diff --git a/ProjectTemplates/templates/RazorPagesWeb-CSharp/.template.config/dotnetcli.host.json b/ProjectTemplates/templates/RazorPagesWeb-CSharp/.template.config/dotnetcli.host.json
index 324da5d6a..77bf3a244 100644
--- a/ProjectTemplates/templates/RazorPagesWeb-CSharp/.template.config/dotnetcli.host.json
+++ b/ProjectTemplates/templates/RazorPagesWeb-CSharp/.template.config/dotnetcli.host.json
@@ -71,6 +71,14 @@
"RazorRuntimeCompilation": {
"longName": "razor-runtime-compilation",
"shortName": "rrc"
+ },
+ "CalledApiUrl": {
+ "longName": "called-api-url",
+ "shortName": ""
+ },
+ "CalledApiScopes": {
+ "longName": "called-api-scopes",
+ "shortName": ""
}
},
"usageExamples": [
diff --git a/ProjectTemplates/templates/RazorPagesWeb-CSharp/.template.config/template.json b/ProjectTemplates/templates/RazorPagesWeb-CSharp/.template.config/template.json
index 045cc49cf..7066966b0 100644
--- a/ProjectTemplates/templates/RazorPagesWeb-CSharp/.template.config/template.json
+++ b/ProjectTemplates/templates/RazorPagesWeb-CSharp/.template.config/template.json
@@ -94,6 +94,12 @@
"exclude": [
"Data/SqlServer/**"
]
+ },
+ {
+ "condition": "(!GenerateApi)",
+ "exclude": [
+ "Services/**"
+ ]
}
]
}
@@ -318,6 +324,10 @@
{
"choice": "netcoreapp5.0",
"description": "Target netcoreapp5.0"
+ },
+ {
+ "choice": "netcoreapp3.1",
+ "description": "Target netcoreapp3.1"
}
],
"replaces": "netcoreapp5.0",
@@ -330,6 +340,22 @@
"parameters": {
"format": "yyyy"
}
+ },
+ "CalledApiUrl": {
+ "type": "parameter",
+ "datatype": "string",
+ "replaces": "https://graph.microsoft.com/v1.0/me",
+ "description": "URL of the API to call from the web app."
+ },
+ "CalledApiScopes": {
+ "type": "parameter",
+ "datatype": "string",
+ "replaces" : "user.read",
+ "description": "Scopes to request to call the API from the web app."
+ },
+ "GenerateApi": {
+ "type": "computed",
+ "value": "(CalledApiUrl != \"https://graph.microsoft.com/v1.0/me\" && CalledApiScopes != \"user.read\")"
}
},
"primaryOutputs": [
diff --git a/ProjectTemplates/templates/RazorPagesWeb-CSharp/Pages/Index.cshtml b/ProjectTemplates/templates/RazorPagesWeb-CSharp/Pages/Index.cshtml
index b5f0c15fc..fd0fa2093 100644
--- a/ProjectTemplates/templates/RazorPagesWeb-CSharp/Pages/Index.cshtml
+++ b/ProjectTemplates/templates/RazorPagesWeb-CSharp/Pages/Index.cshtml
@@ -8,3 +8,7 @@
Welcome
Learn about building Web apps with ASP.NET Core.
+
+Api result
+
+@ViewData["ApiResult"]
diff --git a/ProjectTemplates/templates/RazorPagesWeb-CSharp/Pages/Index.cshtml.cs b/ProjectTemplates/templates/RazorPagesWeb-CSharp/Pages/Index.cshtml.cs
index 6d6d56fe2..9399c73cf 100644
--- a/ProjectTemplates/templates/RazorPagesWeb-CSharp/Pages/Index.cshtml.cs
+++ b/ProjectTemplates/templates/RazorPagesWeb-CSharp/Pages/Index.cshtml.cs
@@ -2,16 +2,46 @@
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
+#if (GenerateApi)
+using Microsoft.Extensions.Configuration;
+using Microsoft.Identity.Web;
+using System.Net;
+using System.Net.Http;
+#endif
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using Microsoft.Extensions.Logging;
namespace Company.WebApplication1.Pages
{
+#if (GenerateApi)
+ using Services;
+
+ [AuthorizeForScopes(ScopeKeySection = "CalledApi:CalledApiScopes")]
+#endif
public class IndexModel : PageModel
{
private readonly ILogger _logger;
+#if (GenerateApi)
+ private readonly IDownstreamWebApi _downstreamWebApi;
+
+ public IndexModel(ILogger logger,
+ IDownstreamWebApi downstreamWebApi)
+ {
+ _logger = logger;
+ _downstreamWebApi = downstreamWebApi;
+ }
+
+ public async Task OnGet()
+ {
+ ViewData["ApiResult"] = await _downstreamWebApi.CallWebApi();
+
+ // You can also specify the relative endpoint and the scopes
+ // ViewData["ApiResult"] = await _downstreamWebApi.CallWebApi("me",
+ // new string[] {"user.read"});
+ }
+#else
public IndexModel(ILogger logger)
{
_logger = logger;
@@ -21,5 +51,6 @@ public void OnGet()
{
}
+#endif
}
}
diff --git a/ProjectTemplates/templates/RazorPagesWeb-CSharp/Services/DownstreamWebApi.cs b/ProjectTemplates/templates/RazorPagesWeb-CSharp/Services/DownstreamWebApi.cs
new file mode 100644
index 000000000..093e7788b
--- /dev/null
+++ b/ProjectTemplates/templates/RazorPagesWeb-CSharp/Services/DownstreamWebApi.cs
@@ -0,0 +1,71 @@
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Identity.Web;
+
+namespace Company.WebApplication1.Services
+{
+ public interface IDownstreamWebApi
