使用新的证书
当使用已过期的签名证书进行身份验证时,会导致无法验证令牌的身份。解决方案是使用新的签名证书,并确保每个令牌都使用最新的签名证书进行签名。
代码示例:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new X509SecurityKey(GetSigningCertificate()), ValidateAudience = false, ValidateIssuer = false }; });
private static X509Certificate2 GetSigningCertificate() { var certificate = new X509Certificate2(@"path\to\certificate.pfx", "password"); if (certificate.NotAfter < DateTime.Now) { throw new Exception("Signing certificate has expired"); } return certificate; }