diff --git a/aspnetcore/blazor/hybrid/security/index.md b/aspnetcore/blazor/hybrid/security/index.md index 7ead4d52e877..e97d22bb89c4 100644 --- a/aspnetcore/blazor/hybrid/security/index.md +++ b/aspnetcore/blazor/hybrid/security/index.md @@ -56,12 +56,16 @@ WPF apps use the [Microsoft identity platform](/entra/identity-platform/) to int * [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](/azure/active-directory-b2c/quickstart-native-app-desktop) * [Configure authentication in a sample WPF desktop app by using Azure AD B2C](/azure/active-directory-b2c/configure-authentication-sample-wpf-desktop-app) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::zone-end :::zone pivot="winforms" Windows Forms apps use the [Microsoft identity platform](/entra/identity-platform/) to integrate with Microsoft Entra (ME-ID) and AAD B2C. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](/entra/identity-platform/msal-overview). +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::zone-end ## Create a custom `AuthenticationStateProvider` without user change updates @@ -594,12 +598,16 @@ WPF apps use the [Microsoft identity platform](/entra/identity-platform/) to int * [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](/azure/active-directory-b2c/quickstart-native-app-desktop) * [Configure authentication in a sample WPF desktop app by using Azure AD B2C](/azure/active-directory-b2c/configure-authentication-sample-wpf-desktop-app) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::zone-end :::zone pivot="winforms" Windows Forms apps use the [Microsoft identity platform](/entra/identity-platform/) to integrate with Microsoft Entra (ME-ID) and AAD B2C. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](/entra/identity-platform/msal-overview). +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::zone-end ## Create a custom `AuthenticationStateProvider` without user change updates diff --git a/aspnetcore/blazor/security/blazor-web-app-with-entra.md b/aspnetcore/blazor/security/blazor-web-app-with-entra.md index e4512509ad2f..50328fddf380 100644 --- a/aspnetcore/blazor/security/blazor-web-app-with-entra.md +++ b/aspnetcore/blazor/security/blazor-web-app-with-entra.md @@ -17,6 +17,8 @@ zone_pivot_groups: blazor-web-app-entra-specification --> +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article describes how to secure a Blazor Web App with [Microsoft identity platform](/entra/identity-platform/) with [Microsoft Identity Web packages](/entra/msal/dotnet/microsoft-identity-web/) for [Microsoft Entra ID](https://www.microsoft.com/security/business/microsoft-entra) using a sample app. :::zone pivot="with-yarp-and-aspire" @@ -1158,7 +1160,7 @@ For more information on how this app secures its weather data, see [Secure data * [Microsoft identity platform documentation](/entra/identity-platform/) * [Web API documentation | Microsoft identity platform](/entra/identity-platform/index-web-api) * [A web API that calls web APIs: Call an API: Option 2: Call a downstream web API with the helper class](/entra/identity-platform/scenario-web-api-call-api-call-api?tabs=aspnetcore#option-2-call-a-downstream-web-api-with-the-helper-class) -* [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID and Azure Active Directory B2C for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. +* [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. * [`AuthenticationStateProvider` service](xref:blazor/security/index#authenticationstateprovider-service) * [Manage authentication state in Blazor Web Apps](xref:blazor/security/index#manage-authentication-state-in-blazor-web-apps) * [Service abstractions in Blazor Web Apps](xref:blazor/call-web-api#service-abstractions-for-web-api-calls) diff --git a/aspnetcore/blazor/security/blazor-web-app-with-oidc.md b/aspnetcore/blazor/security/blazor-web-app-with-oidc.md index 0ac7cabad9b5..5ab62fab63de 100644 --- a/aspnetcore/blazor/security/blazor-web-app-with-oidc.md +++ b/aspnetcore/blazor/security/blazor-web-app-with-oidc.md @@ -13,13 +13,15 @@ zone_pivot_groups: blazor-web-app-oidc-specification [!INCLUDE[](~/includes/not-latest-version-without-not-supported-content.md)] +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article describes how to secure a Blazor Web App with [OpenID Connect (OIDC)](https://openid.net/developers/how-connect-works/) using a sample app in the [`dotnet/blazor-samples` GitHub repository (.NET 8 or later)](https://github.com/dotnet/blazor-samples) ([how to download](xref:blazor/fundamentals/index#sample-apps)). :::zone pivot="with-yarp-and-aspire" :::moniker range=">= aspnetcore-9.0" -For Microsoft Entra ID or Azure AD B2C, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . +For Microsoft Entra ID, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . :::moniker-end @@ -347,7 +349,7 @@ oidcOptions.RemoteSignOutPath = new PathString("/signout-oidc"); (*Microsoft Azure only with the "common" endpoint*) : Many OIDC providers work with the default issuer validator, but we need to account for the issuer parameterized with the Tenant ID (`{TENANT ID}`) returned by `https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration`. For more information, see [SecurityTokenInvalidIssuerException with OpenID Connect and the Azure AD "common" endpoint (`AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet` #1731)](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1731). -Only for apps using Microsoft Entra ID or Azure AD B2C with the "common" endpoint: +Only for apps using Microsoft Entra ID with the "common" endpoint: ```csharp var microsoftIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcOptions.Authority); @@ -380,7 +382,7 @@ The sample app only provides a user name and email for display purposes. :::moniker range=">= aspnetcore-9.0" -For Microsoft Entra ID or Azure AD B2C, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . +For Microsoft Entra ID, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . :::moniker-end @@ -727,7 +729,7 @@ oidcOptions.RemoteSignOutPath = new PathString("/signout-oidc"); (*Microsoft Azure only with the "common" endpoint*) : Many OIDC providers work with the default issuer validator, but we need to account for the issuer parameterized with the Tenant ID (`{TENANT ID}`) returned by `https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration`. For more information, see [SecurityTokenInvalidIssuerException with OpenID Connect and the Azure AD "common" endpoint (`AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet` #1731)](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1731). -Only for apps using Microsoft Entra ID or Azure AD B2C with the "common" endpoint: +Only for apps using Microsoft Entra ID with the "common" endpoint: ```csharp var microsoftIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcOptions.Authority); @@ -1108,7 +1110,7 @@ oidcOptions.RemoteSignOutPath = new PathString("/signout-oidc"); (*Microsoft Azure only with the "common" endpoint*) : Many OIDC providers work with the default issuer validator, but we need to account for the issuer parameterized with the Tenant ID (`{TENANT ID}`) returned by `https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration`. For more information, see [SecurityTokenInvalidIssuerException with OpenID Connect and the Azure AD "common" endpoint (`AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet` #1731)](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1731). -Only for apps using Microsoft Entra ID or Azure AD B2C with the "common" endpoint: +Only for apps using Microsoft Entra ID with the "common" endpoint: ```csharp var microsoftIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcOptions.Authority); @@ -1496,7 +1498,7 @@ For more information, see the [Duende Access Token Management documentation for for investigation/resolution. It might be addressed for .NET 11. --> -* [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID and Azure Active Directory B2C for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. +* [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. * [`AuthenticationStateProvider` service](xref:blazor/security/index#authenticationstateprovider-service) * [Manage authentication state in Blazor Web Apps](xref:blazor/security/index#manage-authentication-state-in-blazor-web-apps) * [Refresh token during http request in Blazor Interactive Server with OIDC (`dotnet/aspnetcore` #55213)](https://github.com/dotnet/aspnetcore/issues/55213) diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md index