問(wèn)題描述

我正在生成用于我的 WebApi 項(xiàng)目的 JWT.我將令牌設(shè)置為在一分鐘內(nèi)過(guò)期，以便我可以測(cè)試它在過(guò)期日期之后提交時(shí)是否拒絕令牌.

I am generating JWT's to use with my WebApi project. I'm set the token to expire in one minute so that I can test if it rejects the token when submitted after the expiration date.

創(chuàng)建令牌控制器

public async Task<IActionResult> CreateToken([FromBody] CredentialModel model)
{
    var user = await _unitOfWork.UserManager.FindByNameAsync(model.UserName);

    if (user == null) return BadRequest();
    if (Hasher.VerifyHashedPassword(user, user.PasswordHash, model.Password) !=
        PasswordVerificationResult.Success) return BadRequest();

    var userClaims = await UserManager.GetClaimsAsync(user);

    var claims = new[]
    {
        new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
        new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
        new Claim(JwtRegisteredClaimNames.Iat, DateTime.UtcNow.ToString()),
        new Claim(JwtRegisteredClaimNames.GivenName, user.FirstName), 
        new Claim(JwtRegisteredClaimNames.FamilyName, user.LastName),
        new Claim(JwtRegisteredClaimNames.Email, user.Email)
    }
    .Union(userClaims);

    var cert = new Certificate(Configuration["Tokens:Certificate"]);
    var token = new JwtSecurityToken(
        issuer: Configuration["Tokens:Issuer"],
        audience: Configuration["Tokens:Audience"],
        claims: claims,
        expires: DateTime.UtcNow.AddMinutes(1),
        signingCredentials: cert.Signature
    );

    return Ok(new
    {
        token = new JwtSecurityTokenHandler().WriteToken(token),
        expiration = token.ValidTo
    });
}

令牌認(rèn)證 - 啟動(dòng)類

app.UseJwtBearerAuthentication(new JwtBearerOptions()
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    TokenValidationParameters = new TokenValidationParameters()
    {
        ValidIssuer = Configuration["Tokens:Issuer"],
        ValidAudience = Configuration["Tokens:Audience"],
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = new Certificate(Configuration["Tokens:Certificate"]).SecurityKey,
        ValidateLifetime = true
    },
});

雖然我設(shè)置了 validateLifetime = true，但兩分鐘后令牌不會(huì)被拒絕.它將繼續(xù)接受令牌.是否有我不知道的最短到期時(shí)間或我的設(shè)置有誤?

Although I am setting validateLifetime = true the tokes are not rejected two minutes later. It will keep accepting the token. Is there a minimum expiration time that I am not aware of or is my setup wrong?

推薦答案

我偶然發(fā)現(xiàn)了答案 這里如果有人感興趣的話.ClockSkew 的默認(rèn)值為 5 分鐘.

I stumbled over the answer here if anyone is interested. Default value for ClockSkew is 5 minutes.

app.UseJwtBearerAuthentication(new JwtBearerOptions()
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    TokenValidationParameters = new TokenValidationParameters()
    {
        ValidIssuer = Configuration["Tokens:Issuer"],
        ValidAudience = Configuration["Tokens:Audience"],
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = new Certificate(certPath: Configuration["Tokens:Certificate"], isValid: false).SecurityKey,
        ValidateLifetime = true,
        ValidateIssuer = true,
        ValidateAudience = true,
        ClockSkew = TimeSpan.Zero
    },
});

這篇關(guān)于.NetCore JwtBearerAuthentication 不拒絕過(guò)期令牌的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！