【Azure Developer】记录一段验证AAD JWT Token时需要设置代理获取openid‐configuration内容 - LuBu0505/My-Code GitHub Wiki
问题描述
如果在使用.NET代码对AAD JWT Token进行验证时候,如果遇见无法访问 Unable to obtain configuration from: 'https://login.partner.microsoftonline.cn//v2.0/.well-known/openid-configuration‘, 可以配置HttpClientHandler.Proxy 代理。
问题解答
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => {
options.Authority = https://login.partner.microsoftonline.cn/<common or tenant id>; options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuerSigningKey = false,
ValidateAudience = true,
ValidateIssuer = true,
ValidateLifetime = true,
ValidAudience = "Entra ID Application ID",
ValidIssuer = https://login.partner.microsoftonline.cn/<common or tenant id>/v2.0, };
options.BackchannelHttpHandler = new HttpClientHandler
{
UseProxy = true,
Proxy = Utility.GetWebProxy(httpConfiguration)
};
options.Events ??= new JwtBearerEvents(); var onTokenValidatedHandler = options.Events.OnTokenValidated;
options.Events.OnTokenValidated = async context => { var httpContext = context.HttpContext; lock (httpContext)
{
httpContext.Items[ServiceConstants.HttpContextTokenKey] = (context.SecurityToken is JwtSecurityToken or JsonWebToken ? context.SecurityToken : null);
} await onTokenValidatedHandler(context).ConfigureAwait(false);
};
});
参考资料
HttpClientHandler.Proxy 属性:https://learn.microsoft.com/zh-cn/dotnet/api/system.net.http.httpclienthandler.proxy?view=net-8.0#system-net-http-httpclienthandler-proxy
HTTP 代理 : https://learn.microsoft.com/zh-cn/dotnet/fundamentals/networking/http/httpclient#http-proxy
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!