Azure API Management Gate Way JWT token validation | inbound policy template and options

<ns0:validate-jwt

    header-name="name of http header containing the token (use query-parameter-name attribute if the token is passed in the URL)"

    failed-validation-httpcode="http status code to return on failure"

    failed-validation-error-message="error message to return on failure"

    token-value="expression returning JWT token as a string"

    require-expiration-time="true|false"

    require-scheme="scheme"

    require-signed-tokens="true|false"

    clock-skew="allowed clock skew in seconds"

    output-token-variable-name="name of a variable to receive a JWT object representing successfully validated token">

  <ns0:openid-config url="full URL of the configuration endpoint, e.g. https://login.constoso.com/openid-configuration" />

  <ns0:issuer-signing-keys>

    <ns0:key>base64 encoded signing key

   

 

 

    base64 encoded signing key

   

 

  <ns0:audiences>

    <ns0:audience>audience string

   

 

  <ns0:issuers>

    <ns0:issuer>issuer string

   

 

  <ns0:required-claims>

    <ns0:claim name="name of the claim as it appears in the token" match="all|any" separator="separator character in a multi-valued claim">

      <ns0:value>claim value as it is expected to appear in the token

     

   

   

 

* remove ns0: from code

Stop Automatic model state validation in mvc or web api

In Startup.cs file

Source: https://www.talkingdotnet.com/disable-automatic-model-state-validation-in-asp-net-core-2-1/

Validate Model out side of the controller

var vc = new ValidationContext(myObject, null, null);
return Validator.TryValidateObject(myObject, vc, null, true);

Source: https://stackoverflow.com/questions/3782678/how-can-i-use-the-data-validation-attributes-in-c-sharp-in-a-non-asp-net-context