問題描述

我通過如下所示設置 Payload 創建了一個 JwtToken

var payload = new JwtPayload{{"aud", "wellmark.com" },{"iss", "wellmark" },{"iat", DateTime.Now.Ticks },{"exp", DateTime.Now.AddDays(90).Ticks },};

我必須使用刻度的原因是因為這是獲取發布時間和到期時間的整數值的唯一方法.我同意 ticks 實際上是 long 而不是 int，但這是唯一的方法.

現在當我回來驗證令牌時，我正在執行以下操作

var tokenValidationParams = new TokenValidationParameters{IssuerSigningKey = new X509SecurityKey(jwtCert),ValidAudience = "蒙面",ValidIssuer = "屏蔽",IssuerSigningKeyResolver =(字符串令牌，Microsoft.IdentityModel.Tokens.SecurityToken securityToken，字符串孩子，TokenValidationParameters 驗證參數)=>新列表<X509SecurityKey>{ 新 X509SecurityKey(jwtCert) }};tokenHandler.ValidateToken(id, tokenValidationParams，出驗證令牌)；

但是說不出來

生命周期驗證失敗.令牌缺少過期時間.令牌類型:'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.

這很可能是因為驗證方法試圖將 long 轉換為 int 并且由于它無法轉換它，所以它只是返回 null，如顯示的文檔中所示 這里.

有沒有人在這個機制上取得了成功.請注意，我使用 X509 證書來簽署我的 Jwt.

納拉辛哈姆

Exp時間戳不能使用Ticks

JWT 中的時間戳是從 01.01.1970 00:00 UTC 開始計算的 UNIX 時間戳:https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 解釋說數字日期用于 exp 聲明(也用于 nbf(不是之前)和 iat(簽發于)索賠)

https://www.rfc-editor.org/rfc/rfc7519#section-2 定義數字日期:

一個 JSON 數值，表示從1970-01-01T00:00:00Z UTC 直到指定的 UTC 日期/時間，忽略閏秒.

如果您像在示例中那樣直接創建有效負載，則需要計算自 1.1.1970 UTC 以來的秒數，例如:

DateTime CenturyBegin = new DateTime(1970, 1, 1);var exp = new TimeSpan(DateTime.Now.AddDays(90).Ticks - CenturyBegin.Ticks).TotalSeconds;

exp 是從現在開始的 90 天.當然，您也可以使用任何其他 Add... 方法來計算到期時間.參考 https://msdn.microsoft.com/de-de/library/system.datetimeoffset(v=vs.110).aspx 查看其他 Add 方法.

一些框架(例如 System.IdentityModel.Tokens.Jwt)提供了創建令牌的函數，這些令牌接受 DateTimeOffset 類型的參數，這更容易處理.

使用 http://www.unixtimestamp.com/ 或類似網站檢查您的時間戳p>

I have created a JwtToken by setting up the Payload as shown below

var payload = new JwtPayload
        {
            {"aud", "wellmark.com" },
            {"iss", "wellmark" },
            {"iat", DateTime.Now.Ticks },
            {"exp", DateTime.Now.AddDays(90).Ticks },
        };

The reason I had to use ticks is because that is the only way to get an integer value for the issued at and expiration times. I agree that ticks is in fact a long and not an int, but that was the only way.

Now when I come back to validate the token, I am doing the below

var tokenValidationParams = new TokenValidationParameters
            {
                IssuerSigningKey = new X509SecurityKey(jwtCert),
                ValidAudience = "masked",
                ValidIssuer = "masked",
                IssuerSigningKeyResolver = (string token, Microsoft.IdentityModel.Tokens.SecurityToken securityToken, string kid, TokenValidationParameters validationParameters) => new List<X509SecurityKey> { new X509SecurityKey(jwtCert) }
            };

            tokenHandler.ValidateToken(id, tokenValidationParams
                   , out validatedToken);

It is however failing saying

Lifetime validation failed. The token is missing an Expiration Time. Tokentype: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.

This is most likely because the validation method is trying to convert the long to an int and because it is unable to convert it, it simply returns a null as indicated in the documentation shown here.

Has anyone had success with this mechanism. Please note that I am using X509 Certificate to Sign my Jwt.

Narasimham

You can't use Ticks for the exp timestamp

The timestamps in JWT are UNIX timestamps counting from 01.01.1970 00:00 UTC: https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 explains that a numeric date is used for the exp claim (and also for the nbf (not before) and iat (issued at) claims)

https://www.rfc-editor.org/rfc/rfc7519#section-2 defines the numeric date:

A JSON numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds.

If you create the payload directly like you did in your example you need to calculate the seconds since 1.1.1970 UTC for example like this:

DateTime centuryBegin = new DateTime(1970, 1, 1);
var exp = new TimeSpan(DateTime.Now.AddDays(90).Ticks - centuryBegin.Ticks).TotalSeconds;

exp is then 90 days from now. Of course you can use any of the other Add... methods as well to calculate the expriation time. Refer to https://msdn.microsoft.com/de-de/library/system.datetimeoffset(v=vs.110).aspx to see the other Add methods.

Some frameworks (e.g. System.IdentityModel.Tokens.Jwt) offer functions to create tokens which accept parameters of the type DateTimeOffset, which is easier to handle.

Use http://www.unixtimestamp.com/ or similar sites to check your timestamps

這篇關于JWT 驗證失敗的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！