MicrosoftIdentityOptions Class
Definition
Options for configuring authentication using Azure Active Directory. It has both AAD and B2C configuration attributes.
public class MicrosoftIdentityOptions : Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptionstype MicrosoftIdentityOptions = class
inherit OpenIdConnectOptionsPublic Class MicrosoftIdentityOptions
Inherits OpenIdConnectOptions- Inheritance
-
MicrosoftIdentityOptions
Constructors
| MicrosoftIdentityOptions() |
Properties
| AllowWebApiToBeAuthorizedByACL |
Daemon applications can validate a token based on roles, or using the ACL-based authorization pattern to control tokens without a roles claim. If using ACL-based authorization, Microsoft Identity Web will not throw if roles or scopes are not in the Claims. For details see https://aka.ms/ms-identity-web/daemon-ACL. |
| ClientCertificates |
Description of the certificates used to prove the identity of the web app or web API. For the moment only the first certificate is considered. |
| DefaultUserFlow |
Gets the default user flow (which is signUpsignIn). |
| Domain |
Gets or sets the domain of the Azure Active Directory tenant, e.g. contoso.onmicrosoft.com. |
| EditProfilePolicyId |
Gets or sets the edit profile user flow name for B2C, e.g. b2c_1_edit_profile. |
| Instance |
Gets or sets the Azure Active Directory instance, e.g. "https://login.microsoftonline.com". |
| LegacyCacheCompatibilityEnabled |
Enables legacy ADAL cache serialization and deserialization. Performance improvements when working with MSAL only apps. Set to true if you have a shared cache with ADAL apps. |
| ResetPasswordPolicyId |
Gets or sets the reset password user flow name for B2C, e.g. B2C_1_password_reset. |
| SendX5C |
Specifies if the x5c claim (public key of the certificate) should be sent to the STS. Sending the x5c enables application developers to achieve easy certificate rollover in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni. |
| SignUpSignInPolicyId |
Gets or sets the sign up or sign in user flow name for B2C, e.g. b2c_1_susi. |
| TenantId |
Gets or sets the tenant ID. |
| TokenDecryptionCertificates |
Description of the certificates used to decrypt an encrypted token in a web API. For the moment only the first certificate is considered. |
| UserAssignedManagedIdentityClientId |
Used, when deployed to Azure, to specify explicitly a user assigned managed identity. See https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal. |