Skip to content

Resilience on metadata refresh

Xiao Zhang edited this page Nov 16, 2022 · 10 revisions

This document highlights the best practices for refreshing stale metadata across ASP.NET Core, ASP.NET FW, and Microsoft.IdentityModel.

Microsoft.IdentityModel

Recommended: Use latest version 6.10.2+ and follow the metadata guidance.

Code Sample:

ConfigurationManager<OpenIdConnectConfiguration> configManager = ConfigurationManager<OpenIdConnectConfiguration> configManager = new ConfigurationManager<OpenIdConnectConfiguration>("http://{metadataAddress}}", new OpenIdConnectConfigurationRetriever(), new OpenIdConnectConfigurationValidator());

TokenValidationParameters validationParameters = new TokenValidationParameters()
{ConfigurationManager = configManager;}

JsonWebTokenHandler tokenHandler = new JsonWebTokenHandler();
result = Handler.ValidateToken(jwtToken, validationParameters);

ASP.NET Core

Required: Use the latest Wilson and manually ensure that you follow the guidelines above. Recommended: Use SAL which works with asp.net core.

Ensure that you are using the latest Microsoft.IdentityModel.* library. This should be enabled by default. All 1p should use SAL with asp.net core.

ASP.NET/ OWIN

Note: ASP.NET/OWIN is in maintenance mode. Recommended: Use latest Wilson (6.10.2+) and manually ensure that you follow the guidelines above.

OWIN has an automatic 24 hour refresh interval for the OpenIdConnectConfiguration. This refresh will only be triggered if a request is received after the 24 hour time span has passed. As far as we know, there is no way to change this value or trigger a refresh early, aside from restarting the application.

Clone this wiki locally