« AWS SDK for .NET » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
m (Nicolas a déplacé la page AWS and CSharp vers AWS SDK for .NET) |
Aucun résumé des modifications |
||
| Ligne 3 : | Ligne 3 : | ||
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-net.html Secrets Manager Cache] | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-net.html Secrets Manager Cache] | ||
* [https://aws.amazon.com/blogs/modernizing-with-aws/how-to-load-net-configuration-from-aws-secrets-manager/ Load .NET configuration from Secrets Manager] | * [https://aws.amazon.com/blogs/modernizing-with-aws/how-to-load-net-configuration-from-aws-secrets-manager/ Load .NET configuration from Secrets Manager] | ||
= [https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/creds-idc.html#idc-config-sdk Configure the SDK to use IAM Identity Center] = | |||
<filebox fn='∼/.aws/config' lang='ini'> | |||
[default] | |||
sso_session = my-sso | |||
sso_account_id = 111122223333 | |||
sso_role_name = SampleRole | |||
region = us-east-1 | |||
output = json | |||
[sso-session my-sso] | |||
sso_region = us-east-1 | |||
sso_start_url = https://provided-domain.awsapps.com/start | |||
sso_registration_scopes = sso:account:access | |||
</filebox> | |||
= Cognito = | = Cognito = | ||
Version du 26 février 2024 à 13:44
Secrets Manager
Configure the SDK to use IAM Identity Center
| ∼/.aws/config |
[default] sso_session = my-sso sso_account_id = 111122223333 sso_role_name = SampleRole region = us-east-1 output = json [sso-session my-sso] sso_region = us-east-1 sso_start_url = https://provided-domain.awsapps.com/start sso_registration_scopes = sso:account:access |
Cognito
| Program.cs |
builder.Services.AddCognitoIdentity();
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = builder.Configuration["AWSCognito:Authority"];
options.Audience = builder.Configuration["AWSCognito:UserPoolClientId"];
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateAudience = true
};
options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) =>
{
// Cognito tokens doesn't have "aud" claim. Instead the audience is set in "client_id"
var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken;
if (!jsonWebToken.Claims.Any(f => f.Type == "aud"))
return false;
return validationParameters.ValidAudience.Contains(jsonWebToken.Claims.First(f => f.Type == "aud").Value);
};
});
|
