Delen via


RequiredScopeOrAppPermissionAttribute Constructors

Definition

Overloads

RequiredScopeOrAppPermissionAttribute()

Default constructor.

RequiredScopeOrAppPermissionAttribute(String[], String[])

Verifies that the web API is called with the right app permissions. If the token obtained for this API is on behalf of the authenticated user does not have any of these acceptedScopes in its scope claim, nor acceptedAppPermissions in its roles claim, the method updates the HTTP response providing a status code 403 (Forbidden) and writes to the response body a message telling which scopes are expected in the token.

RequiredScopeOrAppPermissionAttribute()

Default constructor.

public RequiredScopeOrAppPermissionAttribute ();
Public Sub New ()

Examples

[RequiredScopeOrAppPermission(RequiredScopesConfigurationKey="AzureAD:Scope", RequiredAppPermissionsConfigurationKey="AzureAD:AppPermission")]
class Controller : BaseController
{
}

Applies to

RequiredScopeOrAppPermissionAttribute(String[], String[])

Verifies that the web API is called with the right app permissions. If the token obtained for this API is on behalf of the authenticated user does not have any of these acceptedScopes in its scope claim, nor acceptedAppPermissions in its roles claim, the method updates the HTTP response providing a status code 403 (Forbidden) and writes to the response body a message telling which scopes are expected in the token.

public RequiredScopeOrAppPermissionAttribute (string[] acceptedScopes, string[] acceptedAppPermissions);
new Microsoft.Identity.Web.Resource.RequiredScopeOrAppPermissionAttribute : string[] * string[] -> Microsoft.Identity.Web.Resource.RequiredScopeOrAppPermissionAttribute
Public Sub New (acceptedScopes As String(), acceptedAppPermissions As String())

Parameters

acceptedScopes
String[]

Scopes accepted by this web API.

acceptedAppPermissions
String[]

App permissions accepted by this web API.

Examples

Add the following attribute on the controller/page/action to protect:

[RequiredScopeOrAppPermission(new [] { "access_as_user" }, new [] { "access_as_app" })]

Remarks

When neither the scopes nor app permissions match, the response is a 403 (Forbidden), because the user is authenticated (hence not 401), but not authorized.

See also

  • <xref:RequiredScopeOrAppPermissionAttribute()>

Applies to