MicrosoftIdentityOptions Class

Definition

Options for configuring authentication using Azure Active Directory. It has both AAD and B2C configuration attributes.

public class MicrosoftIdentityOptions : Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions
type MicrosoftIdentityOptions = class
    inherit OpenIdConnectOptions
Public Class MicrosoftIdentityOptions
Inherits OpenIdConnectOptions
Inheritance
MicrosoftIdentityOptions

Constructors

MicrosoftIdentityOptions()

Properties

AllowWebApiToBeAuthorizedByACL

Daemon applications can validate a token based on roles, or using the ACL-based authorization pattern to control tokens without a roles claim. If using ACL-based authorization, Microsoft Identity Web will not throw if roles or scopes are not in the Claims. For details see https://aka.ms/ms-identity-web/daemon-ACL.

ClientCertificates

Description of the certificates used to prove the identity of the web app or web API. For the moment only the first certificate is considered.

DefaultUserFlow

Gets the default user flow (which is signUpsignIn).

Domain

Gets or sets the domain of the Azure Active Directory tenant, e.g. contoso.onmicrosoft.com.

EditProfilePolicyId

Gets or sets the edit profile user flow name for B2C, e.g. b2c_1_edit_profile.

Instance

Gets or sets the Azure Active Directory instance, e.g. "https://login.microsoftonline.com".

LegacyCacheCompatibilityEnabled

Enables legacy ADAL cache serialization and deserialization. Performance improvements when working with MSAL only apps. Set to true if you have a shared cache with ADAL apps.

ResetPasswordPolicyId

Gets or sets the reset password user flow name for B2C, e.g. B2C_1_password_reset.

SendX5C

Specifies if the x5c claim (public key of the certificate) should be sent to the STS. Sending the x5c enables application developers to achieve easy certificate rollover in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni.

SignUpSignInPolicyId

Gets or sets the sign up or sign in user flow name for B2C, e.g. b2c_1_susi.

TenantId

Gets or sets the tenant ID.

TokenDecryptionCertificates

Description of the certificates used to decrypt an encrypted token in a web API. For the moment only the first certificate is considered.

UserAssignedManagedIdentityClientId

Used, when deployed to Azure, to specify explicitly a user assigned managed identity. See https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal.

Applies to