MicrosoftIdentityOptions Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Options for configuring authentication using Azure Active Directory. It has both AAD and B2C configuration attributes.
public class MicrosoftIdentityOptions : Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptionstype MicrosoftIdentityOptions = class
inherit OpenIdConnectOptionsPublic Class MicrosoftIdentityOptions
Inherits OpenIdConnectOptions- Inheritance
-
MicrosoftIdentityOptions
Constructors
| MicrosoftIdentityOptions() |
Properties
| AllowWebApiToBeAuthorizedByACL |
Daemon applications can validate a token based on roles, or using the ACL-based authorization pattern to control tokens without a roles claim. If using ACL-based authorization, Microsoft Identity Web will not throw if roles or scopes are not in the Claims. For details see https://aka.ms/ms-identity-web/daemon-ACL. |
| ClientCertificates |
Description of the certificates used to prove the identity of the web app or web API. |
| ClientCredentials | |
| ClientCredentialsUsingManagedIdentity |
Options for configuring certificateless |
| DefaultUserFlow |
Gets the default user flow (which is signUpSignIn). |
| Domain |
Gets or sets the domain of the Azure Active Directory tenant, e.g. contoso.onmicrosoft.com. |
| EditProfilePolicyId |
Gets or sets the edit profile user flow name for B2C, e.g. b2c_1_edit_profile. |
| ErrorPath |
Sets the Error route path. Defaults to the value /MicrosoftIdentity/Account/Error, which is the value used by Microsoft.Identity.Web.UI. |
| ExtraQueryParameters |
Sets query parameters for the query string in the HTTP request to the IdP. |
| Instance |
Gets or sets the Azure Active Directory instance, e.g. "https://login.microsoftonline.com". |
| LegacyCacheCompatibilityEnabled |
Enables legacy ADAL cache serialization and deserialization. Performance improvements when working with MSAL only apps. Set to true if you have a shared cache with ADAL apps. |
| ResetPasswordPath |
Sets the ResetPassword route path. Defaults to /MicrosoftIdentity/Account/ResetPassword, which is the value used by Microsoft.Identity.Web.UI. |
| ResetPasswordPolicyId |
Gets or sets the reset password user flow name for B2C, e.g. B2C_1_password_reset. |
| SendX5C |
Specifies if the x5c claim (public key of the certificate) should be sent to the STS. Sending the x5c enables application developers to achieve easy certificate rollover in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni. |
| SignUpSignInPolicyId |
Gets or sets the sign up or sign in user flow name for B2C, e.g. b2c_1_susi. |
| TenantId |
Gets or sets the tenant ID. |
| TokenDecryptionCertificates |
Description of the certificates used to decrypt an encrypted token in a web API. |
| TokenDecryptionCredentials | |
| UserAssignedManagedIdentityClientId |
Used, when deployed to Azure, to specify explicitly a user assigned managed identity. See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal. |
| WithSpaAuthCode |
Requests an auth code for the frontend (SPA using MSAL.js for instance). See https://aka.ms/msal-net/spa-auth-code for details. |