Linked Questions

Popular Questions

Security token expiration

Asked by At

I am implementing a security token feature in my application. You can specify an expirytime and/or max number of uses.

If both are specified then both conditions are checked, if either one is specified then just that condition is checked.

My question is, how should i handle the scenario where a token exists without expiry time or maxuses?

Should the user be authenticated, not authenticated or should an exception be thrown.

 if (this.ExpireTime.HasValue && this.MaxUses.HasValue)
        retval = DateTime.Now < this.ExpireTime.Value && this.Counter < this.MaxUses.Value;
    else if (this.ExpireTime.HasValue)
        retval = DateTime.Now < this.ExpireTime.Value;
    else if (this.MaxUses.HasValue)
        retval = this.Counter <= this.MaxUses.Value;
       throw new ApplicationException("Invalid AuthToken: ExpireTime And MaxUses are null") 

Related Questions