C# 如何延长从IdentityServer 3颁发的JWT令牌的使用寿命
我正在尝试设置IdentityServer 3 web应用程序,而不是硬件,这是一个与软件开发相关的问题。我正在尝试学习如何使用这项技术并生成我的api可以使用的JWT令牌。问题是我一辈子都找不到在哪里设置令牌过期时间。它总是在大约一小时后生成401。理想情况下,出于测试目的,我希望将此扩展到很长一段时间,这样我就不必一直复制和粘贴我的JWT令牌到fiddler中,从而大大减慢我的开发和学习过程 我的客户C# 如何延长从IdentityServer 3颁发的JWT令牌的使用寿命,c#,jwt,identityserver3,C#,Jwt,Identityserver3,我正在尝试设置IdentityServer 3 web应用程序,而不是硬件,这是一个与软件开发相关的问题。我正在尝试学习如何使用这项技术并生成我的api可以使用的JWT令牌。问题是我一辈子都找不到在哪里设置令牌过期时间。它总是在大约一小时后生成401。理想情况下,出于测试目的,我希望将此扩展到很长一段时间,这样我就不必一直复制和粘贴我的JWT令牌到fiddler中,从而大大减慢我的开发和学习过程 我的客户 new Client { Clie
new Client
{
ClientId = "scheduling"
,ClientSecrets = new List<Secret>
{
new Secret("65A6A6C3-A764-41D9-9D10-FC09E0DBB046".Sha256())
},
ClientName = "Patient Scheduling",
Flow = Flows.ResourceOwner,
AllowedScopes = new List<string>
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Profile,
Constants.StandardScopes.OfflineAccess,
"read",
"adprofile",
"scheduling"
},
Enabled = true
}
新客户端
{
ClientId=“调度”
,ClientSecrets=新列表
{
新秘密(“65A6A6C3-A764-41D9-9D10-FC09E0DBB046”.Sha256()
},
ClientName=“患者日程安排”,
Flow=Flows.ResourceOwner,
AllowedScopes=新列表
{
Constants.StandardScopes.OpenId,
常量.StandardScopes.Profile,
常量.StandardScopes.OfflineAccess,
“读”,
“adprofile”,
“日程安排”
},
启用=真
}
我的范围
new Scope
{
Name = "scheduling",
Claims = new List<ScopeClaim>
{
new ScopeClaim(Constants.ClaimTypes.Role,true),
new ScopeClaim("scheduling_id",true),
new ScopeClaim("expires_at",true) //I have tried "expires_in" and [Constants.ClaimTypes.Expiration] also with no luck
}
}
新范围
{
Name=“调度”,
索赔=新名单
{
新的ScopeClaim(常量、ClaimTypes、角色、true),
新的ScopeClaim(“调度id”,true),
new ScopeClaim(“expires\u at”,true)//我也尝试了“expires\u in”和[Constants.ClaimTypes.Expirement],但没有成功
}
}
用于客户特定索赔的方法:
private IEnumerable<Claim> GetClaimByClientId(string client_id)
{
List<Claim> claims = new List<Claim>();
switch(client_id.ToLower())
{
case "scheduling":
claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Role,"administrator"));
claims.Add(new Claim("scheduling_id", "2"));
//claims.Add(new Claim("expires_in", "2082758400")); //01/01/2036
//claims.Add(new Claim(Constants.ClaimTypes.Expiration, "2082758400")); //01/01/2036
claims.Add(new Claim("expires_at", "2082758400")); //01/01/2036
break;
default:
throw new Exception("Client not found with provided client id.");
}
return claims;
}
if (ActiveDirectoryHelper.ValidateCredentials(context.UserName, context.Password, adName))
{
List<Claim> lstClaims = new List<Claim>
{
new Claim("obj_id",user.UserID.ToUpper()),
new Claim(Constants.ClaimTypes.Email, string.IsNullOrEmpty(user.Email) ? string.Empty : user.Email.ToLower()),
new Claim(Constants.ClaimTypes.GivenName,user.FirstName),
new Claim(Constants.ClaimTypes.FamilyName,user.LastName),
new Claim("EmployeeNumber",user.EmployeeNumber),
};
lstClaims.AddRange(GetClaimByClientId("scheduling"));
context.AuthenticateResult = new AuthenticateResult(user.UserID,user.Username, lstClaims);
}
else
{
context.AuthenticateResult = new AuthenticateResult("Invalid Login.");
}
private IEnumerable GetClaimByClientId(字符串客户端\u id)
{
列表声明=新列表();
交换机(客户端id.ToLower())
{
案例“排程”:
索赔=新列表();
claims.Add(新索赔(ClaimTypes.Role,“管理员”);
添加(新的索赔(“明细表编号”,“2”));
//添加(新索赔(“到期日”,“2082758400”);//01/01/2036
//添加(新索赔(Constants.ClaimTypes.Expiration,“2082758400”);//01/01/2036
添加(新索赔(“到期日”,“2082758400”);//01/01/2036
打破
违约:
抛出新异常(“未找到具有提供的客户端id的客户端”);
}
退货索赔;
}
实际验证凭据的代码:
private IEnumerable<Claim> GetClaimByClientId(string client_id)
{
List<Claim> claims = new List<Claim>();
switch(client_id.ToLower())
{
case "scheduling":
claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Role,"administrator"));
claims.Add(new Claim("scheduling_id", "2"));
//claims.Add(new Claim("expires_in", "2082758400")); //01/01/2036
//claims.Add(new Claim(Constants.ClaimTypes.Expiration, "2082758400")); //01/01/2036
claims.Add(new Claim("expires_at", "2082758400")); //01/01/2036
break;
default:
throw new Exception("Client not found with provided client id.");
}
return claims;
}
if (ActiveDirectoryHelper.ValidateCredentials(context.UserName, context.Password, adName))
{
List<Claim> lstClaims = new List<Claim>
{
new Claim("obj_id",user.UserID.ToUpper()),
new Claim(Constants.ClaimTypes.Email, string.IsNullOrEmpty(user.Email) ? string.Empty : user.Email.ToLower()),
new Claim(Constants.ClaimTypes.GivenName,user.FirstName),
new Claim(Constants.ClaimTypes.FamilyName,user.LastName),
new Claim("EmployeeNumber",user.EmployeeNumber),
};
lstClaims.AddRange(GetClaimByClientId("scheduling"));
context.AuthenticateResult = new AuthenticateResult(user.UserID,user.Username, lstClaims);
}
else
{
context.AuthenticateResult = new AuthenticateResult("Invalid Login.");
}
if(ActiveDirectoryHelper.ValidateCredentials(context.UserName、context.Password、adName))
{
列表=新列表
{
新声明(“obj_id”,user.UserID.ToUpper()),
新声明(Constants.ClaimTypes.Email,string.IsNullOrEmpty(user.Email)?string.Empty:user.Email.ToLower()),
新声明(Constants.ClaimTypes.GivenName、user.FirstName),
新声明(Constants.ClaimTypes.FamilyName、user.LastName),
新索赔(“EmployeeNumber”,user.EmployeeNumber),
};
AddRange(GetClaimByClientId(“调度”));
context.AuthenticateResult=新的AuthenticateResult(user.UserID、user.Username、lstClaims);
}
其他的
{
context.AuthenticateResult=新的AuthenticateResult(“无效登录”);
}
可以使用属性AccessTokenLifetime
为客户端应用程序设置访问令牌生存期(我假设这就是您所说的JWT令牌)
默认设置为3600秒(1小时)。谢谢,我研究了AccesTokenLifetime,然后查看了文档。非常感谢你。