+ {
+ Task CallWebApi(string relativeEndpoint = "", string[] requiredScopes = null);
+ }
+
+ public static class DownstreamWebApiExtensions
+ {
+ public static void AddDownstreamWebApiService(this IServiceCollection services, IConfiguration configuration)
+ {
+ // https://docs.microsoft.com/en-us/dotnet/standard/microservices-architecture/implement-resilient-applications/use-httpclientfactory-to-implement-resilient-http-requests
+ services.AddHttpClient();
+ }
+ }
+
+ public class DownstreamWebApi : IDownstreamWebApi
+ {
+ private readonly ITokenAcquisition _tokenAcquisition;
+
+ private readonly IConfiguration _configuration;
+
+ private readonly HttpClient _httpClient;
+
+ public DownstreamWebApi(
+ ITokenAcquisition tokenAcquisition,
+ IConfiguration configuration,
+ HttpClient httpClient)
+ {
+ _tokenAcquisition = tokenAcquisition;
+ _configuration = configuration;
+ _httpClient = httpClient;
+ }
+
+ ///
+ /// Calls the Web API with the required scopes
+ ///
+ /// [Optional] Scopes required to call the Web API. If
+ /// not specified, uses scopes from the configuration
+ /// Endpoint relative to the CalledApiUrl configuration
+ /// A Json string representing the result of calling the Web API
+ public async Task CallWebApi(string relativeEndpoint = "", string[] requiredScopes = null)
+ {
+ string[] scopes = requiredScopes ?? _configuration["CalledApi:CalledApiScopes"]?.Split(' ');
+ string apiUrl = (_configuration["CalledApi:CalledApiUrl"] as string)?.TrimEnd('/') + $"/{relativeEndpoint}";
+
+ string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes);
+ _httpClient.DefaultRequestHeaders.Add("Authorization", $"bearer {accessToken}");
+
+ string apiResult;
+ var response = await _httpClient.GetAsync($"{apiUrl}");
+ if (response.StatusCode == HttpStatusCode.OK)
+ {
+ apiResult = await response.Content.ReadAsStringAsync();
+ }
+ else
+ {
+ apiResult = $"Error calling the API '{apiUrl}'";
+ }
+
+ return apiResult;
+ }
+ }
+}
diff --git a/ProjectTemplates/templates/RazorPagesWeb-CSharp/Startup.cs b/ProjectTemplates/templates/RazorPagesWeb-CSharp/Startup.cs
index 6f70b1a78..7ec0737ec 100644
--- a/ProjectTemplates/templates/RazorPagesWeb-CSharp/Startup.cs
+++ b/ProjectTemplates/templates/RazorPagesWeb-CSharp/Startup.cs
@@ -44,6 +44,10 @@
namespace Company.WebApplication1
{
+#if (GenerateApi)
+ using Services;
+#endif
+
public class Startup
{
public Startup(IConfiguration configuration)
@@ -69,14 +73,22 @@ public void ConfigureServices(IServiceCollection services)
.AddEntityFrameworkStores();
#elif (OrganizationalAuth)
services.AddSignIn(Configuration, "AzureAd");
- // Uncomment the following lines if you want your Web app to call a downstream API
- // services.AddWebAppCallsProtectedWebApi(Configuration,
- // new string[] { "user.read" },
- // "AzureAd")
- // .AddInMemoryTokenCaches();
+#if (GenerateApi)
+ services.AddWebAppCallsProtectedWebApi(Configuration,
+ "AzureAd")
+ .AddInMemoryTokenCaches();
+ services.AddDownstreamWebApiService(Configuration);
+#endif
#elif (IndividualB2CAuth)
services.AddSignIn(Configuration, "AzureAdB2C");
+#if (GenerateApi)
+ services.AddWebAppCallsProtectedWebApi(Configuration,
+ "AzureAdB2C")
+ .AddInMemoryTokenCaches();
+
+ services.AddDownstreamWebApiService(Configuration);
+#endif
#endif
#if (OrganizationalAuth)
diff --git a/ProjectTemplates/templates/RazorPagesWeb-CSharp/appsettings.json b/ProjectTemplates/templates/RazorPagesWeb-CSharp/appsettings.json
index 7b2e4ddbd..acfcc35a1 100644
--- a/ProjectTemplates/templates/RazorPagesWeb-CSharp/appsettings.json
+++ b/ProjectTemplates/templates/RazorPagesWeb-CSharp/appsettings.json
@@ -19,8 +19,26 @@
// "TenantId": "22222222-2222-2222-2222-222222222222",
//#endif
// "ClientId": "11111111-1111-1111-11111111111111111",
+////#if (GenerateApi)
+// "ClientSecret": "secret-from-app-registration",
+// "ClientCertificates" : [
+// ]
+////#endif
// "CallbackPath": "/signin-oidc"
// },
+////#if (GenerateApi)
+// "CalledApi": {
+// /*
+// 'CalledApiScope' is the scope of the Web API you want to call. This can be:
+// - a scope for a V2 application (for instance api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/access_as_user)
+// - a scope corresponding to a V1 application (for instance /.default, where is the
+// App ID URI of a legacy v1 Web application
+// Applications are registered in the https://portal.azure.com portal.
