-
Notifications
You must be signed in to change notification settings - Fork 219
Customization
If you want to customize options, like OpenIdConnectOptions or JwtBearerOptions, but still want to benefit from the implementation provided by Microsoft Identity Web; you can do so by using Configure and PostConfigure methods in Startup.cs.
Let's take, for example, the AddMicrosoftIdentityWebApi or AddMicrosoftIdentityWebApiAuthentication methods (used to be AddProtectedWebApi in Microsoft Identity Web 0.1.x). In it, you'll see this event set up:
options.Events.OnTokenValidated = async context =>
{
// This check is required to ensure that the Web API only accepts tokens from tenants where it has been consented and provisioned.
if (!context.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)
&& !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Scp)
&& !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Roles))
{
throw new UnauthorizedAccessException("Neither scope or roles claim was found in the bearer token.");
}
await Task.FromResult(0);
};Say you want to augment the current ClaimsPrincipal by adding claims to it, and you have to do it on OnTokenValidated. However, you don't want to lose the UnauthorizedAccessException check existing in the event. To do so, in your Startup.cs, you'd have:
services.AddMicrosoftIdentityWebApiAuthentication(Configuration);
services.Configure<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
{
var existingOnTokenValidatedHandler = options.Events.OnTokenValidated ;
options.Events.OnTokenValidated = async context =>
{
await existingOnTokenValidatedHandler(context);
// Your code to add extra claims that will be executed after the current event implementation.
}
});Other types of options can be customized in similar fashion:
- cookie related options
services.Configure<CookiePolicyOptions>(options =>
{
// Custom code here.
});services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
// Custom code here.
});OpenIdConnectOptions
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// Custom code here.
});MicrosoftIdentityOptions
services.Configure<MicrosoftIdentityOptions>(options =>
{
// Custom code here.
});When configuring options, verify that the correct authentication scheme is passed in, or none at all. Additionally, the middleware configuration methods are invoked in the order in which they were called, with PostConfigure methods executing after all the Configure methods.
- Home
- Why use Microsoft Identity Web?
- Web apps
- Web APIs
- Using certificates
- Minimal support for .NET FW Classic
- Logging
- Azure AD B2C limitations
- Samples
- Web apps
- Web app samples
- Web app template
- Call an API from a web app
- Managing incremental consent and conditional access
- Web app troubleshooting
- Deploy to App Services Linux containers or with proxies
- SameSite cookies
- Hybrid SPA
- Web APIs
- Web API samples
- Web API template
- Call an API from a web API
- Token Decryption
- Web API troubleshooting
- web API protected by ACLs instead of app roles
- gRPC apps
- Azure Functions
- Long running processes in web APIs
- Authorization policies
- Generic API
- Customization
- Logging
- Calling graph with specific scopes/tenant
- Multiple Authentication Schemes
- Utility classes
- Setting FIC+MSI
- Mixing web app and web API
- Deploying to Azure App Services
- Azure AD B2C issuer claim support
- Performance
- specify Microsoft Graph scopes and app-permissions
- Integrate with Azure App Services authentication
- Ajax calls and incremental consent and conditional access
- Back channel proxys
- Client capabilities