Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/ruby-on-rails/63.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 接受过期令牌的.NET JWT实现_C#_Jwt_Access Token - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 接受过期令牌的.NET JWT实现

C# 接受过期令牌的.NET JWT实现

c# jwt

C# 接受过期令牌的.NET JWT实现,c#,jwt,access-token,C#,Jwt,Access Token,我在API中生成了一个有效的JWT,并返回了一个有效期。请参见下面的代码和示例: public static string GenerateToken(string securityKey, string claimName, string issuer, RedisManagerPool redisClient) { var claims = new[] { new Claim(ClaimT

我在API中生成了一个有效的JWT,并返回了一个有效期。请参见下面的代码和示例:

    public static string GenerateToken(string securityKey,
        string claimName, string issuer, RedisManagerPool redisClient)
    {
        var claims = new[]
            {
                new Claim(ClaimTypes.Name,
                claimName)
            };

        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey));
        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

        var expiry = DateTime.Now.AddMinutes(UtilityCommand.Cache.GetCacheValue<int>(Functions.ParameterPath 
            + Functions.Integration 
            + Functions.JWT 
            + "/expiry_minutes", redisClient));

        var token = new JwtSecurityToken(
            issuer: issuer,
            audience: issuer,
            claims: claims,
            expires: expiry,
            signingCredentials: creds);

        return new JwtSecurityTokenHandler().WriteToken(token);
    }
但无论我使用代币多久,它都不会过期?我哪里出了问题?即使我把有效期设为1分钟。这是我的授权检查:

    public APIGatewayCustomAuthorizerResponse GetAuthentication(APIGatewayCustomAuthorizerRequest authorizerRequest, ILambdaContext context)
    {
        var tokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = Issuer,
            ValidateAudience = true,
            ValidateLifetime = UtilityCommand.Cache.GetCacheValue<bool>(ParameterPath + Integration + JWT + "/jwtexpires", _redisClient), // testing
            ValidAudience = Issuer,
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(SecurityKey)),
            ClockSkew = TimeSpan.FromMinutes(5), // Required to account for potential drift times between systems. 
            ValidateIssuerSigningKey = true
        };

        SecurityToken validatedToken;

        JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
        bool authorized = false;

        if (!string.IsNullOrWhiteSpace(authorizerRequest.AuthorizationToken))
        {
            try
            {
                var jwt = authorizerRequest.AuthorizationToken.Replace("Bearer ", string.Empty);
                var user = handler.ValidateToken(jwt, tokenValidationParameters, out validatedToken);
                var claim = user.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name);
                if (claim != null)
                    authorized = claim.Value == ClaimName; // Ensure that the claim value matches the assertion
            }
            catch (Exception ex)
            {
                context.Logger.LogLine($"Error occurred validating token: {ex.Message}");
            }
        }
        else
        {
            context.Logger.LogLine($"Error occurred validating token: No token provided.");
        }

        return GenerateAuthorizerResponse(authorized, authorizerRequest, context);
    }

public ApigatewayCustomAuthorizer响应GetAuthentication(ApigatewayCustomAuthorizer请求Authorizer请求,ILambdaContext上下文)
{
var tokenValidationParameters=新的tokenValidationParameters
{
validateisuer=true,
ValidisUser=发行人,
ValidateAudience=true,
ValidateLifetime=UtilityCommand.Cache.GetCacheValue(参数路径+集成+JWT+“/jwtexpires”,\u redisClient),//测试
有效期=发行人,
IssuerSigningKey=new-SymmetricSecurityKey(Encoding.UTF8.GetBytes(SecurityKey)),
ClockSkew=TimeSpan.FromMinutes(5),//需要考虑系统之间的潜在漂移时间。
ValidateSuersigningKey=true
};
SecurityToken validatedToken;
JwtSecurityTokenHandler=新的JwtSecurityTokenHandler();
bool=false;
如果(!string.IsNullOrWhiteSpace(authorizerRequest.AuthorizationToken))
{
尝试
{
var jwt=authorizerRequest.AuthorizationToken.Replace(“Bearer”,string.Empty);
var user=handler.ValidateToken(jwt,tokenValidationParameters,out validatedToken);
var claim=user.Claims.FirstOrDefault(c=>c.Type==ClaimTypes.Name);
如果(索赔!=null)
authorized=claim.Value==ClaimName;//确保声明值与断言匹配
}
捕获(例外情况除外)
{
LogLine($”验证令牌时出错:{ex.Message}”);
}
}
其他的
{
LogLine($“验证令牌时出错:未提供令牌。”);
}
返回GenerateAuthorizerResponse(已授权、授权请求、上下文);
}
回答,我需要将以下内容添加到我的TokenValidationParameters中

LifetimeValidator = LifetimeValidator,
它接受一个检查到期的委托函数(我不知道这不是自动处理的)。这只是一个关于是否过期的bool返回:

private bool LifetimeValidator(DateTime? notBefore, DateTime? expires, SecurityToken token, TokenValidationParameters @params)
{
    if (expires != null)
    {
        return expires > DateTime.Now;
    }
    return false;
}
很高兴你解决了这个问题。值得确保您正在对照DateTime.UtcNow检查到期日,因为到期日声明是UTC值

private bool LifetimeValidator(DateTime? notBefore, DateTime? expires, SecurityToken token, TokenValidationParameters @params)
{
    if (expires != null)
    {
        return expires > DateTime.Now;
    }
    return false;
}