diff --git a/10.0/BlazorWebAppEntra/BlazorWebAppEntra/Program.cs b/10.0/BlazorWebAppEntra/BlazorWebAppEntra/Program.cs index 8650e2e0..4752634b 100644 --- a/10.0/BlazorWebAppEntra/BlazorWebAppEntra/Program.cs +++ b/10.0/BlazorWebAppEntra/BlazorWebAppEntra/Program.cs @@ -23,6 +23,7 @@ .AddInteractiveWebAssemblyComponents() .AddAuthenticationStateSerialization(options => options.SerializeAllClaims = true); +// Configure authentication to use Microsoft Entra ID builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(msIdentityOptions => { @@ -41,6 +42,30 @@ }) .AddDistributedTokenCaches(); +// Configure authentication to use Microsoft Entra External ID +// +// Instead of the preceding configuration for Microsoft Entra ID, use the +// following configuration for Microsoft Entra External ID. Comment out or +// remove the preceding 'AddAuthentication' configuration if you activate +// the following code. +/* +builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftIdentityWebApp(msIdentityOptions => + { + msIdentityOptions.CallbackPath = "/signin-oidc"; + msIdentityOptions.Authority = "https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0"; + msIdentityOptions.ClientId = "{CLIENT ID (BLAZOR APP)}"; + msIdentityOptions.ResponseType = "code"; + }) + .EnableTokenAcquisitionToCallDownstreamApi() + .AddDownstreamApi("DownstreamApi", configOptions => + { + configOptions.BaseUrl = "{BASE URL}"; + configOptions.Scopes = ["{APP ID URI}/Weather.Get"]; + }) + .AddDistributedTokenCaches(); +*/ + builder.Services.AddDistributedMemoryCache(); builder.Services.Configure( diff --git a/10.0/BlazorWebAppEntra/MinimalApiJwt/Program.cs b/10.0/BlazorWebAppEntra/MinimalApiJwt/Program.cs index e152b6f9..baaa2668 100644 --- a/10.0/BlazorWebAppEntra/MinimalApiJwt/Program.cs +++ b/10.0/BlazorWebAppEntra/MinimalApiJwt/Program.cs @@ -10,8 +10,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -19,7 +20,8 @@ // under "Expose an API" in the Azure or Entra portal. {CLIENT ID} is the application (client) ID of this // app's registration in the Azure portal. // - // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP) + // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; diff --git a/10.0/BlazorWebAppEntraBff/BlazorWebAppEntra/Program.cs b/10.0/BlazorWebAppEntraBff/BlazorWebAppEntra/Program.cs index 224f8589..85044536 100644 --- a/10.0/BlazorWebAppEntraBff/BlazorWebAppEntra/Program.cs +++ b/10.0/BlazorWebAppEntraBff/BlazorWebAppEntra/Program.cs @@ -13,10 +13,11 @@ var builder = WebApplication.CreateBuilder(args); +// Add services to the container. // Add service defaults & Aspire components. builder.AddServiceDefaults(); -// Add services to the container. +// Configure authentication to use Microsoft Entra ID builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(msIdentityOptions => { @@ -35,6 +36,30 @@ }) .AddDistributedTokenCaches(); +// Configure authentication to use Microsoft Entra External ID +// +// Instead of the preceding configuration for Microsoft Entra ID, use the +// following configuration for Microsoft Entra External ID. Comment out or +// remove the preceding 'AddAuthentication' configuration if you activate +// the following code. +/* +builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftIdentityWebApp(msIdentityOptions => + { + msIdentityOptions.CallbackPath = "/signin-oidc"; + msIdentityOptions.Authority = "https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0"; + msIdentityOptions.ClientId = "{CLIENT ID (BLAZOR APP)}"; + msIdentityOptions.ResponseType = "code"; + }) + .EnableTokenAcquisitionToCallDownstreamApi() + .AddDownstreamApi("DownstreamApi", configOptions => + { + configOptions.BaseUrl = "{BASE URL}"; + configOptions.Scopes = ["{APP ID URI}/Weather.Get"]; + }) + .AddDistributedTokenCaches(); +*/ + builder.Services.AddDistributedMemoryCache(); builder.Services.Configure( diff --git a/10.0/BlazorWebAppEntraBff/MinimalApiJwt/Program.cs b/10.0/BlazorWebAppEntraBff/MinimalApiJwt/Program.cs index a3b73c33..5dd55f57 100644 --- a/10.0/BlazorWebAppEntraBff/MinimalApiJwt/Program.cs +++ b/10.0/BlazorWebAppEntraBff/MinimalApiJwt/Program.cs @@ -8,10 +8,11 @@ { // {TENANT ID} in the following examples is the directory (tenant) ID. // - // Authority format '{AUTHORITY}' matches the issurer (`iss`) of the JWT returned by the identity provider. + // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format '{AUTHORITY}' for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format '{AUTHORITY}' for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; @@ -20,8 +21,9 @@ // under "Expose an API" in the Azure or Entra portal. {CLIENT ID} is the application (client) ID of this // app's registration in the Azure portal. // - // Audience format '{AUDIENCE}' for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} - // Audience format '{AUDIENCE}' for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; }); diff --git a/10.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs b/10.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs index e5f9ba9c..81e98155 100644 --- a/10.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs +++ b/10.