Jwt令牌验证
Jwt令牌验证
提问于 2022-12-01 07:33:45
您好,我正在尝试进行JWT身份验证,并遵循了教程,但没有几个问题。
AuthResponseDto类
public class AuthResponseDto
{
public string UserId { get; set; }
public string Token { get; set; }
public string RefreshToken { get; set; }
}VerifyRefreshToken函数
public async Task<AuthResponseDto> VerifyRefreshToken(AuthResponseDto request)
{
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
var tokenContent = jwtSecurityTokenHandler.ReadJwtToken(request.Token);
var userName = tokenContent.Claims.ToList()
.FirstOrDefault(c => c.Type == JwtRegisteredClaimNames.Email)?.Value;
_user = await _userManager.FindByNameAsync(userName);
if(_user == null || _user.Id != request.UserId)
{
return null;
}
var isValidRefreshToken = await _userManager.VerifyUserTokenAsync(_user,
_loginProvider, _refreshToken, request.RefreshToken);
if (isValidRefreshToken)
{
var token = await GenerateToken();
return new AuthResponseDto
{
Token = token,
UserId = _user.Id,
RefreshToken = await CreateRefreshToken()
};
}
await _userManager.UpdateSecurityStampAsync(_user);
return null;
}GenerateToken函数
private async Task<string> GenerateToken()
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(
_configuration["JwtSettings:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var roles = await _userManager.GetRolesAsync(_user);
var rolesClaims = roles.Select(r => new Claim(
ClaimTypes.Role,
r
)).ToList();
var userClaims = await _userManager.GetClaimsAsync(_user);
var claims = new List<Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, _user.Email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Jti, _user.Email),
new Claim("uid", _user.Id)
}.Union(userClaims).Union(rolesClaims);
var token = new JwtSecurityToken(
issuer: _configuration["JwtSettings:Issuer"],
audience: _configuration["JwtSettings:Audience"],
claims: claims,
expires: DateTime.Now.AddMinutes(
Convert.ToInt32(_configuration["JwtSettings:DurationInMinutes"])),
signingCredentials: credentials
);
return new JwtSecurityTokenHandler().WriteToken(token);
}正如您所看到的,我在令牌中添加了expires,但是它点击了"VerifyRefreshToken“,我没有看到它的任何检查逻辑。它是否仍然检查时间,然后验证它,还是我需要添加该功能?
回答 1
Stack Overflow用户
发布于 2022-12-01 08:13:39
弄明白了。
在verifyRefreshToken中添加了以下内容
var utcExpiryDate = long.Parse(tokenContent.Claims.ToList()
.FirstOrDefault(c => c.Type == JwtRegisteredClaimNames.Exp)?.Value);
var expiryDate = UnixTimeStampToDateTime(utcExpiryDate);
if(expiryDate < DateTime.UtcNow)
{
return new AuthResponseDto()
{
Token = "0",
RefreshToken = "0",
UserId = "0"
};
}并创建了新的私有函数
private DateTime UnixTimeStampToDateTime(long unixTimeStamp)
{
var dateTimeVal = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
dateTimeVal = dateTimeVal.AddSeconds(unixTimeStamp).ToUniversalTime();
return dateTimeVal;
}现在一切正常
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/74638336
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号