堆栈内存溢出
  繁体   English   中英

需要检查 jwt 令牌在 asp.net 内核中是否有效/过期

[英]Need to check of jwt token is valid/expired in asp.net core

 原文  2020-06-09 18:41:49       c#/ asp.net-core/ jwt

问题描述

为了生成 JWT 令牌,我使用以下代码:

  var tokenHandler = new JwtSecurityTokenHandler();

            var key = Encoding.ASCII.GetBytes(_consumerConfiguration.SecretKey);
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new Claim[]
                {
                    new Claim(ClaimTypes.Name, "ConsumerId")
                }),
                Expires = DateTime.Now.AddMinutes(1),
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
            };
            var token = tokenHandler.CreateToken(tokenDescriptor);
            return tokenHandler.WriteToken(token);

这是我在 RegisterServices 中的代码

  var appSettingsSection = configuration.GetSection("ConsumerConfiguration");
            services.Configure<ConsumerConfiguration>(appSettingsSection);

            var appSettings = appSettingsSection.Get<ConsumerConfiguration>();

            var key = Encoding.ASCII.GetBytes(appSettings.SecretKey);
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(x =>
            {
                x.RequireHttpsMetadata = false;
                x.SaveToken = true;
                x.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(key),
                    ValidateIssuer = false,
                    ValidateAudience = false
                };
            });
            services.AddScoped<Microsoft.AspNetCore.Authorization.IAuthorizationHandler, ConsumerAuthorizationHandler>();

我使用它作为过滤器在应用程序中全局注册自定义授权处理程序:

 var policy = new AuthorizationPolicyBuilder().RequireCustomClaim(ClaimTypes.Name).
                AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme).Build();

options.Filters.Add(new AuthorizeFilter(policy));
            })

这是我的自定义授权处理程序

    #region constructor
    public ConsumerAuthorizationHandler(IOptions<ConsumerConfiguration> consumerConfiguration)
    {
        _consumerConfiguration = consumerConfiguration.Value;
    }
    #endregion
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomRequireClaim requirement)
    {
        if (!_consumerConfiguration.EnableAuthorizationFilter)
            context.Succeed(requirement);

        var hasClaim = context.User.Claims.Any(x => x.Type == requirement.ClaimType);

        if (hasClaim)
        {
            context.Succeed(requirement);
        }

        return Task.CompletedTask;
    }
}

public static class AuthorizationPolicyBuilderExtensions
{
    public static AuthorizationPolicyBuilder RequireCustomClaim(this AuthorizationPolicyBuilder builder, string claimType)
    {
       return builder.AddRequirements(new CustomRequireClaim(claimType));
    }
}

问题是:如何检查 JWT 是否过期? 令牌似乎没有过期。 我必须添加什么代码才能检查令牌是否过期?

1 个解决方案

解决方案1
 0  2020-06-09 18:48:14

默认情况下,身份验证流程会为您处理此问题。 它甚至在您达到授权层之前就会发生。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 ASP.NET Core 中启动项目时检查 jwt 令牌 ASP.NET Core:具有范围的JWT令牌 ASP.NET Core 中的 Jwt 令牌身份验证 ASP.Net Core JWT 令牌验证 asp.net 内核中的无效 jwt 令牌 ASP.NET Core 和 JWT 令牌生命周期 .Net核心JWT自定义过期令牌响应 .net Core 2.0 JWT令牌过期问题 使用 ASP.NET Core 的 JWT 令牌无效令牌错误 ASP.NET核心网站使用JWT令牌进行WebApi身份验证
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM