This file contains the profiles.
| ∼/.aws/config
|
[default]
region = eu-central-1
[profile Profile1]
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_region = us-west-1
sso_account_id = 111122223333
sso_role_name = SampleRole
region = eu-central-1
output = yaml-stream
services = local-dynamodb
[services local-dynamodb]
dynamodb =
endpoint_url = http://localhost:8000
|
|
aws sso login --profile Profile1
|
| Properties\launchSettings.json
|
{
"profiles": {
"MyProfile1": {
"commandName": "Project",
"launchBrowser": true,
"launchUrl": "swagger",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development",
"AWS_PROFILE": "Profile1"
},
"applicationUrl": "https://localhost:5001;http://localhost:5000"
}
}
|
This file contains credentials linked to profiles.
| ∼/.aws/credentials
|
[default]
aws_access_key_id = ...
aws_secret_access_key = ...
aws_session_token = ...
[Profile1]
key = value
|
Cognito
| Program.cs
|
builder.Services.AddCognitoIdentity();
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = builder.Configuration["AWSCognito:Authority"];
options.Audience = builder.Configuration["AWSCognito:UserPoolClientId"];
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateAudience = true
};
options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) =>
{
// Cognito tokens doesn't have "aud" claim. Instead the audience is set in "client_id"
var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken;
if (!jsonWebToken.Claims.Any(f => f.Type == "aud"))
return false;
return validationParameters.ValidAudience.Contains(jsonWebToken.Claims.First(f => f.Type == "aud").Value);
};
});
|
