ScopesRequiredHttpContextExtensions.VerifyUserHasAnyAcceptedScope Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
When applied to an HttpContext, verifies that the user authenticated in the
web API has any of the accepted scopes.
If there is no authenticated user, the response is a 401 (Unauthenticated).
If the authenticated user does not have any of these acceptedScopes, the
method updates the HTTP response providing a status code 403 (Forbidden)
and writes to the response body a message telling which scopes are expected in the token.
We recommend using instead the RequiredScope Attribute on the controller, the page or the action.
See https://aka.ms/ms-id-web/required-scope-attribute.
public static void VerifyUserHasAnyAcceptedScope (this Microsoft.AspNetCore.Http.HttpContext context, params string[] acceptedScopes);static member VerifyUserHasAnyAcceptedScope : Microsoft.AspNetCore.Http.HttpContext * string[] -> unit<Extension()>
Public Sub VerifyUserHasAnyAcceptedScope (context As HttpContext, ParamArray acceptedScopes As String())Parameters
- context
- HttpContext
HttpContext (from the controller).
- acceptedScopes
- String[]
Scopes accepted by this web API.