-
Notifications
You must be signed in to change notification settings - Fork 32
/
IdentityApplicationOptions.xml
340 lines (339 loc) Β· 19.3 KB
/
IdentityApplicationOptions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
<Type Name="IdentityApplicationOptions" FullName="Microsoft.Identity.Abstractions.IdentityApplicationOptions">
<TypeSignature Language="C#" Value="public class IdentityApplicationOptions" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi beforefieldinit IdentityApplicationOptions extends System.Object" />
<TypeSignature Language="DocId" Value="T:Microsoft.Identity.Abstractions.IdentityApplicationOptions" />
<TypeSignature Language="VB.NET" Value="Public Class IdentityApplicationOptions" />
<TypeSignature Language="F#" Value="type IdentityApplicationOptions = class" />
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
<AssemblyVersion>3.1.0.0</AssemblyVersion>
<AssemblyVersion>3.2.0.0</AssemblyVersion>
<AssemblyVersion>3.2.1.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>5.1.0.0</AssemblyVersion>
<AssemblyVersion>5.3.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>7.1.0.0</AssemblyVersion>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<Base>
<BaseTypeName>System.Object</BaseTypeName>
</Base>
<Interfaces />
<Docs>
<summary>
Options for configuring authentication in a web app, web API or daemon app.
<para>
This class contains configuration properties for any OAuth 2.0 identity provider.
For Azure AD specific options see the derived class: <see cref="T:Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions" />. This class
and its derived class are usually used as options, that are deserialized from a configuration file like appsettings.json
</para></summary>
<remarks>To be added.</remarks>
<example />
</Docs>
<Members>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public IdentityApplicationOptions ();" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor() cil managed" />
<MemberSignature Language="DocId" Value="M:Microsoft.Identity.Abstractions.IdentityApplicationOptions.#ctor" />
<MemberSignature Language="VB.NET" Value="Public Sub New ()" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters />
<Docs>
<summary>To be added.</summary>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="AllowWebApiToBeAuthorizedByACL">
<MemberSignature Language="C#" Value="public bool AllowWebApiToBeAuthorizedByACL { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance bool AllowWebApiToBeAuthorizedByACL" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.AllowWebApiToBeAuthorizedByACL" />
<MemberSignature Language="VB.NET" Value="Public Property AllowWebApiToBeAuthorizedByACL As Boolean" />
<MemberSignature Language="F#" Value="member this.AllowWebApiToBeAuthorizedByACL : bool with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.AllowWebApiToBeAuthorizedByACL" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Docs>
<summary>
Web APIs called on behalf of a user can validate a token based on scopes (representing delegated permissions).
Web APIs called by daemon applications can validate a token based on roles (representing app permissions).
By default, the web API will validate the presence of roles and scopes. You can set this property to <c>false</c> to
use the ACL-based authorization pattern for the client (daemon) to the web API. If using ACL-based authorization,
the implementation will not throw if roles or scopes are not in the Claims.
For details see https://aka.ms/ms-identity-web/daemon-ACL.
</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
<c>false.</c>
</Docs>
</Member>
<Member MemberName="Audience">
<MemberSignature Language="C#" Value="public string? Audience { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance string Audience" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.Audience" />
<MemberSignature Language="VB.NET" Value="Public Property Audience As String" />
<MemberSignature Language="F#" Value="member this.Audience : string with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.Audience" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.String</ReturnType>
</ReturnValue>
<Docs>
<summary>
In a web API, audience of the tokens that will be accepted by the web API.
<para>If your web API accepts several audiences, see <see cref="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.Audiences" />.</para></summary>
<value>To be added.</value>
<remarks>If both Audience and <see cref="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.Audiences" />, are expressed, the effective audiences is the
union of these properties.</remarks>
</Docs>
</Member>
<Member MemberName="Audiences">
<MemberSignature Language="C#" Value="public System.Collections.Generic.IEnumerable<string>? Audiences { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Collections.Generic.IEnumerable`1<string> Audiences" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.Audiences" />
<MemberSignature Language="VB.NET" Value="Public Property Audiences As IEnumerable(Of String)" />
<MemberSignature Language="F#" Value="member this.Audiences : seq<string> with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.Audiences" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Collections.Generic.IEnumerable<System.String></ReturnType>
</ReturnValue>
<Docs>
<summary>
In a web API, accepted audiences for the tokens received by the web API.
