Class PolicyBuilderExtensions

Namespace: Microsoft.Identity.Web

Assembly: Microsoft.Identity.Web.dll

Extensions for building the RequiredScope policy during application startup.

public static class PolicyBuilderExtensions

Inheritance: object

PolicyBuilderExtensions

Inherited Members: object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Examples

services.AddAuthorization(o =>
{ o.AddPolicy("Custom",
    policyBuilder =>policyBuilder.RequireScope("access_as_user"));
});

Methods

RequireScope(AuthorizationPolicyBuilder, IEnumerable<string>)

Adds a ScopeAuthorizationRequirement to the current instance which requires that the current user has the specified claim and that the claim value must be one of the allowed values.

public static AuthorizationPolicyBuilder RequireScope(this AuthorizationPolicyBuilder authorizationPolicyBuilder, IEnumerable<string> allowedValues)

Parameters

authorizationPolicyBuilder AuthorizationPolicyBuilder: Used for building policies during application startup.
allowedValues IEnumerable<string>: Values the claim must process one or more of for evaluation to succeed.

Returns

AuthorizationPolicyBuilder: A reference to this instance after the operation has completed.

RequireScope(AuthorizationPolicyBuilder, params string[])

Adds a ScopeAuthorizationRequirement to the current instance which requires that the current user has the specified claim and that the claim value must be one of the allowed values.

public static AuthorizationPolicyBuilder RequireScope(this AuthorizationPolicyBuilder authorizationPolicyBuilder, params string[] allowedValues)

Parameters

authorizationPolicyBuilder AuthorizationPolicyBuilder: Used for building policies during application startup.
allowedValues string[]: Values the claim must process one or more of for evaluation to succeed.

Returns

AuthorizationPolicyBuilder: A reference to this instance after the operation has completed.

RequireScopeOrAppPermission(AuthorizationPolicyBuilder, IEnumerable<string>, IEnumerable<string>)

Adds a ScopeOrAppPermissionAuthorizationRequirement to the current instance which requires that the current user has the specified claim and that the claim value must be one of the allowed values.

public static AuthorizationPolicyBuilder RequireScopeOrAppPermission(this AuthorizationPolicyBuilder authorizationPolicyBuilder, IEnumerable<string> allowedScopeValues, IEnumerable<string> allowedAppPermissionValues)

Parameters

authorizationPolicyBuilder AuthorizationPolicyBuilder: Used for building policies during application startup.
allowedScopeValues IEnumerable<string>: scopes (the value of scope or scp) accepted by this app.
allowedAppPermissionValues IEnumerable<string>: App permission (in role claim) that this app accepts.

Returns

AuthorizationPolicyBuilder: A reference to this instance after the operation has completed.

Table of Contents

Class PolicyBuilderExtensions

Examples

Methods

RequireScope(AuthorizationPolicyBuilder, IEnumerable<string>)

Parameters

Returns

RequireScope(AuthorizationPolicyBuilder, params string[])

Parameters

Returns

RequireScopeOrAppPermission(AuthorizationPolicyBuilder, IEnumerable<string>, IEnumerable<string>)

Parameters

Returns