diff --git a/aspnetcore/blazor/security/includes/wasm-aad-b2c-custom-policies.md b/aspnetcore/blazor/security/includes/wasm-aad-b2c-custom-policies.md new file mode 100644 index 0000000000..f5988a5d08 --- /dev/null +++ b/aspnetcore/blazor/security/includes/wasm-aad-b2c-custom-policies.md @@ -0,0 +1 @@ +The Microsoft Authentication Library (, [NuGet package](https://www.nuget.org/packages/Microsoft.Authentication.WebAssembly.Msal/)) doesn't support [AAD B2C custom policies](/azure/active-directory-b2c/user-flow-overview) by default. diff --git a/aspnetcore/blazor/security/includes/wasm-aad-b2c-userflows.md b/aspnetcore/blazor/security/includes/wasm-aad-b2c-userflows.md deleted file mode 100644 index c21fc6ba03..0000000000 --- a/aspnetcore/blazor/security/includes/wasm-aad-b2c-userflows.md +++ /dev/null @@ -1 +0,0 @@ -The Microsoft Authentication Library (, [NuGet package](https://www.nuget.org/packages/Microsoft.Authentication.WebAssembly.Msal/)) doesn't support [AAD B2C user flows](/azure/active-directory-b2c/user-flow-overview) by default. Create custom user flows in developer code. For more information on how to build a challenge for a custom user flow, see [User flows in Azure Active Directory B2C](/azure/active-directory-b2c/user-flow-overview). diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md index cb999af68b..3742f31daa 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md @@ -14,6 +14,8 @@ uid: blazor/security/webassembly/hosted-with-azure-active-directory-b2c This article explains how to create a [hosted Blazor WebAssembly solution](xref:blazor/hosting-models#blazor-webassembly) that uses [Azure Active Directory (AAD) B2C](/azure/active-directory-b2c/overview) for authentication. +For additional security scenario coverage after reading this article, see . + ## Walkthrough The subsections of the walkthrough explain how to: @@ -36,7 +38,7 @@ Register an AAD B2C app for the *Server API app*: 1. Navigate to **Azure AD B2C** in the Azure portal. Select **App registrations** in the sidebar. Select the **New registration** button. 1. Provide a **Name** for the app (for example, **Blazor Server AAD B2C**). 1. For **Supported account types**, select the multi-tenant option: **Accounts in any identity provider or organizational directory (for authenticating users with user flows)** -1. The *Server API app* doesn't require a **Redirect URI** in this scenario, so skip the **Redirect URI** setting don't enter a redirect URI. +1. The *Server API app* doesn't require a **Redirect URI** in this scenario, so leave the **Select a platform** dropdown list unselected and don't enter a redirect URI. 1. If you're using an [unverified publisher domain](/azure/active-directory/develop/howto-configure-publisher-domain), confirm that **Permissions** > **Grant admin consent to openid and offline_access permissions** is selected. If the publisher domain is verified, this checkbox isn't present. 1. Select **Register**. @@ -152,9 +154,9 @@ If the scope is incorrect, update the value now. [!INCLUDE[](~/blazor/security/includes/run-the-app.md)] -## Custom user flows +## Custom policies -[!INCLUDE[](~/blazor/security/includes/wasm-aad-b2c-userflows.md)] +[!INCLUDE[](~/blazor/security/includes/wasm-aad-b2c-custom-policies.md)] ## Configure `User.Identity.Name` diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory.md index 5a0cf891de..123bf8e66d 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory.md @@ -16,6 +16,8 @@ This article explains how to create a [hosted Blazor WebAssembly solution](xref: This article doesn't cover a *multi-tenant Azure Active Directory registration*. For more information, see [Making your application multi-tenant](/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant). +For additional security scenario coverage after reading this article, see . + ## Walkthrough The subsections of the walkthrough explain how to: @@ -39,7 +41,7 @@ Register an AAD app for the *Server API app*: 1. Navigate to **Azure Active Directory** in the Azure portal. Select **App registrations** in the sidebar. Select the **New registration** button. 1. Provide a **Name** for the app (for example, **Blazor Server AAD**). 1. Choose a **Supported account types**. You may select **Accounts in this organizational directory only** (single tenant) for this experience. -1. The *Server API app* doesn't require a **Redirect URI** in this scenario, so leave the dropdown list set to **Web** and don't enter a redirect URI. +1. The *Server API app* doesn't require a **Redirect URI** in this scenario, so leave the **Select a platform** dropdown list unselected and don't enter a redirect URI. 1. If you're using an [unverified publisher domain](/azure/active-directory/develop/howto-configure-publisher-domain), clear the **Permissions** > **Grant admin consent to openid and offline_access permissions** checkbox. If the publisher domain is verified, this checkbox isn't present. 