<para>See also <see cref="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.Audience" />.</para>
The audience is the intended recipient of the token. You can usually assume that the ApplicationID of your web API
is a valid audience. It can, in general be any of the App ID URIs (or resource identitfier) you defined for your application
during its registration in the Azure portal.
</summary>
<value>To be added.</value>
<remarks>If both Audiences and <see cref="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.Audience" />, are expressed, the effective audiences is the
union of these properties.</remarks>
<example>
<format type="text/markdown"><![CDATA[
Here is an example of client credentials in the AzureAd section of the *appsetting.json*. The app will try to use
workload identity federation from Managed identity (when setup and deployed in Azure), and otherwise, will use a certificate
from Key Vault, and otherwise, will use a client secret.
```json
"Audiences": [
"api://a88bb933-319c-41b5-9f04-eff36d985612",
"a88bb933-319c-41b5-9f04-eff36d985612",
"https://mydomain.com/myapp"
]
```
See also https://aka.ms/ms-id-web-certificates.
]]></format>
</example>
</Docs>
</Member>
<Member MemberName="Authority">
<MemberSignature Language="C#" Value="public virtual string? Authority { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance string Authority" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority" />
<MemberSignature Language="VB.NET" Value="Public Overridable Property Authority As String" />
<MemberSignature Language="F#" Value="member this.Authority : string with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.Authority" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.String</ReturnType>
</ReturnValue>
<Docs>
<summary>
Gets or sets the authority to use when calling the identity provider.
For AzureAD or Azure AD B2C, rather use <see cref="P:Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.Instance" />
and <see cref="P:Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions.TenantId" />. For Microsoft Entra External IDs, use
the authority of the form <c>https://subdomain.ciamlogin.com</c>.
</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
<example>
<code>
IdentityApplicationOptions options = new
{
Authority = "https://subdomain.ciamlogin.com"
};
</code>
</example>
</Docs>
</Member>
<Member MemberName="ClientCredentials">
<MemberSignature Language="C#" Value="public System.Collections.Generic.IEnumerable<Microsoft.Identity.Abstractions.CredentialDescription>? ClientCredentials { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Collections.Generic.IEnumerable`1<class Microsoft.Identity.Abstractions.CredentialDescription> ClientCredentials" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.ClientCredentials" />
<MemberSignature Language="VB.NET" Value="Public Property ClientCredentials As IEnumerable(Of CredentialDescription)" />
<MemberSignature Language="F#" Value="member this.ClientCredentials : seq<Microsoft.Identity.Abstractions.CredentialDescription> with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.ClientCredentials" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Collections.Generic.IEnumerable<Microsoft.Identity.Abstractions.CredentialDescription></ReturnType>
</ReturnValue>
<Docs>
<summary>
Description of the client credentials that the app provides to prove its identity to the IdP,
See <see cref="T:Microsoft.Identity.Abstractions.CredentialSource" /> for the list of supported credential types.
</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
<example>
<format type="text/markdown"><![CDATA[
Here is an example of client credentials in the AzureAd section of the *appsetting.json*. The app will try to use
workload identity federation from Managed identity (when setup and deployed in Azure), and otherwise, will use a certificate
from Key Vault, and otherwise, will use a client secret.
```json
"ClientCredentials": [
{
"SourceType": "SignedAssertionFromManagedIdentity",
"ManagedIdentityClientId": "Optional GUID of user assigned Managed identity"
},
{
"SourceType": "KeyVault",
"KeyVaultUrl": "https://webappsapistests.vault.azure.net",
"KeyVaultCertificateName": "Self-Signed-5-5-22"
},
{
"SourceType": "ClientSecret",
"ClientSecret": "***"
}
]
```
See also https://aka.ms/ms-id-web-certificates.
