locked
Identity Permissions changed for User RRS feed

  • Question

  • I have a web api setup with Owin + Oauth2 + identity2.

    First one is implemented as default. I have also set this up for bearer token. 

    The question is though if a user authenticates and bearer token is passed to them,  if in 2mins time an admin revokes the users permissions for authorization, how does that get reflected back to identity and oauth2??

    My second project is another web api owin + oauth2 + identity 2, but instead of identity default, i make a call to an existing WCF service layer with a login method that provides me with an identity user.  

    My question with that again is how would a permission change ever get back to the web api layer?

    Novice when it comes to security layers.

    Wednesday, July 12, 2017 4:36 PM

All replies