Hello everyone.
I have implemented security for my web api (individual accounts) as discussed here.
I have hosted the website on godaddy (shared hosting) and its working fine.
When I ask for token by using API, I get the token with expiration date of within 15 days. I set this in "StartupAuth.cs" using
AccessTokenExpireTimeSpan = TimeSpan.FromDays(15),
e.g.:
{"access_token":"codswallop11token.....","token_type":"bearer","expires_in":1209599, "userName":"user@example.com",".issued":"Wed, 11 Feb 2015 01:00:00 GMT",".expires":"Thu, 26 Feb 2015 01:00:00 GMT"
}(I put values in above code, but you get the idea of the "expires" date.
5 minutes after getting the token, when I try and access "get" method in api by passing
Authorization: Bearer codswallop11token.....
I get this error:
{"Message":"Authorization has been denied for this request."}Although its just been 5 minutes and token is supposed to last 15 days, it expires within 5 minutes.
I have web.config values for session as below (I thought its related)
<sessionState timeout="180" />
Note that forms authentication is not used, so timeout on that section in web.config is not necessary.
Any idea what's going on? This timeout is causing the users of mobile apps which use the API to re-login every now and then. Any help would be appreciated.
Thanks.