1

I have the following code that ensures the Token lifetime span for email verification tokens expire after 14 days :-

if (Startup.DataProtectionProvider != null)
            {
                IDataProtector dataProtector = Startup.DataProtectionProvider.Create("ASP.NET Identity");

                this.UserTokenProvider = new DataProtectorTokenProvider<IdentityUser, Guid>(dataProtector)
                {
                    TokenLifespan = TimeSpan.FromDays(14)
                };
            }

In a different area of my app, I'm using mobile phone number tokens by calling the GenerateChangePhoneNumberTokenAsync(userId, phoneNumber) method of the ASP.Identity ApplicationUserManager.

The problem is that the mobile tokens are expiring after 15 minutes.

How do i change the lifetime of the mobile tokens?

Derek
  • 8,300
  • 12
  • 56
  • 88

2 Answers2

3

You need to override 

Microsoft.AspNet.Identity.UserManager.GenerateChangePhoneNumberTokenAsync

To do so please have a look here and here how to extend the UserManager first.

In GenerateChangePhoneNumberTokenAsync you need to use a custom Rfc6238AuthenticationService which has call to GenerateCode with timeStep parameter

The GenerateChangePhoneNumberTokenAsync will look like this

public class ApplicationUserManager : UserManager<YourIdentityUser, int>
{
    public ApplicationUserManager(IUserSecurityStampStore<YourIdentityUser, Guid> store)
        : base(store)
    {
    }

    // *** some other code

    public override async Task<string> GenerateChangePhoneNumberTokenAsync(Guid userId, string phoneNumber)
    {
        var user = await FindByIdAsync(userId);
        var code = CustomRfc6238AuthenticationService.GenerateCode(user.SecurityStamp, phoneNumber, "optional modifier", TimeSpan.FromDays(14));
        return code;
    }
}

and the sample implementation of custom Rfc6238AuthenticationService can be found here

Milen Stefanov
  • 180
  • 1
  • 2
  • 10
0

If you don't want to override the UserManager class, you can always grab the token after creation and adjust the ExpirationDate manually. For example, we do this in our e-mail sending logic (always refresh the token for another 24 hours if you re-send the e-mail):

// Token already created
UserToken userToken = db.UserTokens.Where(t => t.UserId == user.Id && f.IsActive).FirstOrDefault();
userToken.ExpirationDate = DateTime.Now.AddHours(24);
Meekohi
  • 10,390
  • 6
  • 49
  • 58