AzureAD · jennyf19 · Oct 21, 2020 · Oct 19, 2020 · Oct 19, 2020 · Oct 20, 2020
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+namespace Microsoft.Identity.Web
+{
+    /// <summary>
+    /// Options passed-in to create the AadIssuerValidator object.
+    /// </summary>
+    public class AadIssuerValidatorOptions
+    {
+        /// <summary>
+        /// Sets the name of the HttpClient to get from the IHttpClientFactory for use with the configuration manager.
+        /// Needed when customizing the client such as configuring a proxy.
+        /// </summary>
+        public string? HttpClientName { get; set; }
+    }
+}
@@ -5,6 +5,8 @@
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net.Http;
+using Microsoft.Extensions.Options;
 using Microsoft.Identity.Web.InstanceDiscovery;
 using Microsoft.IdentityModel.Protocols;
 
@@ -15,9 +17,30 @@ namespace Microsoft.Identity.Web.Resource
     /// </summary>
     internal class MicrosoftIdentityIssuerValidatorFactory
     {
+        public MicrosoftIdentityIssuerValidatorFactory(
+            IOptions<AadIssuerValidatorOptions> aadIssuerValidatorOptions,
+            IHttpClientFactory httpClientFactory)
+        {
+            if (aadIssuerValidatorOptions?.Value?.HttpClientName != null)
+            {
+                _configManager =
+                new ConfigurationManager<IssuerMetadata>(
+                    Constants.AzureADIssuerMetadataUrl,
+                    new IssuerConfigurationRetriever(),
+                    httpClientFactory.CreateClient(aadIssuerValidatorOptions.Value.HttpClientName));
+            }
+            else
+           {
+                _configManager =
+                new ConfigurationManager<IssuerMetadata>(
+                    Constants.AzureADIssuerMetadataUrl,
+                    new IssuerConfigurationRetriever());
+            }
+        }
+
         private readonly IDictionary<string, AadIssuerValidator> _issuerValidators = new ConcurrentDictionary<string, AadIssuerValidator>();
 
-        private readonly ConfigurationManager<IssuerMetadata> _configManager = new ConfigurationManager<IssuerMetadata>(Constants.AzureADIssuerMetadataUrl, new IssuerConfigurationRetriever());
+        private readonly ConfigurationManager<IssuerMetadata> _configManager;
 
         /// <summary>
         /// Gets an <see cref="AadIssuerValidator"/> for an authority.

@@ -2,7 +2,6 @@
 // Licensed under the MIT License.
 
 using System;
-using System.ComponentModel;
 using System.Linq;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -160,6 +159,7 @@ private static void AddMicrosoftIdentityWebApiImplementation(
             builder.Services.AddHttpContextAccessor();
             builder.Services.AddHttpClient();
             builder.Services.TryAddSingleton<MicrosoftIdentityIssuerValidatorFactory>();
+            builder.Services.AddOptions<AadIssuerValidatorOptions>();
 
             if (subscribeToJwtBearerMiddlewareDiagnosticsEvents)
             {

@@ -4,6 +4,7 @@
 using System;
 using System.Globalization;
 using System.IdentityModel.Tokens.Jwt;
+using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.Identity.Web.Resource;
 using Microsoft.Identity.Web.Test.Common;
@@ -17,10 +18,14 @@ namespace Microsoft.Identity.Web.Test.Resource
     public class AadIssuerValidatorTests
     {
         private readonly MicrosoftIdentityIssuerValidatorFactory _issuerValidatorFactory;
+        private IHttpClientFactory _httpClientFactory;
 
         public AadIssuerValidatorTests()
         {
-            _issuerValidatorFactory = new MicrosoftIdentityIssuerValidatorFactory();
+            _httpClientFactory = new HttpClientFactoryTest();
+            _issuerValidatorFactory = new MicrosoftIdentityIssuerValidatorFactory(
+                null,
+                _httpClientFactory);
         }
 
         [Fact]

@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Collections.Generic;
+using System.Net.Http;
+
+namespace Microsoft.Identity.Web.Test.Resource
+{
+    public class HttpClientFactoryTest : IHttpClientFactory
+    {
+        public Dictionary<string, HttpClient> dictionary = new Dictionary<string, HttpClient>();
+
+        public HttpClient CreateClient(string name)
+        {
+            SocketsHttpHandler socketsHttpHandler = new SocketsHttpHandler();
+            socketsHttpHandler.UseProxy = true;
+            return new HttpClient(socketsHttpHandler);
+        }
+    }
+}
@@ -30,13 +30,22 @@ public void ConfigureServices(IServiceCollection services)
             // This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token
             // JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
 
+
+
             // Adds Microsoft Identity platform (AAD v2.0) support to protect this Api
             services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                     .AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
                         .EnableTokenAcquisitionToCallDownstreamApi()
                         .AddInMemoryTokenCaches();
 
             services.AddControllers();
+
+            // below code is how customers would use a proxy
+            //services.Configure<AadIssuerValidatorOptions>(options => { options.HttpClientName = "cats"; });
+            //services.AddHttpClient("cats", c =>
+            //{
+            //    // configure things here
+            //});
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.