AWS SDK for .NET
De Banane Atomic
Aller à la navigationAller à la recherche
Secrets Manager
Configure the SDK to use IAM Identity Center
∼/.aws/config |
[default] sso_session = my-sso sso_account_id = 111122223333 sso_role_name = SampleRole region = us-east-1 output = json [sso-session my-sso] sso_region = us-east-1 sso_start_url = https://provided-domain.awsapps.com/start sso_registration_scopes = sso:account:access |
Cognito
Program.cs |
builder.Services.AddCognitoIdentity(); builder.Services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.Authority = builder.Configuration["AWSCognito:Authority"]; options.Audience = builder.Configuration["AWSCognito:UserPoolClientId"]; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateAudience = true }; options.TokenValidationParameters.AudienceValidator = (audiences, securityToken, validationParameters) => { // Cognito tokens doesn't have "aud" claim. Instead the audience is set in "client_id" var jsonWebToken = (Microsoft.IdentityModel.JsonWebTokens.JsonWebToken)securityToken; if (!jsonWebToken.Claims.Any(f => f.Type == "aud")) return false; return validationParameters.ValidAudience.Contains(jsonWebToken.Claims.First(f => f.Type == "aud").Value); }; }); |