How to add configuration to auto save access token and refresh token in AspnetUserToken table

Question

How to add configuration to auto save access token and refresh token in AspnetUserToken table

Lavanya Chakkaravel 20

Hi,

I am using Microsoft.EntityFrameworkCore (Version 8.0.6) + Microsoft.AspNetCore.Identity.EntityFrameworkCore(Version 8.0.6) + Npgsql.EntityFrameworkCore.PostgreSQL (Version 8).

I want to save the auto generated token from Identity Authentication into AspNetUsersToken Table. Is that possible to save the token without any customized method? I want to add configuration in program.cs to automatically save the token into table without any manual changes.

Is Identity AspNetCore 8 will have configuration to auto save token in table?

Note: I am not using JWT, not any third party authentication.

Accepted answer

0 additional answers

Your answer

Answer 1

Pradeep M 9,685 Microsoft External Staff Volunteer Moderator

Hi Lavanya Chakkaravel,

Thank you for reaching out to Microsoft Q & A forum.

In ASP.NET Core Identity (including version 8), there is currently no built-in configuration option to automatically save access or refresh tokens to the AspNetUserTokens table without writing custom logic. The default behavior only supports storing tokens from external authentication providers.

Since you're not using JWT or any third-party authentication, you will need to manually save tokens using the UserManager service. For example:

await userManager.SetAuthenticationTokenAsync(user, "MyApp", "AccessToken", token);

At this time, configuring token storage solely through Program.cs is not supported. So, a small amount of custom implementation is necessary to store these tokens as part of your authentication flow.

If you have found the answer provided to be helpful, please click on the "Accept answer/Upvote" button so that it is useful for other members in the Microsoft Q&A community.

Lavanya Chakkaravel 20 Reputation points

2025-04-29T14:13:42.9533333+00:00

In ASP.NET core 6 or below 6 , Do we have auto token storage without any custom logic ?
Lavanya Chakkaravel 20 Reputation points

2025-04-29T14:16:44.4533333+00:00

Why we don't have built-in configuration for auto token storage?
Lavanya Chakkaravel 20 Reputation points

2025-04-29T14:23:19.45+00:00

Here,

await userManager.SetAuthenticationTokenAsync(user, "MyApp", "AccessToken", token);

The given code is to save the token in userManager, but how to get generated token?

If we manually generate a token, then it will break the default authentication mechanism, Right?
Pradeep M 9,685 Reputation points Microsoft External Staff Volunteer Moderator

2025-04-30T03:49:38.5466667+00:00

Hi Lavanya Chakkaravel,

In ASP.NET Core 6 and earlier, there is no built in feature to automatically store tokens in the AspNetUserTokens table. The default Identity system relies on cookie based authentication and does not generate access or refresh tokens by itself. Automatic token storage only applies when using external login providers, such as Google or Facebook. The SetAuthenticationTokenAsync method can be used to store tokens, but the tokens must be created manually. Manually generating and storing tokens does not interfere with the default authentication flow, unless the sign in logic is modified. If your application requires token based authentication, a custom implementation or a solution like IdentityServer is recommended.
Lavanya Chakkaravel 20 Reputation points

2025-04-30T04:33:40.23+00:00

Thank you for your answer. One more request, can i get any sample code for generate token and save the token in database without affect our inbuilt login flow.

Here,

await userManager.SetAuthenticationTokenAsync(user, "MyApp", "AccessToken", token);

How to generate token?
Pradeep M 9,685 Reputation points Microsoft External Staff Volunteer Moderator

2025-04-30T07:08:39.9+00:00
Hi Lavanya Chakkaravel,

You are very welcome. Yes, you can generate and store a custom token using UserManager.SetAuthenticationTokenAsync without affecting the built-in Identity login functionality.

Here is a simple example using a GUID as the token:

var user = await userManager.FindByNameAsync("username"); // Or get the current user from the context if (user != null) { var token = Guid.NewGuid().ToString(); // You can also use a more secure generator if needed await userManager.SetAuthenticationTokenAsync(user, "MyApp", "AccessToken", token); }

This will save the token in the AspNetUserTokens table under the login provider "MyApp" and token name "AccessToken".

To retrieve the token later, you can use:

var token = await userManager.GetAuthenticationTokenAsync(user, "MyApp", "AccessToken");

This approach works alongside the default Identity login system and does not disrupt its behavior. If you have any more questions, please feel free to raise a new question in the Q&A forum.
Lavanya Chakkaravel 20 Reputation points

2025-04-30T08:58:34.01+00:00
Thank you so much for your help.

One more doubt!

Do we have any built-in method for generate token in UserManager or SignInManager? Like we have "GeneratePasswordResetTokenAsync".

I have CustomSignInManager, using like this to check the password:
public override async Task<SignInResult> PasswordSignInAsync(string userName, string password, bool isPersistent, bool lockoutOnFailure)

Can we use SetAuthenticationTokenAsync here?
Lavanya Chakkaravel 20 Reputation points

2025-06-17T04:16:39.78+00:00

Is their any other version in dotnet to save refresh token automatically without any custom logic?
Pradeep M 9,685 Reputation points Microsoft External Staff Volunteer Moderator

2025-06-17T11:49:07.8566667+00:00

Yes, ASP.NET Core, especially when using Microsoft.Identity.Web, can handle refresh tokens automatically for web applications without requiring custom logic. It takes care of token caching and renewal in the background. For other application types, some additional setup or use of MSAL.NET may still be necessary.

Share via

How to add configuration to auto save access token and refresh token in AspnetUserToken table

0 additional answers

Your answer