e6fdd09cdbc4..eec3fd2231e0 100644 --- a/aspnetcore/blazor/security/index.md +++ b/aspnetcore/blazor/security/index.md @@ -176,6 +176,8 @@ Permissible authentication values for the `{AUTHENTICATION}` placeholder are sho | `MultiOrg` | Organizational authentication for multiple tenants | | `Windows` | Windows Authentication | +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::moniker-end For more information, see the [`dotnet new`](/dotnet/core/tools/dotnet-new) command in the .NET Guide. @@ -213,6 +215,8 @@ Permissible authentication values for the `{AUTHENTICATION}` placeholder are sho | `MultiOrg` | Organizational authentication for multiple tenants | | `Windows` | Windows Authentication | +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::moniker-end For more information: diff --git a/aspnetcore/blazor/security/webassembly/graph-api.md b/aspnetcore/blazor/security/webassembly/graph-api.md index 4e744466f2de..bc93b118d26d 100644 --- a/aspnetcore/blazor/security/webassembly/graph-api.md +++ b/aspnetcore/blazor/security/webassembly/graph-api.md @@ -35,6 +35,8 @@ To provide feedback or seek assistance with this article or ASP.NET Core, see [!IMPORTANT] > The scenarios described in this article apply to using Microsoft Entra (ME-ID) as the identity provider, not AAD B2C. Using Microsoft Graph with a client-side Blazor WebAssembly app and the AAD B2C identity provider isn't supported at this time because the app would require a client secret, which can't be secured in the client-side Blazor app. For an AAD B2C standalone Blazor WebAssembly app use Graph API, create a backend server (web) API to access Graph API on behalf of users. The client-side app authenticates and authorizes users to [call the web API](xref:blazor/call-web-api) to securely access Microsoft Graph and return data to the client-side Blazor app from your server-based web API. The client secret is safely maintained in the server-based web API, not in the Blazor app on the client. **Never store a client secret in a client-side Blazor app.** +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::moniker range="< aspnetcore-8.0" Using a hosted Blazor WebAssembly app is supported, where the **:::no-loc text="Server":::** app uses the Graph SDK/API to provide Graph data to the **:::no-loc text="Client":::** app via web API. For more information, see the [Hosted Blazor WebAssembly solutions](#hosted-blazor-webassembly-solutions) section of this article. diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md index f0713489a794..813ed9043e58 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md @@ -12,6 +12,8 @@ uid: blazor/security/webassembly/hosted-with-azure-active-directory-b2c [!INCLUDE[](~/blazor/security/includes/hosted-blazor-webassembly-notice.md)] +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article explains how to create a [hosted Blazor WebAssembly solution](xref:blazor/hosting-models#blazor-webassembly) that uses [Azure Active Directory (AAD) B2C](/azure/active-directory-b2c/overview) for authentication. For additional security scenario coverage after reading this article, see . diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md index ec576bfc4d21..5e439a6586c6 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md @@ -12,6 +12,8 @@ uid: blazor/security/webassembly/hosted-with-microsoft-entra-id [!INCLUDE[](~/blazor/security/includes/hosted-blazor-webassembly-notice.md)] +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article explains how to create a [hosted Blazor WebAssembly solution](xref:blazor/hosting-models#blazor-webassembly) that uses [Microsoft Entra ID (ME-ID)](https://azure.microsoft.com/services/active-directory/) for authentication. This article focuses on a single tenant app with a single tenant Azure app registration. This article doesn't cover a *multi-tenant ME-ID registration*. For more information, see [Making your application multi-tenant](/entra/identity-platform/howto-convert-app-to-be-multi-tenant). diff --git a/aspnetcore/blazor/security/webassembly/index.md b/aspnetcore/blazor/security/webassembly/index.md index c49958eec8e0..9e7fbac395e5 100644 --- a/aspnetcore/blazor/security/webassembly/index.md +++ b/aspnetcore/blazor/security/webassembly/index.md @@ -351,6 +351,8 @@ Hosted