Share via


ScopesRequiredHttpContextExtensions Class

Definition

Extension class providing the extension methods for HttpContent that can be used in web APIs to validate scopes in controller actions. We recommend using instead the RequiredScope Attribute on the controller, the page or the action. See https://aka.ms/ms-id-web/required-scope-attribute.

public static class ScopesRequiredHttpContextExtensions
type ScopesRequiredHttpContextExtensions = class
Public Module ScopesRequiredHttpContextExtensions
Inheritance
ScopesRequiredHttpContextExtensions

Methods

VerifyUserHasAnyAcceptedScope(HttpContext, String[])

When applied to an HttpContext, verifies that the user authenticated in the web API has any of the accepted scopes. If there is no authenticated user, the response is a 401 (Unauthenticated). If the authenticated user does not have any of these acceptedScopes, the method updates the HTTP response providing a status code 403 (Forbidden) and writes to the response body a message telling which scopes are expected in the token. We recommend using instead the RequiredScope Attribute on the controller, the page or the action. See https://aka.ms/ms-id-web/required-scope-attribute.

Applies to