1 | initial version |
In order to grant permission for accessing resources in another tenant using AuthorizeForScopes, you need to follow these steps:
Add the AzureAd
package to your project.
Configure the Authentication
settings in your Startup.cs
file to include the TenantId
of the other tenant. For example:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
options.CallbackPath = "/signin-oidc";
options.TenantId = "ANOTHER_TENANT_ID"; // add the TenantId of the other tenant
options.Instance = "https://login.microsoftonline.com/";
options.ClientId = Configuration["AzureAd:ClientId"];
options.ClientSecret = Configuration["AzureAd:ClientSecret"];
AuthorizeForScopes
attribute in your Controllers or Actions to grant access to specific scopes. For example:[AuthorizeForScopes(Scopes = new[] { "https://ANOTHER_TENANT_NAME.onmicrosoft.com/scope1", "https://ANOTHER_TENANT_NAME.onmicrosoft.com/scope2" })]
public async Task<IActionResult> MyAction()
{
// code goes here
}
Expose an API
section in the App Registration portal and adding the required scopes.