+// */
+// "CalledApiScopes": "user.read",
+// "CalledApiUrl": "https://graph.microsoft.com/v1.0"
+// },
+////#endif
//#endif
////#if (IndividualLocalAuth)
// "ConnectionStrings": {
diff --git a/ProjectTemplates/templates/StarterWeb-CSharp/.template.config/template.json b/ProjectTemplates/templates/StarterWeb-CSharp/.template.config/template.json
index 2f561f96a..34a19a2bb 100644
--- a/ProjectTemplates/templates/StarterWeb-CSharp/.template.config/template.json
+++ b/ProjectTemplates/templates/StarterWeb-CSharp/.template.config/template.json
@@ -350,8 +350,8 @@
"description": "Scopes to request to call the API from the web app."
},
"GenerateApi": {
- "type": "computed",
- "value": "(CalledApiUrl != \"\" && CalledApiScopes != \"\")"
+ "type": "computed",
+ "value": "(CalledApiUrl != \"https://graph.microsoft.com/v1.0/me\" && CalledApiScopes != \"user.read\")"
}
},
"primaryOutputs": [
diff --git a/ProjectTemplates/templates/StarterWeb-CSharp/Services/DownstreamWebApi.cs b/ProjectTemplates/templates/StarterWeb-CSharp/Services/DownstreamWebApi.cs
index 11249a571..093e7788b 100644
--- a/ProjectTemplates/templates/StarterWeb-CSharp/Services/DownstreamWebApi.cs
+++ b/ProjectTemplates/templates/StarterWeb-CSharp/Services/DownstreamWebApi.cs
@@ -5,11 +5,11 @@
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Identity.Web;
-namespace test.Services
+namespace Company.WebApplication1.Services
{
public interface IDownstreamWebApi
{
- Task CallWebApi();
+ Task CallWebApi(string relativeEndpoint = "", string[] requiredScopes = null);
}
public static class DownstreamWebApiExtensions
@@ -46,7 +46,7 @@ public DownstreamWebApi(
/// not specified, uses scopes from the configuration
/// Endpoint relative to the CalledApiUrl configuration
/// A Json string representing the result of calling the Web API
- public async Task CallWebApi(string relativeEndpoint = "", string[] requireScopes = null)
+ public async Task CallWebApi(string relativeEndpoint = "", string[] requiredScopes = null)
{
string[] scopes = requiredScopes ?? _configuration["CalledApi:CalledApiScopes"]?.Split(' ');
string apiUrl = (_configuration["CalledApi:CalledApiUrl"] as string)?.TrimEnd('/') + $"/{relativeEndpoint}";
diff --git a/ProjectTemplates/templates/WebApi-CSharp/.template.config/template.json b/ProjectTemplates/templates/WebApi-CSharp/.template.config/template.json
index be50750a2..1244d2eef 100644
--- a/ProjectTemplates/templates/WebApi-CSharp/.template.config/template.json
+++ b/ProjectTemplates/templates/WebApi-CSharp/.template.config/template.json
@@ -5,12 +5,12 @@
"Web",
"WebAPI"
],
- "name": "ASP.NET Core Web API",
+ "name": "ASP.NET Core Web API (Microsoft.Identity.Platform)",
"generatorVersions": "[1.0.0.0-*)",
"description": "A project template for creating an ASP.NET Core application with an example Controller for a RESTful HTTP service. This template can also be used for ASP.NET Core MVC Views and Controllers.",
- "groupIdentity": "Microsoft.Web.WebApi",
+ "groupIdentity": "Microsoft.Web.WebApi2",
"precedence": "7000",
- "identity": "Microsoft.Identity.Web.WebApi.CSharp.5.0",
+ "identity": "Microsoft.Identity.Web.WebApi2.CSharp.5.0",
"shortName": "webapi2",
"tags": {
"language": "C#",
diff --git a/ProjectTemplates/test-templates.bat b/ProjectTemplates/test-templates.bat
index 4568055e6..109c200e4 100644
--- a/ProjectTemplates/test-templates.bat
+++ b/ProjectTemplates/test-templates.bat
@@ -1,9 +1,8 @@
echo "Build and Install templates"
-msbuild /t:restore AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj
-msbuild /t:pack AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj
+dotnet pack AspNetCoreMicrosoftIdentityWebProjectTemplates.csproj
cd bin
cd Debug
-dotnet new -i Microsoft.Identity.Web.ProjectTemplates.0.1.0.nupkg
+dotnet new -i Microsoft.Identity.Web.ProjectTemplates.0.1.5.nupkg
echo "Test templates"
mkdir tests
@@ -13,21 +12,43 @@ echo " Test Web app (Microsoft identity platform, MVC, Single Org)"
mkdir mvcwebapp
cd mvcwebapp
dotnet new mvc2 --auth SingleOrg
-msbuild
+dotnet build
cd ..
