MicrosoftIdentityApplicationOptions Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Options for configuring authentication for a web app, web API, or daemon application, using Azure Active Directory. It has both AAD and B2C configuration attributes.
public class MicrosoftIdentityApplicationOptions : Microsoft.Identity.Abstractions.IdentityApplicationOptionstype MicrosoftIdentityApplicationOptions = class
inherit IdentityApplicationOptionsPublic Class MicrosoftIdentityApplicationOptions
Inherits IdentityApplicationOptions- Inheritance
Constructors
| MicrosoftIdentityApplicationOptions() |
Properties
| AllowWebApiToBeAuthorizedByACL |
Web APIs called on behalf of a user can validate a token based on scopes (representing delegated permissions).
Web APIs called by daemon applications can validate a token based on roles (representing app permissions).
By default, the web API will validate the presence of roles and scopes. You can set this property to |
| Audience |
In a web API, audience of the tokens that will be accepted by the web API. If your web API accepts several audiences, see Audiences. (Inherited from IdentityApplicationOptions) |
| Audiences |
In a web API, accepted audiences for the tokens received by the web API. See also Audience. The audience is the intended recipient of the token. You can usually assume that the ApplicationID of your web API is a valid audience. It can, in general be any of the App ID URIs (or resource identitfier) you defined for your application during its registration in the Azure portal. (Inherited from IdentityApplicationOptions) |
| Authority |
Gets or sets the Authority to use when making OpenIdConnect calls. By default the authority is computed from the Instance and TenantId properties, by concatenating them, and appending "v2.0". If your authority is not an Azure AD authority, you can set it directly here. |
| AzureRegion |
Specifies the Azure region. See https://aka.ms/azure-region. To have the app attempt to detect the Azure region automatically, use "TryAutoDetect". |
| ClientCapabilities |
Specifies the capabilities of the client (for instance {"cp1", "cp2"}). This is useful to express that the Client is capable of handling claims challenge. If your application is CAE capable, it needs to express "cp1". |
| ClientCredentials |
Description of the client credentials that the app provides to prove its identity to the IdP, See CredentialSource for the list of supported credential types. (Inherited from IdentityApplicationOptions) |
| ClientId |
Gets or sets the 'client_id' (application ID) as it appears in the application registration. This is the string representation of a GUID. (Inherited from IdentityApplicationOptions) |
| DefaultUserFlow |
Gets the default user flow (which is signUpsignIn). |
| Domain |
Gets or sets the domain of the Azure Active Directory tenant, e.g. contoso.onmicrosoft.com. |
| EditProfilePolicyId |
Gets or sets the edit profile user flow name for B2C, e.g. b2c_1_edit_profile. |
| EnablePiiLogging |
Flag used to enable/disable logging of Personally Identifiable Information (PII).
PII logs are never written to default outputs.
Default is set to |
| ErrorPath |
Sets the Error route path. Defaults to the value /MicrosoftIdentity/Account/Error, which is the value used by Microsoft.Identity.Web.UI. |
| ExtraQueryParameters |
Sets query parameters for the query string in the HTTP request to the IdP. This parameter is useful if you want to send the request to a specific test slice, or a particular dc. (Inherited from IdentityApplicationOptions) |
| Instance |
Gets or sets the Azure Active Directory instance, e.g. |
| ResetPasswordPath |
Sets the ResetPassword route path (from the root of the web site). Defaults to /MicrosoftIdentity/Account/ResetPassword, which is the value used by Microsoft.Identity.Web.UI. If you override it, you need to provide your own controller/actions. |
| ResetPasswordPolicyId |
Gets or sets the reset password user flow name for B2C, e.g. B2C_1_password_reset. |
| SendX5C |
Specifies if the x5c claim (public key of the certificate) should be sent to the STS. Sending the x5c enables application developers to achieve easy certificate rollover in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via the app registration portal or using PowerShell/CLI). For details see https://aka.ms/msal-net-sni. |
| SignUpSignInPolicyId |
Gets or sets the sign up or sign in user flow name for B2C, e.g. b2c_1_susi. |
| TenantId |
Gets or sets the tenant ID. If your application is multi-tenant, you can also use "common" if it supports both work and school, or personal accounts accounts, or "organizations" if your application supports only work and school accounts. If your application is single tenant, set this property to the tenant ID or domain name. If your application works only for Microsoft personal accounts, use "consumers". |
| TokenDecryptionCredentials |
Description of the credentials (usually certificates) used to decrypt an encrypted token in a web API. (Inherited from IdentityApplicationOptions) |
| WithSpaAuthCode |
If set to |
Applies to
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for