From de4af6bba3c3814fada2fbe2662d596925af96ed Mon Sep 17 00:00:00 2001
From: Ben Russell <russellben@microsoft.com>
Date: Tue, 4 Mar 2025 18:22:19 -0600
Subject: [PATCH] Fix ValidateAudience

---
 .../Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs
index 6aea3e88b8..8667cf753f 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs
@@ -401,7 +401,7 @@ private bool VerifyTokenSignature(string attestationToken, string tokenIssuerUrl
                     RequireExpirationTime = true,
                     ValidateLifetime = true,
                     ValidateIssuer = true,
-                    ValidateAudience = false,
+                    ValidateAudience = true,
                     RequireSignedTokens = true,
                     ValidIssuers = GenerateListOfIssuers(tokenIssuerUrl),
                     IssuerSigningKeys = issuerSigningKeys