Skip to content

damienbod/AspNetCoreMeIDCAE

BranchesTags

Repository files navigation

.NET

Razor, Blazor Page Microsoft Entra ID Continuous Access

Implement Microsoft Entra ID Continuous Access in an ASP.NET Core Razor Page app using a Web API

Implement Microsoft Entra ID Continuous Access (CA) step up with ASP.NET Core Blazor using a Web API

Implement Microsoft Entra ID Continuous Access (CA) standalone with Blazor ASP.NET Core

Force MFA in Blazor using Microsoft Entra ID and Continuous Access

Force phishing resistant authentication in an ASP.NET Core application using Microsoft Entra ID

History

  • 2024-01-14 Updated packages, improved security headers
  • 2023-11-04 Updated packages, fixed security headers
  • 2023-08-06 Updated packages
  • 2023-04-29 Updated packages, some style fixes
  • 2023-02-19 Updated to .NET 7
  • 2022-10-09 Updated packages
  • 2022-09-11 Updated packages
  • 2022-06-13 Force MFA authn from an APP
  • 2022-05-23 Improve code in Blazor applications
  • 2022-05-20 Add standalone samples
  • 2022-05-13 Add CAE Blazor example
  • 2022-05-08 Update packages
  • 2022-04-16 Update packages
  • 2022-04-05 Added CAE admin tool using Microsoft Graph
  • 2022-04-03 initial version

Azure app registration manifest access token

"optionalClaims": {
	"idToken": [],
	"accessToken": [
		{
			"name": "xms_cc",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}
	],
	"saml2Token": []
},

Azure app registration manifest id_token

"optionalClaims": {
	"idToken": [
		{
			"name": "xms_cc",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}
	],
	"accessToken": [],
	"saml2Token": []
},

Claims challenge returned from the API

{"access_token":{"acrs":{"essential":true,"value":"c1"}}}

Access token

{
  "aud": "7c839e15-096b-4abb-a869-df9e6b34027c",
  "iss": "https://login.microsoftonline.com/5698af84-5720-4ff0-bdc3-9d9195314244/v2.0",
  "iat": 1648841224,
  "nbf": 1648841224,
  "exp": 1648845383,
  "acrs": [
    "c1"
  ],
  "azp": "7c839e15-096b-4abb-a869-df9e6b34027c",
  "azpacr": "1",
  "ver": "2.0",
  "xms_cc": [
    "cp1"
  ],
  // plus more claims
}

Links

https://github.com/Azure-Samples/ms-identity-ca-auth-context

https://github.com/Azure-Samples/ms-identity-dotnetcore-ca-auth-context-app

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

https://github.com/Azure-Samples/ms-identity-dotnetcore-daemon-graph-cae

https://docs.microsoft.com/en-us/azure/active-directory/develop/developer-guide-conditional-access-authentication-context

https://docs.microsoft.com/en-us/azure/active-directory/develop/claims-challenge

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-conditional-access-dev-guide

https://www.youtube.com/watch?v=_iO7CfoktTY

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation

https://openid.net/wg/sse/

https://github.com/damienbod/Blazor.BFF.AzureAD.Template

https://github.com/AzureAD/microsoft-identity-web

About

Microsoft Entra ID Continuous Access in an ASP.NET Core Razor Page, Blazor app using a Web API

damienbod.com/2022/04/20/implement-azure-ad-continuous-access-evaluation-in-an-asp-net-core-razor-page-app-using-a-web-api/

Topics

oauth dotnet oidc cae aad azuread blazor microsoftidentity continuousaccess razoraspnetcore

Resources

Readme

License

MIT license
Activity

Stars

15 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages