net Identity in my MVC 5 application and it works well. But few things i am not clear in Asp.net identity system.
1.How Authentication token (cookie) is getting validated?
Ans: You can find the Startup.Auth.cs file in App_Start Folder where this logic is implemented:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseCookieAuthenticatin enables your application to use cookieAuthention and validate the cookies too , you can also create your own logic to validate your cookie .
If the user uses old Authentication cookie (i.e User may got this by previous login) how Asp.net will detect this?
Ans: It ignores the cookie which are expired and You can define the the expiration time of your cookie in CookieAuthenticationOptions using the below code:
ExpireTimeSpan = TimeSpan.FromHours(1),
