Asp net identity expire bearer token after 20 min


ASP.NET is a popular programming language used for building web applications. One common requirement in web applications is to expire after a certain period of time. In this article, we will explore how to implement token expiration in ASP.NET using the ASP.NET Identity framework.

ASP.NET Identity

ASP.NET Identity is a system that allows you to add authentication and authorization to your web applications. It provides a set of APIs and UI components for managing users, roles, and .

Bearer Tokens

Bearer tokens are a type of access token commonly used in token-based authentication. They are typically by an authentication server and used to authenticate requests to protected resources. Bearer tokens are sent in the Authorization header of HTTP requests.

Token Expiration

To expire bearer tokens after a certain period of time, we can leverage the built-in functionality of ASP.NET Identity. The framework provides options to configure token expiration settings.


Let's consider an example where we want to expire bearer tokens after 20 minutes of inactivity. We can achieve this by configuring the token expiration settings in the ASP.NET Identity configuration.

// Configure token expiration
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
    TokenValidationParameters = new TokenValidationParameters
        ClockSkew = TimeSpan.Zero,
        RequireExpirationTime = true,
        ValidateLifetime = true,
        ValidAudience = "your-audience",
        ValidIssuer = "your-issuer",
        IssuerSigningKey = new SymmetricSecurityKey(.GetBytes("your-secret-key"))

In the above code snippet, we configure the JwtBearerAuthenticationOptions to expiration time and validate the token lifetime. We set the ClockSkew property to TimeSpan.Zero to ensure that the token expires exactly after the time.


By configuring the token expiration settings in ASP.NET Identity, we can easily expire bearer tokens after a certain period of time. This ensures the security of our web applications by automatically invalidating tokens after a specified duration of inactivity.

Remember to always consider the requirements of your application when configuring token expiration settings. The example provided here is just one way to achieve token expiration in ASP.NET.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents