Geek Answers Handbook

Proper use of JwtTokens in C #

I play with JwtTokens and cannot get them to work correctly. I am using http://www.nuget.org/packages/System.IdentityModel.Tokens.Jwt/ . I know that the code is a mess, but just to show what I'm trying to do. The problem is that I want the JwtTokenHandler not to perform validation due to the lifetime.

var key = "5A0AB091-3F84-4EC4-B227-0834FCD8B1B4"; var domain = "http://localhost"; var allowedAudience = "http://localhost"; var signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"; var digestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256"; var issuer = "self"; var securityKey = System.Text.Encoding.Unicode.GetBytes(key); var inMemorySymmetricSecurityKey = new InMemorySymmetricSecurityKey(securityKey); var now = DateTime.UtcNow; var expiry = now.AddSeconds(1); var tokenHandler = new JwtSecurityTokenHandler(); var claimsList = new List<Claim>() { new Claim(ClaimTypes.Name, "user"), new Claim(ClaimTypes.Webpage, allowedAudience), new Claim(ClaimTypes.Uri, domain), new Claim(ClaimTypes.Expiration,expiry.Ticks.ToString()) }; var roles = new List<string>() { "admin" }; claimsList.AddRange(roles.Select(role => new Claim(ClaimTypes.Role, role))); var identity = new GenericIdentity("user"); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(identity, claimsList), TokenIssuerName = issuer, AppliesToAddress = allowedAudience, Lifetime = new Lifetime(now, expiry), SigningCredentials = new SigningCredentials(inMemorySymmetricSecurityKey, signatureAlgorithm, digestAlgorithm), }; var token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)); var validationParameters = new TokenValidationParameters() { ValidIssuer = issuer, ValidAudience = allowedAudience, IssuerSigningToken = new BinarySecretSecurityToken(securityKey) }; Thread.Sleep(2000); try { SecurityToken securityToken; tokenHandler.ValidateToken(token, validationParameters, out securityToken); Console.WriteLine("OK"); } catch (Exception e) { Console.WriteLine("Error {0}", e.Message); }

Shouldn't this fail, as I wait 2 seconds? It fails if I change the emitter of the ValidationTokenParameter to "x" ...

+7
c # jwt
source share
1 answer

Problem detected. Validation options have a default deviation of 5 minutes

 /// <summary> /// Default for the clock skew. /// /// </summary> /// /// <remarks> /// 300 seconds (5 minutes). /// </remarks> public static readonly TimeSpan DefaultClockSkew;

By setting this to 0, do the job. Still don't understand why the skew is 5 minutes if I set the expiration at some point !!!

+19
source share

More articles:


All Articles