echo " Test Web app (Microsoft identity platform, MVC, Multiple Orgs)"
mkdir mvcwebapp-multi-org
cd mvcwebapp-multi-org
dotnet new mvc2 --auth MultiOrg
-msbuild
+dotnet build
cd ..
echo " Test Web app (MVC, Azure AD B2C)"
mkdir mvcwebapp-b2c
cd mvcwebapp-b2c
dotnet new mvc2 --auth IndividualB2C
-msbuild
+dotnet build
+cd ..
+
+
+echo " Test Web app calling Web API (Microsoft identity platform, MVC, Single Org)"
+mkdir mvcwebapp-api
+cd mvcwebapp-api
+dotnet new mvc2 --auth SingleOrg --called-api-url "https://graph.microsoft.com/beta" --called-api-scopes "user.read"
+dotnet build
+cd ..
+
+echo " Test Web app calling Web API (Microsoft identity platform, MVC, Multiple Orgs)"
+mkdir mvcwebapp-multi-org-api
+cd mvcwebapp-multi-org-api
+dotnet new mvc2 --auth MultiOrg --called-api-url "https://graph.microsoft.com/beta" --called-api-scopes "user.read"
+dotnet build
+cd ..
+
+echo " Test Web app calling Web API (MVC, Azure AD B2C)"
+mkdir mvcwebapp-b2c-api
+cd mvcwebapp-b2c-api
+dotnet new mvc2 --auth IndividualB2C --called-api-url "https://localhost:44332" --called-api-scopes "https://fabrikamb2c.onmicrosoft.com/tasks/read"
+dotnet build
cd ..
@@ -35,36 +56,59 @@ echo " Test Web app (Microsoft identity platform, Razor, Single Org)"
mkdir webapp
cd webapp
dotnet new webapp2 --auth SingleOrg
-msbuild
+dotnet build
cd ..
echo " Test Web app (Microsoft identity platform, Razor, Multiple Orgs)"
mkdir webapp-multi-org
cd webapp-multi-org
dotnet new webapp2 --auth MultiOrg
-msbuild
+dotnet build
cd ..
-echo " Test Web app Razor, Azure AD B2C)"
+echo " Test Web app (Razor, Azure AD B2C)"
mkdir webapp-b2c
cd webapp-b2c
dotnet new webapp2 --auth IndividualB2C
-msbuild
+dotnet build
cd ..
+echo " Test Web app calling Web API (Microsoft identity platform, Razor, Single Org)"
+mkdir webapp-api
+cd webapp-api
+dotnet new webapp2 --auth SingleOrg --called-api-url "https://graph.microsoft.com/beta" --called-api-scopes "user.read"
+dotnet build
+cd ..
+
+echo " Test Web app calling Web API (Microsoft identity platform, Razor, Multiple Orgs)"
+mkdir webapp-multi-org-api
+cd webapp-multi-org-api
+dotnet new webapp2 --auth MultiOrg --called-api-url "https://graph.microsoft.com/beta" --called-api-scopes "user.read"
+dotnet build
+cd ..
+
+echo " Test Web app calling Web API (Razor, Azure AD B2C)"
+mkdir webapp-b2c-api
+cd webapp-b2c-api
+dotnet new webapp2 --auth IndividualB2C --called-api-url "https://localhost:44332" --called-api-scopes "https://fabrikamb2c.onmicrosoft.com/tasks/read"
+dotnet build
+cd ..
+
+
+
echo " Test Web API (Microsoft identity platform, SingleOrg)"
mkdir webapi
cd webapi
dotnet new webapi2 --auth SingleOrg
-msbuild
+dotnet build
cd ..
echo " Test Web API (AzureAD B2C)"
mkdir webapi-b2c
cd webapi-b2c
dotnet new webapi2 --auth IndividualB2C
-msbuild
+dotnet build
cd ..
echo "Uninstall templates"
diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml
index b5acb59cf..3ba582728 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml
@@ -70,17 +70,17 @@
- Creates a Certificate Description from KeyVault.
+ Creates a certificate description from Key Vault.
-
-
+ The Key Vault URL.
+ The name of the certificate in Key Vault.
A certificate description.
- Create a certificate description from a base 64 encoded value.
+ Create a certificate description from a Base64 encoded value.
- base 64 encoded value.
+ Base64 encoded certificate value.
A certificate description.
@@ -88,12 +88,12 @@
Create a certificate description from path on disk.
Path were to find the certificate file.
- certificate password.
+ Certificate password.
A certificate description.
- Create a certificate description from a thumbprint and store location (certificate manager on Windows for instance).
+ Create a certificate description from a thumbprint and store location (Certificate Manager on Windows for instance).
Certificate thumbprint.
Store location where to find the certificate.