Blazor WebAssembly apps: :::moniker-end +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + Further configuration guidance is found in the following articles: * diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md index a115deb85baf..10676a462767 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md @@ -16,7 +16,7 @@ This article explains how to secure an ASP.NET Core Blazor WebAssembly standalon The Blazor WebAssembly Authentication library (`Authentication.js`) only supports the Proof Key for Code Exchange (PKCE) authorization code flow via the [Microsoft Authentication Library (MSAL, `msal.js`)](/entra/identity-platform/msal-overview). To implement other grant flows, access the MSAL guidance to implement MSAL directly, but we don't support or recommend the use of grant flows other than PKCE for Blazor apps. -*For Microsoft Entra (ME-ID) and Azure Active Directory B2C (AAD B2C) guidance, don't follow the guidance in this topic. See or .* +*For Microsoft Entra (ME-ID) guidance, don't follow the guidance in this topic. See .* For additional security scenario coverage after reading this article, see . diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md index 405fa2632178..14725f6fc0bc 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md @@ -12,6 +12,8 @@ uid: blazor/security/webassembly/standalone-with-azure-active-directory-b2c [!INCLUDE[](~/includes/not-latest-version.md)] +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article explains how to create a [standalone Blazor WebAssembly app](xref:blazor/hosting-models#blazor-webassembly) that uses [Azure Active Directory (AAD) B2C](/azure/active-directory-b2c/overview) for authentication. For additional security scenario coverage after reading this article, see . diff --git a/aspnetcore/includes/DuendeIdentityServer.md b/aspnetcore/includes/DuendeIdentityServer.md index ea7f0ebf1fe5..ad3017145eb2 100644 --- a/aspnetcore/includes/DuendeIdentityServer.md +++ b/aspnetcore/includes/DuendeIdentityServer.md @@ -1,7 +1,6 @@ ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following: * [Microsoft Entra ID](/azure/api-management/api-management-howto-protect-backend-with-aad) -* [Azure Active Directory B2C](/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw) (Azure AD B2C) * [Duende Identity Server](https://docs.duendesoftware.com) Duende Identity Server is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Duende Identity Server enables the following security features: diff --git a/aspnetcore/includes/IdentityServer4.md b/aspnetcore/includes/IdentityServer4.md index fb41061ae6a3..d0fe356034c9 100644 --- a/aspnetcore/includes/IdentityServer4.md +++ b/aspnetcore/includes/IdentityServer4.md @@ -1,7 +1,6 @@ ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following: * [Microsoft Entra ID](/azure/api-management/api-management-howto-protect-backend-with-aad) -* [Azure Active Directory B2C](/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw) (Azure AD B2C) * [Duende IdentityServer](https://docs.duendesoftware.com). Duende IdentityServer is 3rd party product. Duende IdentityServer is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Duende IdentityServer enables the following security features: diff --git a/aspnetcore/includes/azure-active-directory-b2c-eol-support-notice.md b/aspnetcore/includes/azure-active-directory-b2c-eol-support-notice.md new file mode 100644 index 000000000000..5c119169f5ed --- /dev/null +++ b/aspnetcore/includes/azure-active-directory-b2c-eol-support-notice.md @@ -0,0 +1,7 @@ + + +> [!NOTE] +> Azure Active Directory B2C is no longer available as a service to new customers as of May 1, 2025. For more information, see [Azure AD B2C: Frequently asked questions (FAQ)](/azure/active-directory-b2c/faq). diff --git a/aspnetcore/security/authentication/azure-active-directory/index.md b/aspnetcore/security/authentication/azure-active-directory/index.md index d88b16b802d1..e3c56aad8d3f 100644 --- a/aspnetcore/security/authentication/azure-active-directory/index.md +++ b/aspnetcore/security/authentication/azure-active-directory/index.md @@ -3,7 +3,7 @@ title: Microsoft identity platform and Microsoft Entra ID with ASP.NET Core author: wpickett description: Discover topics related to authentication with