我正在创建一个通过 JWT 令牌进行身份验证的 Web 应用程序。在我的 Web 程序集中,我调用 Web api 来创建/验证我的令牌。 我这样创建我的代币:
public string GenerateJwtToken(IEnumerable<Claim> claims, DateTime expireAt)
{
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.Value.Key));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(issuer: jwtSettings.Value.Issuer,
audience: jwtSettings.Value.Audience,
claims: claims,
expires: expireAt,
signingCredentials: creds);
return new JwtSecurityTokenHandler().WriteToken(token);
}
并使用此函数验证它们:
public ClaimsPrincipal? ValidateToken(string token)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.Value.Key));
try
{
var tokenValidation = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = key,
ValidateIssuer = true,
ValidIssuer = jwtSettings.Value.Issuer,
ValidateAudience = true,
ValidAudience = jwtSettings.Value.Audience,
ValidateLifetime = true
};
SecurityToken validateToken;
var principal = tokenHandler.ValidateToken(token, tokenValidation, out validateToken);
return principal;
}
catch (Exception)
{
return null;
}
}
但是,当我创建令牌并将
expiresAtDateTime.UtcNow.AddDays(30)Microsoft.IdentityModel.Tokens.SecurityTokenNoExpirationException: IDX10225: Lifetime validation failed.
有人知道为什么吗?我的 jwt 设置也被注入并正确设置。
Не могу знать。 Можете обратиться в поддержку по токенам