在后台使用自己的数据库,其中存储了有关帐户、凭据、角色或令牌验证的所有信息。结构应如下所示:
尝试使用工具连接到数据库...与其交互。
我已成功将 ASP.NET 实施到 MVC 网站中,我很想知道 OWIN/Identity 如何知道身份标记是否已被使用。
Microsoft 上的这个 link 说:
Once a forgotten password token has been used, it's invalidated.
但是如果令牌没有存储在任何地方,这将如何执行?
来自您链接的同一页面上的文档:
The SecurityStamp field and associated code provides an extra layer of security to your app, when you change your password, you will be logged out of the browser you logged in with. The
SecurityStampValidator.OnValidateIdentitymethod enables the app to validate the security token when the user logs in, which is used when you change a password or use the external login. This is needed to ensure that any tokens (cookies) generated with the old password are invalidated. In the sample project, if you change the users password then a new token is generated for the user, any previous tokens are invalidated and the SecurityStamp field is updated.
ASP.Identity 在后台使用自己的数据库,其中存储了有关帐户、凭据、角色或令牌验证的所有信息。结构应如下所示:
尝试使用工具连接到数据库...与其交互。