public ClaimsPrincipal GetPrincipal(string token, bool isValidateLifetime = true) { var tokenValidationParameters = JwtSettings.GetValidationParameters(isValidateLifetime); var tokenHandler = new JwtSecurityTokenHandler(); var clearToken = token.Replace("Bearer ", string.Empty); var principal = tokenHandler.ValidateToken(clearToken, tokenValidationParameters, out var securityToken); var jwtSecurityToken = securityToken as JwtSecurityToken; if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(JwtSettings.EncodingSigningAlgorithm, StringComparison.InvariantCultureIgnoreCase) || !jwtSecurityToken.Header.Enc.Equals(JwtSettings.EncodingEncryptingAlgorithm, StringComparison.InvariantCultureIgnoreCase)) { return(null); } return(principal); }