1. Select **Register**. diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md b/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md index bdf6bcc7c4..9a5ce216bf 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md @@ -24,6 +24,8 @@ This article explains how to create a [hosted Blazor WebAssembly solution](xref: > [!NOTE] > To configure a standalone or hosted Blazor WebAssembly app to use an existing, external Identity Server instance, follow the guidance in . +For additional security scenario coverage after reading this article, see . + ## Walkthrough The subsections of the walkthrough explain how to: diff --git a/aspnetcore/blazor/security/webassembly/index.md b/aspnetcore/blazor/security/webassembly/index.md index 17770b0c1e..d6c6434050 100644 --- a/aspnetcore/blazor/security/webassembly/index.md +++ b/aspnetcore/blazor/security/webassembly/index.md @@ -14,6 +14,8 @@ uid: blazor/security/webassembly/index Blazor WebAssembly apps are secured in the same manner as single-page applications (SPAs). There are several approaches for authenticating users to SPAs, but the most common and comprehensive approach is to use an implementation based on the [OAuth 2.0 protocol](https://oauth.net/), such as [OpenID Connect (OIDC)](https://openid.net/connect/). +The Blazor WebAssembly security documentation primarily focuses on how to accomplish user authentication and authorization tasks. For OAuth 2.0/OIDC general concept coverage, see the resources in the [main overview article's *Additional resources* section](xref:blazor/security/index#additional-resources). + ## Authentication library Blazor WebAssembly supports authenticating and authorizing apps using OIDC via the [`Microsoft.AspNetCore.Components.WebAssembly.Authentication`](https://www.nuget.org/packages/Microsoft.AspNetCore.Components.WebAssembly.Authentication) library. The library provides a set of primitives for seamlessly authenticating against ASP.NET Core backends. The library integrates ASP.NET Core Identity with API authorization support built on top of [Duende Identity Server](https://docs.duendesoftware.com). The library can authenticate against any third-party Identity Provider (IP) that supports OIDC, which are called OpenID Providers (OP). diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md index ca4a754c9a..082471b8b2 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md @@ -16,6 +16,8 @@ This article explains how to secure an ASP.NET Core Blazor WebAssembly standalon *For Azure Active Directory (AAD) and Azure Active Directory B2C (AAD B2C) guidance, don't follow the guidance in this topic. See or .* +For additional security scenario coverage after reading this article, see . + ## Walkthrough The subsections of the walkthrough explain how to: diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md index ed651bea8b..3417d47e48 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md @@ -14,6 +14,8 @@ uid: blazor/security/webassembly/standalone-with-azure-active-directory-b2c This article explains how to create a [standalone Blazor WebAssembly app](xref:blazor/hosting-models#blazor-webassembly) that uses [Azure Active Directory (AAD) B2C](/azure/active-directory-b2c/overview) for authentication. +For additional security scenario coverage after reading this article, see . + ## Walkthrough The subsections of the walkthrough explain how to: @@ -205,9 +207,9 @@ For more information, see the following sections of the *Additional scenarios* a [!INCLUDE[](~/blazor/security/includes/authentication-component.md)] -### Custom user flows +### Custom policies -[!INCLUDE[](~/blazor/security/includes/wasm-aad-b2c-userflows.md)] +[!INCLUDE[](~/blazor/security/includes/wasm-aad-b2c-custom-policies.md)] ## Troubleshoot diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory.md b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory.md index ed6525aae7..eb00899aa6 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory.md @@ -14,6 +14,8 @@ uid: blazor/security/webassembly/standalone-with-azure-active-directory This article explains how to create a [standalone Blazor WebAssembly app](xref:blazor/hosting-models#blazor-webassembly) that uses [Azure Active Directory (AAD)](https://azure.microsoft.com/services/active-directory/) for authentication. +For additional security scenario coverage after reading this article, see . + ## Walkthrough The subsections of the walkthrough explain how to: diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-microsoft-accounts.md b/aspnetcore/blazor/security/webassembly/standalone-with-microsoft-accounts.md index d2f37e5994..dbf49710c3 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-microsoft-accounts.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-microsoft-accounts.md @@ -14,6 +14,8 @@ uid: blazor/security/webassembly/standalone-with-microsoft-accounts This article explains how to create a [standalone Blazor WebAssembly app](xref:blazor/hosting-models#blazor-webassembly) that uses [Microsoft Accounts with Azure Active Directory (AAD)](/azure/active-directory/develop/quickstart-register-app#register-a-new-application-using-the-azure-portal) for authentication. +For additional security scenario coverage after reading this article, see . + ## Walkthrough The subsections of the walkthrough explain how to: