RequiredScopeOrAppPermissionAttribute Constructors

Reference

Definition

Namespace:: Microsoft.Identity.Web.Resource

Assembly:: Microsoft.Identity.Web.dll

Package:: Microsoft.Identity.Web v2.20.0

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Overloads

RequiredScopeOrAppPermissionAttribute()

Default constructor.

RequiredScopeOrAppPermissionAttribute(String[], String[])

Verifies that the web API is called with the right app permissions. If the token obtained for this API is on behalf of the authenticated user does not have any of these acceptedScopes in its scope claim, nor acceptedAppPermissions in its roles claim, the method updates the HTTP response providing a status code 403 (Forbidden) and writes to the response body a message telling which scopes are expected in the token.

RequiredScopeOrAppPermissionAttribute()

Default constructor.

public RequiredScopeOrAppPermissionAttribute ();

Public Sub New ()

Examples

[RequiredScopeOrAppPermission(RequiredScopesConfigurationKey="AzureAD:Scope", RequiredAppPermissionsConfigurationKey="AzureAD:AppPermission")]
class Controller : BaseController
{
}

Applies to

RequiredScopeOrAppPermissionAttribute(String[], String[])

Verifies that the web API is called with the right app permissions. If the token obtained for this API is on behalf of the authenticated user does not have any of these acceptedScopes in its scope claim, nor acceptedAppPermissions in its roles claim, the method updates the HTTP response providing a status code 403 (Forbidden) and writes to the response body a message telling which scopes are expected in the token.

public RequiredScopeOrAppPermissionAttribute (string[] acceptedScopes, string[] acceptedAppPermissions);

new Microsoft.Identity.Web.Resource.RequiredScopeOrAppPermissionAttribute : string[] * string[] -> Microsoft.Identity.Web.Resource.RequiredScopeOrAppPermissionAttribute

Public Sub New (acceptedScopes As String(), acceptedAppPermissions As String())

Parameters

acceptedScopes: String[]

Scopes accepted by this web API.

acceptedAppPermissions: String[]

App permissions accepted by this web API.

Examples

Add the following attribute on the controller/page/action to protect:

[RequiredScopeOrAppPermission(new [] { "access_as_user" }, new [] { "access_as_app" })]

Remarks

When neither the scopes nor app permissions match, the response is a 403 (Forbidden), because the user is authenticated (hence not 401), but not authorized.

See also

<xref:RequiredScopeOrAppPermissionAttribute()>

Applies to

Feedback

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.

Submit and view feedback for

This product This page

View all page feedback