@@ -103,7 +103,7 @@
Create a certificate description from a certificate distinguished name (such as CN=name)
- and store location (certificate manager on Windows for instance).
+ and store location (Certificate Manager on Windows for instance).
Certificate distinguished named.
Store location where to find the certificate.
@@ -120,25 +120,25 @@
Container in which to find the certificate.
- If equals , then
- the container is the KeyVault base URL
+ the container is the Key Vault base URL.
- If equals , then
- this value is not used
+ this value is not used.
- If equals , then
- this value is the path on disk where to find the certificate
+ this value is the path on disk where to find the certificate.
- If equals ,
or , then
- this value is the path to the certificate in the cert store, for instance CurrentUser/My
+ this value is the path to the certificate in the cert store, for instance CurrentUser/My.
- URL of the KeyVault for instance https://msidentitywebsamples.vault.azure.net.
+ URL of the Key Vault for instance https://msidentitywebsamples.vault.azure.net.
- Certiticate store path, for instance "CurrentUser/My".
+ Certificate store path, for instance "CurrentUser/My".
This property should only be used in conjunction with DistinguishName or Thumbprint.
@@ -149,7 +149,7 @@
- Name of the certificate in KeyVault.
+ Name of the certificate in Key Vault.
@@ -169,7 +169,7 @@
- Base 64 encoded value.
+ Base64 encoded certificate value.
@@ -178,11 +178,11 @@
- If equals , then
- the reference is the name of the certificate in KeyVault (maybe the version?)
+ the reference is the name of the certificate in Key Vault (maybe the version?).
- If equals , then
- this value is the base 64 encoded certificate itself
+ this value is the base 64 encoded certificate itself.
- If equals , then
- this value is the password to access the certificate (if needed)
+ this value is the password to access the certificate (if needed).
- If equals ,
this value is the distinguished name.
- If equals ,
@@ -191,7 +191,7 @@
- The certificate, either provided directly in code by the
+ The certificate, either provided directly in code
or loaded from the description.
@@ -202,22 +202,22 @@
- Certificate itself
+ Certificate itself.
- KeyVault
+ From an Azure Key Vault.
- Base 64 encoded directly in the configuration.
+ Base64 encoded string directly from the configuration.
- Local path on disk
+ From local path on disk.
@@ -227,7 +227,7 @@
- From the certificate store, described by its Distinguished name.
+ From the certificate store, described by its distinguished name.
@@ -243,9 +243,9 @@
- Load a certificate from KeyVault, including the private key.
+ Load a certificate from Key Vault, including the private key.
- Url of KeyVault.
+ URL of Key Vault.
Name of the certificate.
An certificate.
This code is inspired by Heath Stewart's code in:
@@ -263,7 +263,7 @@
- Interface to implement load a certificate.
+ Interface to implement loading of a certificate.
@@ -662,7 +662,7 @@
Removes the account associated with context.HttpContext.User from the MSAL.NET cache.
RedirectContext passed-in to a
- Openidconnect event.
+ OpenID Connect event.
@@ -688,27 +688,36 @@
In a web app, gets or sets the RedirectUri (URI where the token will be sent back by
- Azure Active Directory or Azure Active Directory B2C)
+ Azure Active Directory or Azure Active Directory B2C).
This property is exclusive with which should be used preferably if you don't want
to have a different deployed configuration from your developer configuration.
There are cases where RedirectUri is needed, for instance when you use a reverse proxy that transforms HTTPS
URLs (external world) to HTTP URLs (inside the protected area). This can also be useful for web apps running
- in containers (for the same reasons)
+ in containers (for the same reasons).
If you don't specify the redirect URI, the redirect URI will be computed from the URL on which the app is
deployed and the CallbackPath.
- In a web app, gets or sets the PostLogoutRedirectUri
+ In a web app, gets or sets the PostLogoutRedirectUri.
This property is exclusive with which should be used preferably if you don't want
to have a different deployed configuration from your developer configuration.
There are cases where PostLogoutRedirectUri is needed, for instance when you use a reverse proxy that transforms HTTPS
URLs (external world) to HTTP URLs (inside the protected area). This can also be useful for web apps running
- in containers (for the same reasons)
+ in containers (for the same reasons).
If you don't specify the PostLogoutRedirectUri, it will be computed by ASP.NET Core using the SignedOutCallbackPath.
+
+
+ When set to true, forces the and the to use the HTTPS scheme.
+ This behavior can be desired, for instance, when you use a reverse proxy that transforms HTTPS
+ URLs (external world) to HTTP URLs (inside the protected area). This can also be useful for web apps running
+ in containers (for the same reasons), for example when deploying your web app to
+ Azure App Services in Linux containers.
+
+
Gets or sets TokenAcquisition as a Singleton. There are scenarios, like using the Graph SDK,
@@ -787,6 +796,12 @@
The default is false.
+
+
+ Class used to handle gracefully the obsolete token decyrption certificate parameter in
+ deprecated AddProtectedWebApi methods.
+
+
Extensions for IServiceCollection for startup initialization of Web APIs.
@@ -795,7 +810,7 @@
Extensions for AuthenticationBuilder for startup initialization of Web APIs.
-
+
Protects the Web API with Microsoft identity platform (formerly Azure AD v2.0)
This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
@@ -810,7 +825,7 @@
The authentication builder to chain.
-
+
Protects the Web API with Microsoft identity platform (formerly Azure AD v2.0)
This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
@@ -826,7 +841,7 @@
The authentication builder to chain.
-
+
Protects the Web API with Microsoft identity platform (formerly Azure AD v2.0)
This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
@@ -835,13 +850,12 @@
The Configuration object.
The configuration section with the necessary settings to initialize authentication options.
The JwtBearer scheme name to be used. By default it uses "Bearer".
- Token decryption certificate (null by default).
Set to true if you want to debug, or just understand the JwtBearer events.
The authentication builder to chain.
-
+
Protects the Web API with Microsoft identity platform (formerly Azure AD v2.0)
This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
@@ -850,7 +864,6 @@
The action to configure .
The action to configure the
configuration options.
- Token decryption certificate.
The JwtBearer scheme name to be used. By default it uses "Bearer".
Set to true if you want to debug, or just understand the JwtBearer events.
@@ -861,39 +874,6 @@
Extensions for IServiceCollection for startup initialization of Web APIs.
-
- Extensions for IServiceCollection for startup initialization of Web APIs.
-
-
-
-
- Add authentication with Microsoft identity platform.
- This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
-
- AuthenticationBuilder to which to add this configuration.
- The IConfiguration object.
- The configuration section with the necessary settings to initialize authentication options.
- The OpenIdConnect scheme name to be used. By default it uses "OpenIdConnect".
- The Cookies scheme name to be used. By default it uses "Cookies".
-
- Set to true if you want to debug, or just understand the OpenIdConnect events.
-
- The authentication builder for chaining.
-
-
-
- Add authentication with Microsoft identity platform.
- This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
-
- AuthenticationBuilder to which to add this configuration.
- The IConfiguration object.
- The configuration section with the necessary settings to initialize authentication options.
- The OpenIdConnect scheme name to be used. By default it uses "OpenIdConnect".
- The Cookies scheme name to be used. By default it uses "Cookies".
-
- Set to true if you want to debug, or just understand the OpenIdConnect events.
-
- The authentication builder for chaining.
@@ -947,6 +927,160 @@
Scheme for the JwtBearer token.
The service collection to chain.
+
+
+ Extensions for IServiceCollection for startup initialization of Web APIs.
+
+
+ Extensions for AuthenticationBuilder for startup initialization.
+
+
+
+
+ Add authentication with Microsoft identity platform.
+ This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
+
+ AuthenticationBuilder to which to add this configuration.
+ The IConfiguration object.
+ The configuration section with the necessary settings to initialize authentication options.
+ The OpenIdConnect scheme name to be used. By default it uses "OpenIdConnect".
+ The Cookies scheme name to be used. By default it uses "Cookies".
+
+ Set to true if you want to debug, or just understand the OpenIdConnect events.
+
+ The authentication builder for chaining.
+
+
+
+ Add authentication with Microsoft identity platform.
+ This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
+
+ AuthenticationBuilder to which to add this configuration.
+ The IConfiguration object.
+ The configuration section with the necessary settings to initialize authentication options.
+ The OpenIdConnect scheme name to be used. By default it uses "OpenIdConnect".
+ The Cookies scheme name to be used. By default it uses "Cookies".
+
+ Set to true if you want to debug, or just understand the OpenIdConnect events.
+
+ The authentication builder for chaining.
+
+
+
+ Add authentication with Microsoft identity platform.
+ This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
+
+ AuthenticationBuilder to which to add this configuration.
+ The IConfiguration object.
+ The configuration section with the necessary settings to initialize authentication options.
+ The OpenIdConnect scheme name to be used. By default it uses "OpenIdConnect".
+ The Cookies scheme name to be used. By default it uses "Cookies".
+
+ Set to true if you want to debug, or just understand the OpenIdConnect events.
+
+ The authentication builder for chaining.
+
+
+
+ Add authentication with Microsoft identity platform.
+ This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
+
+ AuthenticationBuilder to which to add this configuration.
+ The IConfiguration object.
+ The configuration section with the necessary settings to initialize authentication options.
+ The OpenIdConnect scheme name to be used. By default it uses "OpenIdConnect".
+ The Cookies scheme name to be used. By default it uses "Cookies".
+
+ Set to true if you want to debug, or just understand the OpenIdConnect events.
+
+ The authentication builder for chaining.
+
+
+
+ Extensions for IServiceCollection for startup initialization.
+
+
+
+
+ Add authentication with Microsoft identity platform.
+ This method expects the configuration file will have a section, (by default named "AzureAd"), with the necessary settings to
+ initialize the authentication options.
+
+ Service collection to which to add authentication.
+ The IConfiguration object.
+ The name of the configuration section with the necessary
+ settings to initialize authentication options.
+ Optional name for the open id connect authentication scheme
+ (by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
+ several OpenIdConnect identity providers.
+ Optional name for the cookie authentication scheme
+ (by default OpenIdConnectDefaults.AuthenticationScheme).
+
+ Set to true if you want to debug, or just understand the OpenIdConnect events.
