4,815 questions
Adding ClockSkew = TimeSpan.Zero to token validation parameters solved my issue.
ASP.NET Core Web API - Reading JWT
Cenk
1,036
Reputation points
Hello,
I implemented JWT authentication. Setting userId into the claim.
[HttpPost]
public async Task<IActionResult> Post([FromForm]string username, [FromForm] string password)
{
if (username != null && password != null)
{
var user = _userValidate.Login(username, password);
if (user != null)
{
//create claims details based on the user information
var claims = new[] {
new Claim(JwtRegisteredClaimNames.Sub, _config["Jwt:Subject"]),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.UtcNow.ToString()),
new Claim("UserId", user.customerID.ToString()),
new Claim("DisplayName", username),
new Claim("UserName", username),
//new Claim("Email", _company.Email)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
_config["Jwt:Issuer"],
_config["Jwt:Audience"],
claims,
expires: DateTime.UtcNow.AddMinutes(1),
signingCredentials: signIn);
return Ok(new JwtSecurityTokenHandler().WriteToken(token));
}
else
{
return BadRequest("Invalid credentials");
}
}
else
{
return BadRequest();
}
}
And reading it as follows:
[HttpGet]
[Route("reconciliation")]
public async Task<IActionResult> GameReconciliation([FromForm] ReconciliationDto reconciliationDto)
{
if (!ModelState.IsValid) return BadRequest(ModelState);
var userId = User.Claims.FirstOrDefault(x => x.Type == "UserId")?.Value;
...
I wonder if is this a good practice. By the way, JWT token doesn't expire how can I fix it?
Developer technologies ASP.NET ASP.NET Core
{count} votes
-
AgaveJoe 30,126 Reputation points2022-12-24T14:04:55.367+00:00 Unfortunately, your question is not clear. What exactly is the problem? You've set the token expiration for one minute. Your configuration is not catching the expiration? Or do you have another question?
Perhaps a tutorial will help.
https://jasonwatmore.com/post/2022/01/24/net-6-jwt-authentication-with-refresh-tokens-tutorial-with-example-api -
Cenk 1,036 Reputation points
2022-12-26T14:34:54.57+00:00 yes I had 2 questions. One is token expiracy which I solved and the other if it is OK the way I reading token data.
-
AgaveJoe 30,126 Reputation points
2022-12-26T17:31:23.247+00:00 and the other if it is OK the way I reading token data.
The code you've shared reads the Principal created by middleware it does not parse a token. Can you clarify what you're asking? Do you have an actual problem? If so, what is the problem?
Sign in to comment
1 answer
Sort by: Most helpful
-
Cenk 1,036 Reputation points
2022-12-24T15:11:14.847+00:00