This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 61%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFA%3C/text%3E%3C/svg%3E)
Is there a way to extend the 2FA and Email confirmation token expiration timespan with email in .NET 8.0?
I am using the Microsoft.AspNetCore.Identity and Microsoft.AspNetCore.Authentication classes to use the 2FA with Email.
builder.Services.AddIdentity<IdentityUser<Guid>, IdentityRole<Guid>>(options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.SignIn.RequireConfirmedEmail = true;
options.Tokens.EmailConfirmationTokenProvider = "EmailConfirmationTokenProvider";
options.Tokens.AuthenticatorTokenProvider = "TwoFactorTokenProvider";
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders()
.AddTokenProvider<EmailConfirmationTokenProvider<IdentityUser<Guid>>>("EmailConfirmationTokenProvider")
.AddTokenProvider<TwoFactorTokenProvider<IdentityUser<Guid>>>("TwoFactorTokenProvider");
builder.Services.Configure<EmailConfirmationTokenProviderOptions>(opt => opt.TokenLifespan = TimeSpan.FromMinutes(5));
builder.Services.Configure<TwoFactorTokenProviderOptions>(opt => opt.TokenLifespan = TimeSpan.FromSeconds(45));
Everything works great with EmailConfirmation, but TwoFactorTokenProvider expiration is not working. Help please
According to the source code there is a 90 second skew to allow time for a message to be sent and received.
Perhaps that's why your 45 second expiration is "not working" as expected?
Apologies if the following question is a bit silly. Are these 90 seconds added to the 45, or are they fixed and cannot be configured? In other words, if I have 45, can we add the 45 plus 90? Or were my original 45 seconds meaningless? Because I've tried to verify it using the VerifyTwoFactorTokenAsync method, and even if I've already verified the code once, it always comes out as valid, which has me a bit confused.