Token Based Authentication in ASP.Net using JWTs Part 2: Using Refresh Tokens

In Part 1 we setup basic token authentication using JWT’s with  Things are setup reasonably but all is not well.  As a developer, you could give the token a lifespan of 30 days and just force the user to re-login after those days but what if you make the user inactive and don’t want him to login anymore?  There must be better way.AJ

Generally, I token has a lifetime of about an hour and when it expires, we want to refresh that token, verifying that the user still has access to the system, etc.  The method that this is handled is using refresh tokens.  A refresh token is returned along with the normal token and it’s stored for when we must refresh normal token.

Starting from our previous app, let’s support refresh tokens.  Note, the completed code for this blog can be found here.

This will require us to track refresh tokens in our database, so first, let’s create the RefreshToken model.

Continue reading “Token Based Authentication in ASP.Net using JWTs Part 2: Using Refresh Tokens”

ASP.Net Identity EF Users Primary Key Change

misc1Recently, I worked on converting a .Net API from a 3rd party authentication mechanism to internal and we chose to use the Identity framework.  By default, Identity uses a string as the primary key for the AspNetUsers table and that was an issue because our current users table used a long (and there were a lot of foreign key references to it).

Continue reading “ASP.Net Identity EF Users Primary Key Change”

Getting Started with AppHarbor

Rick HerrmannAppHarbor ( is a platform-as-a-service for hosting .NET applications. In the .NET space this would be an alternative to using Windows Azure. I am going to walkthrough how to get an MVC web application deployed and running with AppHarbor.

So, assuming you have an application that is ready to deploy…

Continue reading “Getting Started with AppHarbor”