Click here to Skip to main content
15,846,038 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi, I am using OAuth/Owin to generate a token and when that token is sent back in the Authorization header of the request; it gets compared automatically and that's how I validate whether the request is coming from valid user or not.Token is of bearer type.

Code that is used to generate token is as below:

private string GenerateAuthToken(TelephonyLoginCdto loginDto, double tokenExpirationTimeInHours)
            //Generate AuthToken
            var identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
            identity.AddClaim(new Claim(ClaimTypes.Name, loginDto.Username));
            var currentUtc = DateTime.UtcNow;
            var props = new AuthenticationProperties()
                IssuedUtc = currentUtc,
                ExpiresUtc = currentUtc.Add(TimeSpan.FromHours(tokenExpirationTimeInHours))
            var ticket = new AuthenticationTicket(identity, props);
            var accessToken = StartUp.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
            return accessToken;

An external system would consume my API. Flow would be: 1. External system hits login api first. Login api returns a token. 2. External system use that token and pass it in another request Authorization header to do some update using another method of the API.

They can repeat the above process many times in a day say 5~6 times.They come and hit login; get token. Use that token to do some operation by calling save/get methods of API.

My problem is when external system is not hitting any of my API methods for a longer period of time and is idle. Now if external system has to hit the API to do something they need to hit login API again in order to get the token and then consume other methods of API. If they do it more frequently say within 10~15 minutes it take only 1~2 seconds to return the token but if they do it say after 2~2.5 hours my login API taken 30 seconds to return the token.

I am not doing any refresh token mechanism and kind of thinking is it taking this much of time because so many token are already generated and owin is trying to clean the server and then given token. I am not sure what is the problem. Can someone help?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900