SaaSFactory.TenantAuth.AzureAAD
2.0.0
dotnet add package SaaSFactory.TenantAuth.AzureAAD --version 2.0.0
NuGet\Install-Package SaaSFactory.TenantAuth.AzureAAD -Version 2.0.0
<PackageReference Include="SaaSFactory.TenantAuth.AzureAAD" Version="2.0.0" />
<PackageVersion Include="SaaSFactory.TenantAuth.AzureAAD" Version="2.0.0" />
<PackageReference Include="SaaSFactory.TenantAuth.AzureAAD" />
paket add SaaSFactory.TenantAuth.AzureAAD --version 2.0.0
#r "nuget: SaaSFactory.TenantAuth.AzureAAD, 2.0.0"
#:package SaaSFactory.TenantAuth.AzureAAD@2.0.0
#addin nuget:?package=SaaSFactory.TenantAuth.AzureAAD&version=2.0.0
#tool nuget:?package=SaaSFactory.TenantAuth.AzureAAD&version=2.0.0
SaaSFactory.TenantAuth.AzureAD v2.0
Production-ready, multi-tenant Azure AD authentication for ASP.NET Core (.NET 8) with enhanced features, flexible audience validation, and configurable authentication policies.
๐ What's New in v2.0
- โ Enhanced Azure AD Integration with flexible audience validation
- โ Configurable Authentication Policies (optional global authentication)
- โ Improved Debugging with detailed error logging
- โ Legacy Format Support for better Azure AD compatibility
- โ Production Tested with real Azure AD environments
- โ Backward Compatible - all v1.x functionality preserved
Quick Start
Enhanced Authentication (Recommended)
`csharp using SaaSFactory.TenantAuth.AzureAD;
var builder = WebApplication.CreateBuilder(args);
// Enhanced authentication with advanced features builder.Services.AddEnhancedSaaSFactoryAzureADAuth( builder.Configuration, enableStrictTenantValidation: true, enableGlobalAuthPolicy: false, supportLegacyAudienceFormats: true );
builder.Services.AddControllers(); var app = builder.Build();
app.UseAuthentication(); app.UseAuthorization(); app.UseTenantValidation(); app.MapControllers(); app.Run(); `
Configuration
json { "AzureAd": { "Instance": "https://login.microsoftonline.com/", "Domain": "yourdomain.onmicrosoft.com", "TenantId": "your-tenant-id", "ClientId": "your-client-id", "Audience": "api://your-client-id" } }
Features
- ๐ Multi-tenant security with automatic tenant isolation
- ๐ข Enterprise-grade Azure AD integration
- โก High performance with memory caching
- ๐ Comprehensive logging and diagnostics
- ๐ง Flexible audience validation (supports both 'appId' and 'api://appId')
- โ๏ธ Configurable authentication policies
- ๐งช Well tested with unit and integration tests
Requirements
- .NET 8.0 or later
- Azure AD tenant with registered application
License
MIT License
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net8.0
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 8.0.0)
- Microsoft.Extensions.Caching.Memory (>= 8.0.1)
- Microsoft.Extensions.Configuration.Abstractions (>= 8.0.0)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 8.0.2)
- Microsoft.Extensions.Http (>= 8.0.1)
- Microsoft.Identity.Web (>= 2.15.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Major update v2.0.0 with enhanced Azure AD integration:
NEW ENHANCED FEATURES:
โ
Flexible audience validation (supports both 'appId' and 'api://appId' formats)
โ
Configurable global authentication policy (optional authentication requirement)
โ
Enhanced logging and debugging capabilities with detailed error context
โ
Support for legacy audience formats (backward compatibility for Azure AD variations)
โ
Optional strict tenant validation (can be disabled for external apps)
โ
Production-tested with real Azure AD environments
WHAT'S NEW:
- AddEnhancedSaaSFactoryAzureADAuth() method with advanced configuration options
- Flexible audience format handling for better Azure AD compatibility
- Enhanced error logging with detailed validation context
- Configurable authentication policies for different application types
BACKWARD COMPATIBILITY:
- Original AddSaaSFactoryAzureADAuth() method remains unchanged
- Existing applications continue to work without modifications
- All v1.x features preserved and enhanced
MIGRATION GUIDE:
- New projects: Use AddEnhancedSaaSFactoryAzureADAuth() for advanced features
- Existing projects: No changes required, or optionally upgrade to enhanced method
- External applications: Enhanced method provides better Azure AD compatibility
Includes all v1.x features:
- Strict per-tenant issuer/audience validation (fail-closed)
- Composite tenant resolution (header, path, subdomain, claims)
- DI-first setup with Microsoft.Identity.Web (JwtBearer)
- Structured logging, metrics, and optional tracing
- Dev-friendly idp-config endpoint and probe
- Comprehensive unit/integration tests