]]></format>
</example>
</Docs>
</Member>
<Member MemberName="ClientId">
<MemberSignature Language="C#" Value="public string? ClientId { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance string ClientId" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.ClientId" />
<MemberSignature Language="VB.NET" Value="Public Property ClientId As String" />
<MemberSignature Language="F#" Value="member this.ClientId : string with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.ClientId" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.String</ReturnType>
</ReturnValue>
<Docs>
<summary>
Gets or sets the 'client_id' (application ID) as it appears in the
application registration. This is the string representation of a GUID.
</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="EnablePiiLogging">
<MemberSignature Language="C#" Value="public bool EnablePiiLogging { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance bool EnablePiiLogging" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.EnablePiiLogging" />
<MemberSignature Language="VB.NET" Value="Public Property EnablePiiLogging As Boolean" />
<MemberSignature Language="F#" Value="member this.EnablePiiLogging : bool with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.EnablePiiLogging" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Docs>
<summary>
Flag used to enable/disable logging of Personally Identifiable Information (PII).
PII logs are never written to default outputs.
Default is set to <c>false</c>, which ensures that your application is compliant with GDPR. You can set
it to <c>true</c> for advanced debugging requiring PII.
</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="ExtraQueryParameters">
<MemberSignature Language="C#" Value="public System.Collections.Generic.IDictionary<string,string>? ExtraQueryParameters { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Collections.Generic.IDictionary`2<string, string> ExtraQueryParameters" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.ExtraQueryParameters" />
<MemberSignature Language="VB.NET" Value="Public Property ExtraQueryParameters As IDictionary(Of String, String)" />
<MemberSignature Language="F#" Value="member this.ExtraQueryParameters : System.Collections.Generic.IDictionary<string, string> with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.ExtraQueryParameters" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Collections.Generic.IDictionary<System.String,System.String></ReturnType>
</ReturnValue>
<Docs>
<summary>
Sets query parameters for the query string in the HTTP request to the IdP. This parameter is useful
if you want to send the request to a specific test slice, or a particular dc.
</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="TokenDecryptionCredentials">
<MemberSignature Language="C#" Value="public System.Collections.Generic.IEnumerable<Microsoft.Identity.Abstractions.CredentialDescription>? TokenDecryptionCredentials { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Collections.Generic.IEnumerable`1<class Microsoft.Identity.Abstractions.CredentialDescription> TokenDecryptionCredentials" />
<MemberSignature Language="DocId" Value="P:Microsoft.Identity.Abstractions.IdentityApplicationOptions.TokenDecryptionCredentials" />
<MemberSignature Language="VB.NET" Value="Public Property TokenDecryptionCredentials As IEnumerable(Of CredentialDescription)" />
<MemberSignature Language="F#" Value="member this.TokenDecryptionCredentials : seq<Microsoft.Identity.Abstractions.CredentialDescription> with get, set" Usage="Microsoft.Identity.Abstractions.IdentityApplicationOptions.TokenDecryptionCredentials" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Identity.Abstractions</AssemblyName>
<AssemblyVersion>7.2.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Collections.Generic.IEnumerable<Microsoft.Identity.Abstractions.CredentialDescription></ReturnType>
</ReturnValue>
<Docs>
<summary>
Description of the credentials (usually certificates) used to decrypt an encrypted
token in a web API.
</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
<example>
<format type="text/markdown"><![CDATA[
Here is how to specify a decrypt certificate read from the certificate store:
```json
"TokenDecryptionCredentials": [
{
"SourceType": "StoreWithDistinguishedName",
"CertificateStorePath": "CurrentUser/My",
"CertificateDistinguishedName": "CN=WebAppCallingWebApiCert"
}
]
```
See also https://aka.ms/ms-id-web-certificates.
]]></format>
</example>
</Docs>
</Member>
</Members>
</Type>