You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<!-- UPDATE 15.0 - Remove the following NOTE when .NET 15 releases in
133
+
2030, which is when B2C support will end for existing
134
+
customers prior to 5/1/25. -->
135
+
136
+
> [!NOTE]
137
+
> Azure Active Directory B2C is no longer available as a service to new customers as of May 1, 2025. AAD B2C tenants are supported for customers with accounts established prior to May 1, 2025 until 2030. For more information, see [Azure AD B2C: Frequently asked questions (FAQ)](/azure/active-directory-b2c/faq).
138
+
126
139
<xref:Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions.Audience%2A> sets the Audience for any received JWT access token.
Match the value to just the path of the **Application ID URI** configured when adding the `Weather.Get` scope under **Expose an API** in the Entra or Azure portal. Don't include the scope name, "`Weather.Get`," in the value.
133
146
134
-
The following examples use an Application (Client) Id of `11112222-bbbb-3333-cccc-4444dddd5555`. The second example uses a tenant domain of `contoso.onmicrosoft.com`.
147
+
The following examples use an Application (Client) Id of `11112222-bbbb-3333-cccc-4444dddd5555`. The third example uses a tenant domain of `contoso.onmicrosoft.com`.
Obtain the application (client) ID, tenant (publisher) domain, and directory (tenant) ID from the app's registration in the Entra or Azure portal. The App ID URI is obtained for the `Weather.Get` scope from the web API's registration. Don't include the scope name when taking the App ID URI from the portal.
153
172
173
+
The authentication configuration depends on the type of tenant:
configOptions.Scopes= ["{APP ID URI}/Weather.Get"];
256
+
})
257
+
.AddDistributedTokenCaches();
258
+
```
259
+
260
+
Placeholders in the preceding configuration:
261
+
262
+
*`{DIRECTORY NAME}`: The directory name of the tenant (publisher) domain.
263
+
*`{CLIENT ID (BLAZOR APP)}`: The application (client) ID.
264
+
*`{BASE ADDRESS}`: The web API's base address.
265
+
*`{APP ID URI}`: The App ID URI for web API scopes. Either of the following formats are used, where the `{CLIENT ID (WEB API)}` placeholder is the Client Id of the web API's Entra registration, and the `{DIRECTORY NAME}` placeholder is the directory name of the tenant (publisher) domain (example: `contoso`).
266
+
* ME-ID or Microsoft Entra External ID tenant format: `api://{CLIENT ID (WEB API)}`
267
+
* B2C tenant format: `https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API)}`
<!-- UPDATE 15.0 - Remove the following NOTE when .NET 15 releases in
428
+
2030, which is when B2C support will end for existing
429
+
customers prior to 5/1/25. -->
430
+
431
+
> [!NOTE]
432
+
> Azure Active Directory B2C is no longer available as a service to new customers as of May 1, 2025. AAD B2C tenants are supported for customers with accounts established prior to May 1, 2025 until 2030. For more information, see [Azure AD B2C: Frequently asked questions (FAQ)](/azure/active-directory-b2c/faq).
433
+
340
434
<xref:Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions.Audience%2A> sets the Audience for any received JWT access token.
Match the value to just the path of the **Application ID URI** configured when adding the `Weather.Get` scope under **Expose an API** in the Entra or Azure portal. Don't include the scope name, "`Weather.Get`," in the value.
347
441
348
-
The following examples use an Application (Client) Id of `11112222-bbbb-3333-cccc-4444dddd5555`. The second example uses a tenant domain of `contoso.onmicrosoft.com`.
442
+
The following examples use an Application (Client) Id of `11112222-bbbb-3333-cccc-4444dddd5555`. The third example uses a tenant domain of `contoso.onmicrosoft.com`.
Obtain the application (client) ID, tenant (publisher) domain, and directory (tenant) ID from the app's registration in the Entra or Azure portal. The App ID URI is obtained for the `Weather.Get` scope from the web API's registration. Don't include the scope name when taking the App ID URI from the portal.
367
467
468
+
The authentication configuration depends on the type of tenant:
configOptions.Scopes= ["{APP ID URI}/Weather.Get"];
564
+
})
565
+
.AddDistributedTokenCaches();
566
+
```
567
+
568
+
Provide the same downstream API scope to the request transformer:
569
+
570
+
```csharp
571
+
List<string>scopes= ["{APP ID URI}/Weather.Get"];
572
+
```
573
+
574
+
Placeholders in the preceding configuration:
575
+
576
+
*`{DIRECTORY NAME}`: The directory name of the tenant (publisher) domain.
577
+
*`{CLIENT ID (BLAZOR APP)}`: The application (client) ID.
578
+
*`{BASE ADDRESS}`: The web API's base address.
579
+
*`{APP ID URI}`: The App ID URI for web API scopes. Either of the following formats are used, where the `{CLIENT ID (WEB API)}` placeholder is the Client Id of the web API's Entra registration, and the `{DIRECTORY NAME}` placeholder is the directory name of the tenant (publishers) domain (example: `contoso`).
580
+
* ME-ID or Microsoft Entra External ID tenant format: `api://{CLIENT ID (WEB API)}`
581
+
* B2C tenant format: `https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API)}`
Audience formats adopt the following patterns (`{CLIENT ID}` is the Client Id of the web API; `{DIRECTORY NAME}` is the directory name, for example, `contoso`):
0 commit comments