Share via


RequiredScopeAttribute Class

Definition

This attribute is used on a controller, pages, or controller actions to declare (and validate) the scopes required by a web API. These scopes can be declared in two ways: hardcoding them, or declaring them in the configuration. Depending on your choice, use either one or the other of the constructors. For details, see https://aka.ms/ms-id-web/required-scope-attribute.

[System.AttributeUsage(System.AttributeTargets.Class | System.AttributeTargets.Method)]
public class RequiredScopeAttribute : Attribute, Microsoft.Identity.Web.IAuthRequiredScopeMetadata
[<System.AttributeUsage(System.AttributeTargets.Class | System.AttributeTargets.Method)>]
type RequiredScopeAttribute = class
    inherit Attribute
    interface IAuthRequiredScopeMetadata
Public Class RequiredScopeAttribute
Inherits Attribute
Implements IAuthRequiredScopeMetadata
Inheritance
RequiredScopeAttribute
Attributes
Implements

Constructors

RequiredScopeAttribute()

Default constructor.

RequiredScopeAttribute(String[])

Verifies that the web API is called with the right scopes. If the token obtained for this API is on behalf of the authenticated user does not have any of these acceptedScopes in its scope claim, the method updates the HTTP response providing a status code 403 (Forbidden) and writes to the response body a message telling which scopes are expected in the token.

Properties

AcceptedScope

Scopes accepted by this web API.

IsReusable

Unused: Compatibility of interface with the Authorization Filter.

RequiredScopesConfigurationKey

Fully qualified name of the configuration key containing the required scopes (separated by spaces).

Applies to