+
+ The service collection for chaining.
+
+
+
+ Add authentication with Microsoft identity platform.
+ This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
+
+ Service collection to which to add authentication.
+ the action to configure the .
+ the action to configure the .
+ Optional name for the open id connect authentication scheme
+ (by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
+ several OpenIdConnect identity providers.
+ Optional name for the cookie authentication scheme
+ (by default OpenIdConnectDefaults.AuthenticationScheme).
+
+ Set to true if you want to debug, or just understand the OpenIdConnect events.
+
+ Yhe service collection for chaining.
+
+
+
+ Enable Web Apps to call APIs (acquiring tokens with MSAL.NET).
+
+ Service collection to which to add authentication.
+ Configuration.
+ The name of the configuration section with the necessary
+ settings to initialize authentication options.
+ Optional name for the open id connect authentication scheme
+ (by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
+ several OpenIdConnect identity providers.
+ The service collection for chaining.
+ This method cannot be used with Azure AD B2C as, with B2C an initial scope needs
+ to be provided.
+
+
+
+
+ Enable Web Apps to call APIs (acquiring tokens with MSAL.NET).
+
+ Service collection to which to add authentication.
+ Configuration.
+ Initial scopes to request at sign-in.
+ The name of the configuration section with the necessary
+ settings to initialize authentication options.
+ Optional name for the open id connect authentication scheme
+ (by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
+ several OpenIdConnect identity providers.
+ The service collection for chaining.
+
+
+
+ Enable Web Apps to call APIs (acquiring tokens with MSAL.NET).
+
+ Service collection to which to add authentication.
+ Initial scopes to request at sign-in.
+ The action to set the .
+ The action to set the .
+ Optional name for the open id connect authentication scheme
+ (by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
+ several OpenIdConnect identity providers.
+ The service collection for chaining.
+
Generic class that validates token issuer from the provided Azure AD authority.
@@ -1114,8 +1248,9 @@
HttpContext (from the controller).
Scopes accepted by this web API.
- with a set to
-
+ with a set to
+ .
+
@@ -1252,7 +1387,7 @@
Removes the account associated with context.HttpContext.User from the MSAL.NET cache.
RedirectContext passed-in to a
- Openidconnect event.
+ OpenID Connect event.
@@ -1539,21 +1674,24 @@
- An implementation of token cache for Confidential clients backed by an HTTP session.
+ An implementation of token cache for confidential clients backed by an HTTP session.
+
For this session cache to work effectively the ASP.NET Core session has to be configured properly.
The latest guidance is provided at https://docs.microsoft.com/aspnet/core/fundamentals/app-state
- // In the method - public void ConfigureServices(IServiceCollection services) in startup.cs, add the following
+ In the method public void ConfigureServices(IServiceCollection services) in Startup.cs, add the following:
+
services.AddSession(option =>
{
option.Cookie.IsEssential = true;
});
-
- In the method - public void Configure(IApplicationBuilder app, IHostingEnvironment env) in startup.cs, add the following
-
+
+ In the method public void Configure(IApplicationBuilder app, IHostingEnvironment env) in Startup.cs, add the following:
+
app.UseSession(); // Before UseMvc()
-
+
+
https://aka.ms/msal-net-token-cache-serialization
@@ -1591,158 +1729,127 @@
- Adds both App and per-user session token caches.
+
+ Adds both App and per-user session token caches.
+
+
For this session cache to work effectively the ASP.NET Core session has to be configured properly.
The latest guidance is provided at https://docs.microsoft.com/aspnet/core/fundamentals/app-state
- // In the method - public void ConfigureServices(IServiceCollection services) in Startup.cs, add the following
+ In the method public void ConfigureServices(IServiceCollection services) in Startup.cs, add the following:
+
services.AddSession(option =>
{
option.Cookie.IsEssential = true;
});
-
- In the method - public void Configure(IApplicationBuilder app, IHostingEnvironment env) in Startup.cs, add the following
-
+
+ In the method public void Configure(IApplicationBuilder app, IHostingEnvironment env) in Startup.cs, add the following:
+
app.UseSession(); // Before UseMvc()
-
+
+
The services collection to add to.
The service collection.
- Adds an HTTP session based application token cache to the service collection.
+
+ Adds an HTTP session based application token cache to the service collection.
+
+
For this session cache to work effectively the ASP.NET Core session has to be configured properly.
The latest guidance is provided at https://docs.microsoft.com/aspnet/core/fundamentals/app-state
- // In the method - public void ConfigureServices(IServiceCollection services) in Startup.cs, add the following
+ In the method public void ConfigureServices(IServiceCollection services) in Startup.cs, add the following:
+
services.AddSession(option =>
{
option.Cookie.IsEssential = true;
});
-
- In the method - public void Configure(IApplicationBuilder app, IHostingEnvironment env) in Startup.cs, add the following
-
+
+ In the method public void Configure(IApplicationBuilder app, IHostingEnvironment env) in Startup.cs, add the following:
+
app.UseSession(); // Before UseMvc()
-
+
+
The services collection to add to.
The service collection.
- Adds an HTTP session based per user token cache to the service collection.
