« AWS SDK for .NET » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
Aucun résumé des modifications
Aucun résumé des modifications
Ligne 3 : Ligne 3 :
<filebox fn='Program.cs'>
<filebox fn='Program.cs'>
builder.Configuration.Sources.Add(new AmazonSecretsManagerConfigurationSource("secretName"));
builder.Configuration.Sources.Add(new AmazonSecretsManagerConfigurationSource("secretName"));
</filebox>
= Cognito =
<filebox fn='Program.cs'>
builder.Services.AddCognitoIdentity();
builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
    options.Authority = builder.Configuration["AWSCognito:Authority"];
    options.Audience = builder.Configuration["AWSCognito:UserPoolClientId"];
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        ValidateAudience = true
    };
    options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) =>
    {
        //This is necessary because Cognito tokens doesn't have "aud" claim. Instead the audience is set in "client_id"
        var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken;
        if (!jsonWebToken.Claims.Any(f => f.Type == "aud"))
            return false;
        return validationParameters.ValidAudience.Contains(jsonWebToken.Claims.First(f => f.Type == "aud").Value);
    };
});
</filebox>
</filebox>

Version du 23 février 2024 à 14:11

Secrets Manager

Program.cs 
builder.Configuration.Sources.Add(new AmazonSecretsManagerConfigurationSource("secretName"));

Cognito

Program.cs 
builder.Services.AddCognitoIdentity();
builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
    options.Authority = builder.Configuration["AWSCognito:Authority"];
    options.Audience = builder.Configuration["AWSCognito:UserPoolClientId"];
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        ValidateAudience = true
    };
    options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) =>
    {
        //This is necessary because Cognito tokens doesn't have "aud" claim. Instead the audience is set in "client_id"
        var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken;
        if (!jsonWebToken.Claims.Any(f => f.Type == "aud"))
            return false;
        return validationParameters.ValidAudience.Contains(jsonWebToken.Claims.First(f => f.Type == "aud").Value);
    };
});
Récupérée de « http://wiki.bananeatomic.fr/index.php?title=AWS_SDK_for_.NET&oldid=30174 »