I have a verification token I'm using in a system (system 1). It is set to a 5 min timespan in the identityconfig.cs on the system that generates it:
manager.UserTokenProvider =
new DataProtectorTokenProvider<ApplicationUser>(
dataProtectionProvider.Create("ASP.NET Identity"))
{
TokenLifespan = TimeSpan.FromMinutes(5)
};
My question is, does the TokenLifeSpan get stored in the token string itself?
The reason I ask is this token is handed off to another system (system 2). The same identityconfig.cs setting on that system uses a 7 day lifespan. I want my token to expire after 5 mins at the point of verification on system 2.
Generation Code - System 1:
string token_string = await UserManager.GenerateUserTokenAsync("MyPurpose", user_ID);
Verification Code - System 2:
var result = await UserManager.VerifyUserTokenAsync(user_ID, "MyPurpose", token_string);
In addition, it is worth noting:
System 1 is on subdomain.mywebsitedomain.com
System 2 is on www.mywebsitedomain.com
Will this allow the token to be passed between for verification? UPDATE: This will not allow the token to be passed from system 1 to 2..The reason is the 2 sites will sign the token with their own MachineKey. This can be explicitly set in the web.config of each site to allow the tokens to pass between sites.