+
+ Adds an HTTP session based per user token cache to the service collection.
+
+
For this session cache to work effectively the ASP.NET Core session has to be configured properly.
The latest guidance is provided at https://docs.microsoft.com/aspnet/core/fundamentals/app-state
- // In the method - public void ConfigureServices(IServiceCollection services) in Startup.cs, add the following
+ In the method public void ConfigureServices(IServiceCollection services) in Startup.cs, add the following:
+
services.AddSession(option =>
{
option.Cookie.IsEssential = true;
});
-
- In the method - public void Configure(IApplicationBuilder app, IHostingEnvironment env) in Startup.cs, add the following
-
+
+ In the method public void Configure(IApplicationBuilder app, IHostingEnvironment env) in Startup.cs, add the following:
+
app.UseSession(); // Before UseMvc()
-
+
+
The services collection to add to.
The service collection.
-
+
- Extensions for AuthenticationBuilder for startup initialization.
+ Extensions for AuthenticationBuilder for startup initialization of Web APIs.
-
+
- Add authentication with Microsoft identity platform.
- This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
+ Protects the Web API with Microsoft identity platform (formerly Azure AD v2.0)
+ This supposes that the configuration files have a section named configSectionName (typically "AzureAD").
AuthenticationBuilder to which to add this configuration.
- The IConfiguration object.
- The configuration section with the necessary settings to initialize authentication options.
- The OpenIdConnect scheme name to be used. By default it uses "OpenIdConnect".
- The Cookies scheme name to be used. By default it uses "Cookies".
-
- Set to true if you want to debug, or just understand the OpenIdConnect events.
-
- The authentication builder for chaining.
+ Configuration.
+ Section name in the config file (by default "AzureAD").
+ Scheme for the JwtBearer token.
+ The authentication builder to chain.
-
+
- Add authentication with Microsoft identity platform.
- This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
+ Protects the Web API with Microsoft identity platform (formerly Azure AD v2.0)
+ This supposes that the configuration files have a section named configSectionName (typically "AzureAD").
AuthenticationBuilder to which to add this configuration.
- The IConfiguration object.
- The configuration section with the necessary settings to initialize authentication options.
- The OpenIdConnect scheme name to be used. By default it uses "OpenIdConnect".
- The Cookies scheme name to be used. By default it uses "Cookies".
-
- Set to true if you want to debug, or just understand the OpenIdConnect events.
-
- The authentication builder for chaining.
-
-
-
- Extensions for IServiceCollection for startup initialization.
-
-
-
-
- Add authentication with Microsoft identity platform.
- This method expects the configuration file will have a section, (by default named "AzureAd"), with the necessary settings to
- initialize the authentication options.
-
- Service collection to which to add authentication.
- The IConfiguration object.
- The name of the configuration section with the necessary
- settings to initialize authentication options.
- Optional name for the open id connect authentication scheme
- (by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
- several OpenIdConnect identity providers.
- Optional name for the cookie authentication scheme
- (by default OpenIdConnectDefaults.AuthenticationScheme).
-
- Set to true if you want to debug, or just understand the OpenIdConnect events.
-
- The service collection for chaining.
+ The action to configure .
+ The action to configure .
+ Scheme for the JwtBearer token.
+ The authentication builder to chain.
-
+
- Add authentication with Microsoft identity platform.
- This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
+ Extensions for AuthenticationBuilder for startup initialization.
- Service collection to which to add authentication.
- the action to configure the .
- the action to configure the .
- Optional name for the open id connect authentication scheme
- (by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
- several OpenIdConnect identity providers.
- Optional name for the cookie authentication scheme
- (by default OpenIdConnectDefaults.AuthenticationScheme).
-
- Set to true if you want to debug, or just understand the OpenIdConnect events.
-
- Yhe service collection for chaining.
-
+
Add MSAL support to the Web App or Web API.
- Service collection to which to add authentication.
+ AuthenticationBuilder to which to add this configuration.
Configuration.
The name of the configuration section with the necessary
settings to initialize authentication options.
Optional name for the open id connect authentication scheme
(by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
several OpenIdConnect identity providers.
- The service collection for chaining.
+ The authentication builder for chaining.
This method cannot be used with Azure AD B2C as, with B2C an initial scope needs
to be provided.
-
+
Add MSAL support to the Web App or Web API.
- Service collection to which to add authentication.
+ AuthenticationBuilder to which to add this configuration.
Configuration.
Initial scopes to request at sign-in.
The name of the configuration section with the necessary
@@ -1750,20 +1857,20 @@
Optional name for the open id connect authentication scheme
(by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
several OpenIdConnect identity providers.
- The service collection for chaining.
+ The authentication builder for chaining.
-
+
Add MSAL support to the Web App or Web API.
- Service collection to which to add authentication.
+ AuthenticationBuilder to which to add this configuration.
Initial scopes to request at sign-in.
The action to set the .
The action to set the .
Optional name for the open id connect authentication scheme
(by default OpenIdConnectDefaults.AuthenticationScheme). This can be specified when you want to support
several OpenIdConnect identity providers.
- The service collection for chaining.
+ The authentication builder for chaining.