小编Ser*_*gey的帖子

在用户注册后的Web Api 2 Identity 2应用程序中,我在单个表中有一条记录:AspNetUsers.我使用以下http请求获取令牌:

POST https://localhost:44304/Token HTTP/1.1
Accept: application/json
Content-type: application/x-www-form-urlencoded
Accept-Encoding: gzip
Content-Length: 68
Host: localhost:44304
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

grant_type=password&username=somemail@gmail.com&password=123456

我得到了access_token的回复:

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 695
Content-Type: application/json;charset=UTF-8
Expires: -1
Server: Microsoft-IIS/8.0
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcU2VyZ2V5XERvY3VtZW50c1xWaXN1YWwgU3R1ZGlvIDIwMTNcUHJvamVjdHNcbXZjX3dlYmFwaVxXZWJBcHBsaWNhdGlvblxXZWJBcHBsaWNhdGlvblxUb2tlbg==?=
X-Powered-By: ASP.NET
Date: Tue, 25 Nov 2014 17:40:07 GMT

{"access_token":"gsvW23e1...}

获得令牌后,没有任何记录被添加到数据库中.表AspNetUsers中只有单一记录.没有关于已颁发令牌的信息存储在数据库的任何表中.

我在web api控制器中使用以下代码来验证用户:

var currentUser = manager.FindById(User.Identity.GetUserId());
if (currentUser == null)
{
    HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
    return ResponseMessage(response);
}

之后我执行密码更改并尝试使用旧的access_token(我在密码更改之前获得)调用一些web api控制器方法,并且access_token仍然有效!currentUser不为null!我已阅读计算器另一个线程 ASP.Net身份注销所有会话 ASP.Net身份注销 和博客帖子 https://timmlotter.com/blog/asp-net-identity-invalidate-all-sessions-on-securitystamp-update / …

曾几何时,我的调试器在Log.d上遇到了断点:

@Override
public void onDataChanged(DataTypeChanged dataType) {
    if (!isDetached()) {
        if(getActivity()==null){
            Log.d(CommonConstants.DEBUG_TAG, "Yes, it is null.");
        }
        List<WeekViewCoreTask> tasks = DataProvider
                .getWeekViewCoreTasks(getActivity().getApplicationContext());

        mWeekView.setTasks(tasks);
    }
}

我以为这永远不会发生.如何发生这种情况:当isDetached()返回false时,getActivity()返回null？