I'm junior in Web api development. I have implemented token-based authentication to my web api project. I have set token expire time with 14 days.
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true,
Provider = new AuthorizationServerProvider()
};
The application host in a web host. Even token expire time is 14 days. After some minutes, I send request with token, the response come with unauthorized status code.
I have search about the problem. The problem could be about machine key in ISS.
The following questions , Could you answer? I really wonder them.
- Do the tokens encoded or decoded by the machine key in ISS ?
- How can I get the machine key ?
- Is it safe way that writing the machine key in web.config file?
How can I solve the problem ? Could anyone help me about it ?
Thanks for your kind interest. Best Regards.
You can take machine key in IIS. You have to add machine key under system.web tag in your web.config file.