Share via

Customize the EmailConfirmation and 2FA token expiration in .NET 8.0

Francisco A. Henríquez N 0 Reputation points
2024-04-27T00:03:30.5266667+00:00

Is there a way to extend the 2FA and Email confirmation token expiration timespan with email in .NET 8.0?

I am using the Microsoft.AspNetCore.Identity and Microsoft.AspNetCore.Authentication classes to use the 2FA with Email.

builder.Services.AddIdentity<IdentityUser<Guid>, IdentityRole<Guid>>(options =>

{

options.SignIn.RequireConfirmedAccount = true;

options.SignIn.RequireConfirmedEmail = true;

options.Tokens.EmailConfirmationTokenProvider = "EmailConfirmationTokenProvider";

options.Tokens.AuthenticatorTokenProvider = "TwoFactorTokenProvider";

})

.AddEntityFrameworkStores<ApplicationDbContext>()

.AddDefaultTokenProviders()

.AddTokenProvider<EmailConfirmationTokenProvider<IdentityUser<Guid>>>("EmailConfirmationTokenProvider")

.AddTokenProvider<TwoFactorTokenProvider<IdentityUser<Guid>>>("TwoFactorTokenProvider");

builder.Services.Configure<EmailConfirmationTokenProviderOptions>(opt => opt.TokenLifespan = TimeSpan.FromMinutes(5));

builder.Services.Configure<TwoFactorTokenProviderOptions>(opt => opt.TokenLifespan = TimeSpan.FromSeconds(45));

Everything works great with EmailConfirmation, but TwoFactorTokenProvider expiration is not working. Help please

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,499 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,808 questions
ASP.NET API
ASP.NET API
ASP.NET: A set of technologies in the .NET Framework for building web applications and XML web services.API: A software intermediary that allows two applications to interact with each other.
325 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AgaveJoe 28,026 Reputation points
    2024-04-27T11:48:44.14+00:00

    According to the source code there is a 90 second skew to allow time for a message to be sent and received.

    https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Extensions.Core/src/AuthenticatorTokenProvider.cs

    Perhaps that's why your 45 second expiration is "not working" as expected?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.