我正在使用JwtTokens玩耍,但无法使它们正常工作。 我正在使用http://www.nuget.org/packages/System.IdentityModel.Tokens.Jwt/。 我知道代码很混乱,但只是为了展示我想做什么。 问题在于,我希望JwtTokenHandler因为寿命而失败验证。
var key = "5A0AB091-3F84-4EC4-B227-0834FCD8B1B4";
var domain = "http://localhost";
var allowedAudience = "http://localhost";
var signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
var digestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256";
var issuer = "self";
var securityKey = System.Text.Encoding.Unicode.GetBytes(key);
var inMemorySymmetricSecurityKey = new InMemorySymmetricSecurityKey(securityKey);
var now = DateTime.UtcNow;
var expiry = now.AddSeconds(1);
var tokenHandler = new JwtSecurityTokenHandler();
var claimsList = new List<Claim>()
{
new Claim(ClaimTypes.Name, "user"),
new Claim(ClaimTypes.Webpage, allowedAudience),
new Claim(ClaimTypes.Uri, domain),
new Claim(ClaimTypes.Expiration,expiry.Ticks.ToString())
};
var roles = new List<string>() { "admin" };
claimsList.AddRange(roles.Select(role => new Claim(ClaimTypes.Role, role)));
var identity = new GenericIdentity("user");
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(identity, claimsList),
TokenIssuerName = issuer,
AppliesToAddress = allowedAudience,
Lifetime = new Lifetime(now, expiry),
SigningCredentials = new SigningCredentials(inMemorySymmetricSecurityKey, signatureAlgorithm, digestAlgorithm),
};
var token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));
var validationParameters = new TokenValidationParameters()
{
ValidIssuer = issuer,
ValidAudience = allowedAudience,
IssuerSigningToken = new BinarySecretSecurityToken(securityKey)
};
Thread.Sleep(2000);
try
{
SecurityToken securityToken;
tokenHandler.ValidateToken(token, validationParameters, out securityToken);
Console.WriteLine("OK");
}
catch (Exception e)
{
Console.WriteLine("Error {0}", e.Message);
}
如果我等待2秒钟,这不应该会失败吗?但如果我将ValidationTokenParameter的issuer更改为"x",它就会失败...