Asp.net core identity custom token provider TokenLifeSpan does not work when hosted in IIS RRS feed

  • Question

  • User-460357526 posted

    I have an asp.net core 3.1 MVC project with IdentityServer4.AspNetIdentity 3.1.2. When a user has created, an email with a link including confirming email token is sent using worker service to the user's email address. (Note - token is created from asp.net core MVC project, only the email sending part is handled with the worker service)

    A custom email confirmation token provider is used to generate the token with the TokenLifeSpan of 1 day and other default DataProtectionTokenProviders' TokenLifeSpans are set to 2 hours. When asp.net core MVC application is hosted in IIS, the token expires before the specified token life span (expires before 1 hour). But, when the visual studio, Project option is selected in the Launch section (launches with Kestrel) token life span duration works properly.

    The code used for registering custom token providers and life spans are mentioned below.

                  options.Password.RequiredLength = 8;
                  options.Password.RequireNonAlphanumeric = false;
                  options.Password.RequireLowercase = false;
                  options.Password.RequireUppercase = false;
                  options.Password.RequireDigit = false;
                  options.Tokens.EmailConfirmationTokenProvider = "CustomEmailConfirmation";
                  options.Lockout.MaxFailedAccessAttempts = config.GetValue<int>("IdentityServerConfigurations:MaxFailedAccessAttempts");
              services.Configure<DataProtectionTokenProviderOptions>(opt =>
                 opt.TokenLifespan = TimeSpan.FromHours(2));
              services.Configure<CustomEmailConfirmationTokenProviderOptions>(opt =>
              opt.TokenLifespan = TimeSpan.FromDays(1));

    Please help me with this issue.
    Monday, May 24, 2021 6:08 AM

All replies