Security Authorization - Expiry

2 posts, 1 answers
  1. Joel
    Joel avatar
    206 posts
    Member since:
    Jun 2018

    Posted 22 Jun 2020 Link to this post

    I use IdentityServer4 to generate tokens.  Tokens have an Expiration associated with them.  I also have a grid that has an MVC handler on the secured Controller that makes a call.  I have a series of grid filter controls whose purpose is to allow the user to filter the data that shows up in the grid then a refresh button.

    Now, to glue it all together, if the Token expires and the user hits refresh on the filter button which tells the grid to "read" again, I get redirected to the error page.  Instead, I want Refresh button action to have the token refreshed using the typical process and then for the request to go through.  Because your grid makes a call to the controller I don't see how authorization can intercept the request. 

    Any idea how I can get the expired token refreshed on Grid.Read?

  2. Answer
    Alex Hajigeorgieva
    Admin
    Alex Hajigeorgieva avatar
    1082 posts

    Posted 25 Jun 2020 Link to this post

    Hello, Joel,

    The Grid dataSource allows you to include Headers in the requests so you can send the tokens to the controller. If the tokens are expired, then you can respond with an error message and display that in a popup if further user action is required to manually generate the tokens:

    https://docs.telerik.com/aspnet-core/html-helpers/datasource/headers

    In addition to that the Data() method on a read action can also be used for sending AntiForgeryTokens:

    https://docs.telerik.com/aspnet-core/html-helpers/datasource/overview#basic-configuration

    However, it looks like you can Authorize the controllers directly looking at IdentityServer documentation section here:

    http://docs.identityserver.io/en/latest/topics/add_apis.html

    Kind Regards,
    Alex Hajigeorgieva
    Progress Telerik

    Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
    Our thoughts here at Progress are with those affected by the outbreak.
Back to Top