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs @@ -7,8 +7,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -17,6 +18,7 @@ // app's registration in the Azure portal. // // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; diff --git a/8.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs b/8.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs index dbc500c9..83121e18 100644 --- a/8.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs +++ b/8.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs @@ -7,8 +7,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -17,6 +18,7 @@ // app's registration in the Azure portal. // // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; diff --git a/8.0/BlazorWebAppOidcBff/MinimalApiJwt/Program.cs b/8.0/BlazorWebAppOidcBff/MinimalApiJwt/Program.cs index ef1a1a95..887c04fe 100644 --- a/8.0/BlazorWebAppOidcBff/MinimalApiJwt/Program.cs +++ b/8.0/BlazorWebAppOidcBff/MinimalApiJwt/Program.cs @@ -10,8 +10,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -20,6 +21,7 @@ // app's registration in the Azure portal. // // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; diff --git a/8.0/BlazorWebAppOidcServer/MinimalApiJwt/Program.cs b/8.0/BlazorWebAppOidcServer/MinimalApiJwt/Program.cs index 4a307e45..e473e31b 100644 --- a/8.0/BlazorWebAppOidcServer/MinimalApiJwt/Program.cs +++ b/8.0/BlazorWebAppOidcServer/MinimalApiJwt/Program.cs @@ -7,8 +7,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -17,6 +18,7 @@ // app's registration in the Azure portal. // // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; diff --git a/9.0/BlazorWebAppEntra/MinimalApiJwt/Program.cs b/9.0/BlazorWebAppEntra/MinimalApiJwt/Program.cs index e30ed91d..02ef649d 100644 --- a/9.0/BlazorWebAppEntra/MinimalApiJwt/Program.cs +++ b/9.0/BlazorWebAppEntra/MinimalApiJwt/Program.cs @@ -7,8 +7,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -17,6 +18,7 @@ // app's registration in the Azure portal. // // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; diff --git a/9.0/BlazorWebAppEntraBff/MinimalApiJwt/Program.cs b/9.0/BlazorWebAppEntraBff/MinimalApiJwt/Program.cs index b722cb1f..3a310367 100644 --- a/9.0/BlazorWebAppEntraBff/MinimalApiJwt/Program.cs +++ b/9.0/BlazorWebAppEntraBff/MinimalApiJwt/Program.cs @@ -8,10 +8,11 @@ { // {TENANT ID} in the following examples is the directory (tenant) ID. // - // Authority format '{AUTHORITY}' matches the issurer (`iss`) of the JWT returned by the identity provider. + // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format '{AUTHORITY}' for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format '{AUTHORITY}' for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -19,8 +20,9 @@ // under "Expose an API" in the Azure or Entra portal. {CLIENT ID} is the application (client) ID of this // app's registration in the Azure portal. // - // Audience format '{AUDIENCE}' for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} - // Audience format '{AUDIENCE}' for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; }); diff --git a/9.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs b/9.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs index 69ac33be..81036926 100644 --- a/9.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs +++ b/9.0/BlazorWebAppOidc/MinimalApiJwt/Program.cs @@ -7,8 +7,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -17,6 +18,7 @@ // app's registration in the Azure portal. // // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; diff --git a/9.0/BlazorWebAppOidcBff/MinimalApiJwt/Program.cs b/9.0/BlazorWebAppOidcBff/MinimalApiJwt/Program.cs index 4560102d..8497318c 100644 --- a/9.0/BlazorWebAppOidcBff/MinimalApiJwt/Program.cs +++ b/9.0/BlazorWebAppOidcBff/MinimalApiJwt/Program.cs @@ -10,8 +10,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -20,6 +21,7 @@ // app's registration in the Azure portal. // // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}"; diff --git a/9.0/BlazorWebAppOidcServer/MinimalApiJwt/Program.cs b/9.0/BlazorWebAppOidcServer/MinimalApiJwt/Program.cs index 4a307e45..e473e31b 100644 --- a/9.0/BlazorWebAppOidcServer/MinimalApiJwt/Program.cs +++ b/9.0/BlazorWebAppOidcServer/MinimalApiJwt/Program.cs @@ -7,8 +7,9 @@ // // Authority format {AUTHORITY} matches the issurer (`iss`) of the JWT returned by the identity provider. // - // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID}/ - // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0/ + // Authority format {AUTHORITY} for ME-ID tenant type: https://sts.windows.net/{TENANT ID} + // Authority format {AUTHORITY} for ME External ID tenant type: https://{DIRECTORY NAME}.ciamlogin.com/{TENANT ID}/v2.0 + // Authority format {AUTHORITY} for B2C tenant type: https://login.microsoftonline.com/{TENANT ID}/v2.0 // jwtOptions.Authority = "{AUTHORITY}"; // @@ -17,6 +18,7 @@ // app's registration in the Azure portal. // // Audience format {AUDIENCE} for ME-ID tenant type: api://{CLIENT ID (WEB API APP)} + // Audience format {AUDIENCE} for ME External ID tenant type: {CLIENT ID (WEB API APP)} // Audience format {AUDIENCE} for B2C tenant type: https://{DIRECTORY NAME}.onmicrosoft.com/{CLIENT ID (WEB API APP)} // jwtOptions.Audience = "{AUDIENCE}";