I am implementing a security token feature in my application. You can specify an expirytime and/or max number of uses.
If both are specified then both conditions are checked, if either one is specified then just that condition is checked.
My question is, how should i handle the scenario where a token exists without expiry time or maxuses?
Should the user be authenticated, not authenticated or should an exception be thrown.
if (this.ExpireTime.HasValue && this.MaxUses.HasValue)
retval = DateTime.Now < this.ExpireTime.Value && this.Counter < this.MaxUses.Value;
else if (this.ExpireTime.HasValue)
retval = DateTime.Now < this.ExpireTime.Value;
else if (this.MaxUses.HasValue)
retval = this.Counter <= this.MaxUses.Value;
else
{
throw new ApplicationException("Invalid AuthToken: ExpireTime And MaxUses are null")
}