Nedo.AspNet.Authentication.EntraId
2.0.9
dotnet add package Nedo.AspNet.Authentication.EntraId --version 2.0.9
NuGet\Install-Package Nedo.AspNet.Authentication.EntraId -Version 2.0.9
<PackageReference Include="Nedo.AspNet.Authentication.EntraId" Version="2.0.9" />
<PackageVersion Include="Nedo.AspNet.Authentication.EntraId" Version="2.0.9" />
<PackageReference Include="Nedo.AspNet.Authentication.EntraId" />
paket add Nedo.AspNet.Authentication.EntraId --version 2.0.9
#r "nuget: Nedo.AspNet.Authentication.EntraId, 2.0.9"
#:package Nedo.AspNet.Authentication.EntraId@2.0.9
#addin nuget:?package=Nedo.AspNet.Authentication.EntraId&version=2.0.9
#tool nuget:?package=Nedo.AspNet.Authentication.EntraId&version=2.0.9
Nedo.AspNet.Authentication.EntraId
Microsoft Entra ID (formerly Azure AD) as the canonical token issuer (JWT-bearer pattern). Validates Entra-issued JWTs and auto-maps Entra app-roles + group claims to ASP.NET Core's ClaimTypes.Role.
Install
dotnet add package Nedo.AspNet.Authentication.EntraId
Quickstart
using Nedo.AspNet.Authentication.EntraId;
builder.Services.AddEntraId(opts =>
{
opts.TenantId = builder.Configuration["EntraId:TenantId"]!;
opts.Audience = builder.Configuration["EntraId:ClientId"]!;
});
builder.Services.AddAuthorization();
builder.Services.AddHttpContextAccessor();
builder.Services.AddScoped<IAuthContext, AuthContext>();
var app = builder.Build();
app.UseAuthentication();
app.UseNedoAuthContext();
app.UseAuthorization();
app.MapGet("/admin", (IAuthContext auth) => auth.UserId)
.RequireAuthorization(p => p.RequireRole("Admin.Read"));
Claims auto-mapping
| Entra claim | Mapped to |
|---|---|
roles: ["Admin.Read", "Reports.Write"] (app roles) |
ClaimTypes.Role (one per value) |
groups: ["<group-object-id>"] |
ClaimTypes.Role (raw GUIDs) |
preferred_username |
ClaimTypes.Name |
oid |
ClaimTypes.NameIdentifier |
tid |
left as tid (often re-emitted as tenant via a custom transformer) |
To translate group GUIDs to friendly role names, register an INedoClaimsTransformer from Nedo.AspNet.Authentication.Claims that maps groups → display names via Microsoft Graph or a hard-coded table.
Multi-tenant Entra apps
For an app registered as multi-tenant, set TenantId = "common" (or "organizations" / "consumers"). The validator switches to the Entra v2 multi-tenant issuer pattern and accepts tokens from any tenant your app is consented in.
Docs
docs/04-identity-providers.md — JWT-bearer pattern + Entra-specific notes.
For sign in with Microsoft Account (Microsoft consumer accounts via MSAL.js issuing your own JWTs), see Nedo.AspNet.Authentication.Microsoft — that's a different pattern (your app mints the session, Microsoft just verifies who).
License
MIT — see LICENSE.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net9.0
- Nedo.AspNet.Authentication (>= 2.0.9)
- Nedo.AspNet.Authentication.Claims (>= 2.0.9)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.