Share via


MicrosoftIdentityOptions Class

Definition

Options for configuring authentication using Azure Active Directory. It has both AAD and B2C configuration attributes.

public class MicrosoftIdentityOptions : Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions
type MicrosoftIdentityOptions = class
    inherit OpenIdConnectOptions
Public Class MicrosoftIdentityOptions
Inherits OpenIdConnectOptions
Inheritance
MicrosoftIdentityOptions

Constructors

MicrosoftIdentityOptions()

Properties

AllowWebApiToBeAuthorizedByACL

Daemon applications can validate a token based on roles, or using the ACL-based authorization pattern to control tokens without a roles claim. If using ACL-based authorization, Microsoft Identity Web will not throw if roles or scopes are not in the Claims. For details see https://aka.ms/ms-identity-web/daemon-ACL.

ClientCertificates

Description of the certificates used to prove the identity of the web app or web API.

ClientCredentials
ClientCredentialsUsingManagedIdentity

Options for configuring certificateless

DefaultUserFlow

Gets the default user flow (which is signUpSignIn).

Domain

Gets or sets the domain of the Azure Active Directory tenant, e.g. contoso.onmicrosoft.com.

EditProfilePolicyId

Gets or sets the edit profile user flow name for B2C, e.g. b2c_1_edit_profile.

ErrorPath

Sets the Error route path. Defaults to the value /MicrosoftIdentity/Account/Error, which is the value used by Microsoft.Identity.Web.UI.

ExtraQueryParameters

Sets query parameters for the query string in the HTTP request to the IdP.

Instance

Gets or sets the Azure Active Directory instance, e.g. "https://login.microsoftonline.com".

LegacyCacheCompatibilityEnabled

Enables legacy ADAL cache serialization and deserialization. Performance improvements when working with MSAL only apps. Set to true if you have a shared cache with ADAL apps.

ResetPasswordPath

Sets the ResetPassword route path. Defaults to /MicrosoftIdentity/Account/ResetPassword, which is the value used by Microsoft.Identity.Web.UI.

ResetPasswordPolicyId

Gets or sets the reset password user flow name for B2C, e.g. B2C_1_password_reset.

SendX5C

Specifies if the x5c claim (public key of the certificate) should be sent to the STS. Sending the x5c enables application developers to achieve easy certificate rollover in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni.

SignUpSignInPolicyId

Gets or sets the sign up or sign in user flow name for B2C, e.g. b2c_1_susi.

TenantId

Gets or sets the tenant ID.

TokenDecryptionCertificates

Description of the certificates used to decrypt an encrypted token in a web API.

TokenDecryptionCredentials
UserAssignedManagedIdentityClientId

Used, when deployed to Azure, to specify explicitly a user assigned managed identity. See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal.

WithSpaAuthCode

Requests an auth code for the frontend (SPA using MSAL.js for instance). See https://aka.ms/msal-net/spa-auth-code for details.

Applies to