« AWS SDK for .NET » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
m (Nicolas a déplacé la page AWS and CSharp vers AWS SDK for .NET)
Aucun résumé des modifications
Ligne 3 : Ligne 3 :
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-net.html Secrets Manager Cache]
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-net.html Secrets Manager Cache]
* [https://aws.amazon.com/blogs/modernizing-with-aws/how-to-load-net-configuration-from-aws-secrets-manager/ Load .NET configuration from Secrets Manager]
* [https://aws.amazon.com/blogs/modernizing-with-aws/how-to-load-net-configuration-from-aws-secrets-manager/ Load .NET configuration from Secrets Manager]
= [https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/creds-idc.html#idc-config-sdk Configure the SDK to use IAM Identity Center] =
<filebox fn='∼/.aws/config' lang='ini'>
[default]
sso_session = my-sso
sso_account_id = 111122223333
sso_role_name = SampleRole
region = us-east-1
output = json
[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://provided-domain.awsapps.com/start
sso_registration_scopes = sso:account:access
</filebox>


= Cognito =
= Cognito =

Version du 26 février 2024 à 13:44

Secrets Manager

Configure the SDK to use IAM Identity Center

∼/.aws/config
[default]
sso_session = my-sso
sso_account_id = 111122223333
sso_role_name = SampleRole
region = us-east-1
output = json

[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://provided-domain.awsapps.com/start
sso_registration_scopes = sso:account:access

Cognito

Program.cs
builder.Services.AddCognitoIdentity();
builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
    options.Authority = builder.Configuration["AWSCognito:Authority"];
    options.Audience = builder.Configuration["AWSCognito:UserPoolClientId"];
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        ValidateAudience = true
    };
    options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) =>
    {
        // Cognito tokens doesn't have "aud" claim. Instead the audience is set in "client_id"
        var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken;
        if (!jsonWebToken.Claims.Any(f => f.Type == "aud"))
            return false;
        return validationParameters.ValidAudience.Contains(jsonWebToken.Claims.First(f => f.Type == "aud").Value);
    };
});