diff --git a/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs b/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
new file mode 100644
index 0000000000..61c064b376
--- /dev/null
+++ b/framework/src/Volo.Abp.AspNetCore.Components.Server/Microsoft/AspNetCore/Authentication/Cookies/CookieAuthenticationOptionsExtensions.cs
@@ -0,0 +1,56 @@
+using System;
+using IdentityModel.Client;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Cookies;
+
+public static class CookieAuthenticationOptionsExtensions
+{
+ ///
+ /// Introspect access token on validating the principal.
+ ///
+ ///
+ ///
+ ///
+ public static CookieAuthenticationOptions IntrospectAccessToken(this CookieAuthenticationOptions options, string oidcAuthenticationScheme = "oidc")
+ {
+ var originalHandler = options.Events.OnValidatePrincipal;
+ options.Events.OnValidatePrincipal = async principalContext =>
+ {
+ originalHandler?.Invoke(principalContext);
+
+ if (principalContext.Principal != null && principalContext.Principal.Identity != null && principalContext.Principal.Identity.IsAuthenticated)
+ {
+ var accessToken = principalContext.Properties.GetTokenValue("access_token");
+ if (!accessToken.IsNullOrWhiteSpace())
+ {
+ var openIdConnectOptions = principalContext.HttpContext.RequestServices.GetRequiredService>().Get(oidcAuthenticationScheme);
+ if (openIdConnectOptions.Configuration == null && openIdConnectOptions.ConfigurationManager != null)
+ {
+ openIdConnectOptions.Configuration = await openIdConnectOptions.ConfigurationManager.GetConfigurationAsync(principalContext.HttpContext.RequestAborted);
+ }
+
+ var response = await openIdConnectOptions.Backchannel.IntrospectTokenAsync(new TokenIntrospectionRequest
+ {
+ Address = openIdConnectOptions.Configuration?.IntrospectionEndpoint ?? openIdConnectOptions.Authority.EnsureEndsWith('/') + "connect/introspect",
+ ClientId = openIdConnectOptions.ClientId,
+ ClientSecret = openIdConnectOptions.ClientSecret,
+ Token = accessToken
+ });
+
+ if (response.IsActive)
+ {
+ return;
+ }
+ }
+
+ principalContext.RejectPrincipal();
+ await principalContext.HttpContext.SignOutAsync(principalContext.Scheme.Name);
+ }
+ };
+
+ return options;
+ }
+}
diff --git a/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj b/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj
index 09c743bc2a..297b2a8576 100644
--- a/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj
+++ b/framework/src/Volo.Abp.AspNetCore.Components.Server/Volo.Abp.AspNetCore.Components.Server.csproj
@@ -12,11 +12,13 @@
-
-
-
-
-
+
+
+
+
+
+
+
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
index 1033c73a57..fa55b7d44f 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
@@ -4,6 +4,7 @@ using Blazorise.Bootstrap5;
using Blazorise.Icons.FontAwesome;
using Medallion.Threading;
using Medallion.Threading.Redis;
+using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Hosting;
@@ -163,6 +164,7 @@ public class MyProjectNameBlazorModule : AbpModule
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(365);
+ options.IntrospectAccessToken();
})
.AddAbpOpenIdConnect("oidc", options =>
{