TokenValidationParameters ignored if policy is added to Authorise attribute

484 Views Asked by paul rockerdale At 24 April 2025 at 06:48

I'm using AspNetCore.All 2.0

I have a controller that uses the Authorize attribute like so:

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme]

When I pass a JWT token it fails as expected because it's expired. However when I add a policy like below it always passes with a 200. I should still get a 401 because it's an expired token, right? What could I be doing wrong?

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Policy = "Over21")]

Below are my token validation parameters. Please note that adding the policy doesn't just affect the expiration it could be any of the parameters

        .AddJwtBearer(cfg =>
        {
            cfg.RequireHttpsMetadata = false;
            cfg.SaveToken = true;

            cfg.TokenValidationParameters = new TokenValidationParameters()
            {
                RequireExpirationTime = true,
                ValidateLifetime = true,
                ValidateIssuerSigningKey = false,
                ValidateIssuer = false,
                ValidateAudience = false,
                ValidIssuer = "https://localhost",
                ValidAudience = "https://localhost",
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("someveryveryveryverylongkey")),                    
                ClockSkew = TimeSpan.Zero

            };
        });

Original Q&A

TokenValidationParameters ignored if policy is added to Authorise attribute

There are 0 best solutions below

Related Questions in ASP.NET-WEB-API

Related Questions in JWT

Related Questions in BEARER-TOKEN

Related Questions in ASP.NET-CORE-2.0

Trending Questions

Popular # Hahtags

Popular Questions