【Azure Developer】记录一段验证AAD JWT Token时需要设置代理获取openid-configuration内容

问题描述

如果在使用.NET代码对AAD JWT Token进行验证时候，如果遇见无法访问 Unable to obtain configuration from: 'https://login.partner.microsoftonline.cn/<common or your tenant id>/v2.0/.well-known/openid-configuration‘， 可以配置 HttpClientHandler.Proxy 代理。

 

问题解答

...

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.Authority = https://login.partner.microsoftonline.cn/<common or tenant id>;
        options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
        {
            ValidateIssuerSigningKey = false,
            ValidateAudience = true,
            ValidateIssuer = true,
            ValidateLifetime = true,
            ValidAudience = "Entra ID Application ID",
            ValidIssuer = https://login.partner.microsoftonline.cn/<common or tenant id>/v2.0,
        };
        options.BackchannelHttpHandler = new HttpClientHandler
        {
            UseProxy = true,
            Proxy = Utility.GetWebProxy(httpConfiguration)
        };
       
       options.Events ??= new JwtBearerEvents();
       var onTokenValidatedHandler = options.Events.OnTokenValidated;

        options.Events.OnTokenValidated = async context =>
        {
            var httpContext = context.HttpContext;
            lock (httpContext)
            {
                httpContext.Items[ServiceConstants.HttpContextTokenKey] =
                (context.SecurityToken is JwtSecurityToken or JsonWebToken ? context.SecurityToken : null);
            }
            await onTokenValidatedHandler(context).ConfigureAwait(false);
        };
    });

 ...

 

参考资料

 

HttpClientHandler.Proxy 属性：https://learn.microsoft.com/zh-cn/dotnet/api/system.net.http.httpclienthandler.proxy?view=net-8.0#system-net-http-httpclienthandler-proxy

HTTP 代理 ： https://learn.microsoft.com/zh-cn/dotnet/fundamentals/networking/http/httpclient#http-proxy