Class WwwAuthenticateParameters
Parameters returned by the WWW-Authenticate header. This allows for dynamic scenarios such as Claims challenge, Continuous Access Evaluation (CAE), and Conditional Access (CA). See https://aka.ms/msal-net/wwwAuthenticate.
public class WwwAuthenticateParameters- Inheritance
-
WwwAuthenticateParameters
- Inherited Members
Constructors
WwwAuthenticateParameters()
public WwwAuthenticateParameters()Properties
AuthenticationScheme
AuthScheme. See the documentation on WWW-Authenticate for more details
public string AuthenticationScheme { get; }Property Value
Authority
Authority from which to request an access token.
public string Authority { get; set; }Property Value
Claims
Claims demanded by the web API.
public string Claims { get; set; }Property Value
Error
Error.
public string Error { get; set; }Property Value
this[string]
Return the RawParameters of key key.
public string this[string key] { get; }Parameters
keystringName of the raw parameter to retrieve.
Property Value
- string
The raw parameter if it exists, or throws a KeyNotFoundException otherwise.
Nonce
The nonce acquired from the WWW-Authenticate header.
public string Nonce { get; }Property Value
Resource
Resource for which to request scopes. This is the App ID URI of the API that returned the WWW-Authenticate header.
[Obsolete("The client apps should know which App ID URI it requests scopes for.", true)]
public string Resource { get; set; }Property Value
Remarks
Clients that perform resource validation (e.g. by comparing the host part of the resource against a list of known good hosts), can still use the indexer to retrieve the raw value of the resource / scope.
If a resource is used, add "/.default" to it to transform it into a scope, e.g. "https://graph.microsoft.com/.default" is the OAuth2 scope for "https://graph.microsoft.com" resource. MSAL only works with scopes.
Scopes
Scopes to request. If it's not provided by the web API, it's computed from the Resource.
[Obsolete("The client apps should know which scopes to request for.", true)]
public IEnumerable<string> Scopes { get; set; }Property Value
Remarks
Clients that perform resource validation (e.g. by comparing the host part of the resource against a list of known good hosts), can still use the indexer to retrieve the raw value of the resource / scope.
If a resource is used, add "/.default" to it to transform it into a scope, e.g. "https://graph.microsoft.com/.default" is the OAuth2 scope for "https://graph.microsoft.com" resource. MSAL only works with scopes.
Methods
CreateFromAuthenticationHeaders(HttpResponseHeaders)
Create WWW-Authenticate parameters from the HttpResponseHeaders for each auth scheme.
public static IReadOnlyList<WwwAuthenticateParameters> CreateFromAuthenticationHeaders(HttpResponseHeaders httpResponseHeaders)Parameters
httpResponseHeadersHttpResponseHeadersHttpResponseHeaders.
Returns
- IReadOnlyList<WwwAuthenticateParameters>
The parameters requested by the web API.
Remarks
Currently it only supports the Bearer scheme
CreateFromAuthenticationHeaders(HttpResponseHeaders, string)
Create WWW-Authenticate parameters from the HttpResponseHeaders.
public static WwwAuthenticateParameters CreateFromAuthenticationHeaders(HttpResponseHeaders httpResponseHeaders, string scheme)Parameters
httpResponseHeadersHttpResponseHeadersHttpResponseHeaders.
schemestringAuthentication scheme.
Returns
- WwwAuthenticateParameters
The parameters requested by the web API.
CreateFromAuthenticationResponseAsync(string, HttpClient, CancellationToken)
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
public static Task<IReadOnlyList<WwwAuthenticateParameters>> CreateFromAuthenticationResponseAsync(string resourceUri, HttpClient httpClient, CancellationToken cancellationToken = default)Parameters
resourceUristringURI of the resource.
httpClientHttpClientInstance of HttpClient to make the request with.
cancellationTokenCancellationTokenThe cancellation token to cancel operation.
Returns
- Task<IReadOnlyList<WwwAuthenticateParameters>>
WWW-Authenticate Parameters extracted from response to the unauthenticated call.
CreateFromAuthenticationResponseAsync(string, string, HttpClient, CancellationToken)
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
public static Task<WwwAuthenticateParameters> CreateFromAuthenticationResponseAsync(string resourceUri, string scheme, HttpClient httpClient, CancellationToken cancellationToken = default)Parameters
resourceUristringURI of the resource.
schemestringAuthentication scheme.
httpClientHttpClientInstance of HttpClient to make the request with.
cancellationTokenCancellationTokenThe cancellation token to cancel operation.
Returns
- Task<WwwAuthenticateParameters>
WWW-Authenticate Parameters extracted from response to the unauthenticated call.
CreateFromAuthenticationResponseAsync(string, string, CancellationToken)
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
public static Task<WwwAuthenticateParameters> CreateFromAuthenticationResponseAsync(string resourceUri, string scheme, CancellationToken cancellationToken = default)Parameters
resourceUristringURI of the resource.
schemestringAuthentication scheme.
cancellationTokenCancellationTokenThe cancellation token to cancel operation.
Returns
- Task<WwwAuthenticateParameters>
WWW-Authenticate Parameters extracted from response to the unauthenticated call.
CreateFromAuthenticationResponseAsync(string, CancellationToken)
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
public static Task<IReadOnlyList<WwwAuthenticateParameters>> CreateFromAuthenticationResponseAsync(string resourceUri, CancellationToken cancellationToken = default)Parameters
resourceUristringURI of the resource.
cancellationTokenCancellationTokenThe cancellation token to cancel operation.
Returns
- Task<IReadOnlyList<WwwAuthenticateParameters>>
WWW-Authenticate Parameters extracted from response to the unauthenticated call.
GetClaimChallengeFromResponseHeaders(HttpResponseHeaders, string)
Gets the claim challenge from HTTP header. Used, for example, for Conditional Access (CA).
public static string GetClaimChallengeFromResponseHeaders(HttpResponseHeaders httpResponseHeaders, string scheme = "Bearer")Parameters
httpResponseHeadersHttpResponseHeadersThe HTTP response headers.
schemestringAuthentication scheme. Default is Bearer.
Returns
- string
The claims challenge
GetTenantId()
Gets Azure AD tenant ID.
public string GetTenantId()