【Azure Developer】记录一段验证AAD JWT Token时需要设置代理获取openid‐configuration内容 - LuBu0505/My-Code GitHub Wiki

问题描述

如果在使用.NET代码对AAD JWT Token进行验证时候,如果遇见无法访问 Unable to obtain configuration from: 'https://login.partner.microsoftonline.cn//v2.0/.well-known/openid-configuration‘, 可以配置HttpClientHandler.Proxy 代理。

问题解答



services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options => {
        options.Authority = https://login.partner.microsoftonline.cn/<common or tenant id>; options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
        {
            ValidateIssuerSigningKey = false,
            ValidateAudience = true,
            ValidateIssuer = true,
            ValidateLifetime = true,
            ValidAudience = "Entra ID Application ID",
            ValidIssuer = https://login.partner.microsoftonline.cn/<common or tenant id>/v2.0, };
 options.BackchannelHttpHandler = new HttpClientHandler
        {
            UseProxy = true,
            Proxy = Utility.GetWebProxy(httpConfiguration)
        };

       options.Events ??= new JwtBearerEvents(); var onTokenValidatedHandler = options.Events.OnTokenValidated;

        options.Events.OnTokenValidated = async context => { var httpContext = context.HttpContext; lock (httpContext)
            {
                httpContext.Items[ServiceConstants.HttpContextTokenKey] = (context.SecurityToken is JwtSecurityToken or JsonWebToken ? context.SecurityToken : null);
            } await onTokenValidatedHandler(context).ConfigureAwait(false);
        };
    });

参考资料

HttpClientHandler.Proxy 属性:https://learn.microsoft.com/zh-cn/dotnet/api/system.net.http.httpclienthandler.proxy?view=net-8.0#system-net-http-httpclienthandler-proxy

HTTP 代理 : https://learn.microsoft.com/zh-cn/dotnet/fundamentals/networking/http/httpclient#http-proxy

当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!