Microsoft identity platform Microsoft Entra ID for web apps and APIs in ASP.NET Core. ms.author: wpickett -ms.date: 01/21/2020 +ms.date: 01/22/2026 ms.custom: mvc uid: security/authentication/azure-active-directory/index --- @@ -18,7 +18,6 @@ These tutorials and samples demonstrate authentication in ASP.NET Core using Mic * [Web app that calls web APIs](/azure/active-directory/develop/scenario-web-app-call-api-overview) * [Protected web API](/azure/active-directory/develop/scenario-protected-web-api-overview) * [Web API that calls other web APIs](/azure/active-directory/develop/scenario-web-api-call-api-overview) -* [Web app that signs in users with Azure AD B2C](xref:security/authentication/azure-ad-b2c) ## Samples diff --git a/aspnetcore/security/authentication/azure-ad-b2c.md b/aspnetcore/security/authentication/azure-ad-b2c.md index 70ca64e7e2b0..7df298f00e51 100644 --- a/aspnetcore/security/authentication/azure-ad-b2c.md +++ b/aspnetcore/security/authentication/azure-ad-b2c.md @@ -4,13 +4,15 @@ author: guardrex description: Discover how to set up Azure Active Directory B2C authentication with ASP.NET Core. ms.author: wpickett ms.custom: "devx-track-csharp, mvc" -ms.date: 07/22/2021 +ms.date: 01/22/2026 uid: security/authentication/azure-ad-b2c --- # Cloud authentication with Azure Active Directory B2C in ASP.NET Core By [Damien Bod](https://github.com/damienbod) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + [Azure Active Directory B2C](/azure/active-directory-b2c/active-directory-b2c-overview) (Azure AD B2C) is a cloud identity management solution for web and mobile apps. The service provides authentication for apps hosted in the cloud and on-premises. Authentication types include individual accounts, social network accounts, and federated enterprise accounts. Additionally, Azure AD B2C can provide multi-factor authentication with minimal configuration. > [!TIP] diff --git a/aspnetcore/security/authentication/configure-oidc-web-authentication.md b/aspnetcore/security/authentication/configure-oidc-web-authentication.md index b76264915d2c..2551d4bf0ced 100644 --- a/aspnetcore/security/authentication/configure-oidc-web-authentication.md +++ b/aspnetcore/security/authentication/configure-oidc-web-authentication.md @@ -5,7 +5,7 @@ description: Learn how to set up OpenID Connect authentication in an ASP.NET Cor monikerRange: '>= aspnetcore-8.0' ms.author: tdykstra ms.custom: mvc -ms.date: 12/2/2024 +ms.date: 01/22/2026 uid: security/authentication/configure-oidc-web-authentication --- # Configure OpenID Connect Web (UI) authentication in ASP.NET Core @@ -314,7 +314,6 @@ Microsoft has multiple identity providers and OpenID Connect implementations. Mi * Microsoft Entra ID * Microsoft Entra External ID -* Azure AD B2C If authenticating using one of the Microsoft identity providers in ASP.NET Core, it is recommended to use the [`Microsoft.Identity.Web`](https://github.com/AzureAD/microsoft-identity-web) Nuget packages. diff --git a/aspnetcore/security/authentication/individual.md b/aspnetcore/security/authentication/individual.md index 6466f8cd5b27..ea9d4ce5e014 100644 --- a/aspnetcore/security/authentication/individual.md +++ b/aspnetcore/security/authentication/individual.md @@ -3,7 +3,7 @@ title: Articles based on ASP.NET Core projects created with individual accounts author: tdykstra description: Discover articles based on ASP.NET Core projects created with individual accounts. ms.author: tdykstra -ms.date: 12/11/2019 +ms.date: 01/22/2026 uid: security/authentication/individual --- # Articles based on ASP.NET Core projects created with individual accounts @@ -64,6 +64,8 @@ The following table shows the authentication options available for new web apps: | MultiOrg | Organizational authentication for multiple tenants. | [Entra ID](/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp) | | Windows | Windows authentication. | [Windows Authentication](xref:security/authentication/windowsauth) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + ## Visual Studio new webapp authentication options The following table shows the authentication options available when creating a new web app with Visual Studio: @@ -77,6 +79,8 @@ The following table shows the authentication options available when creating a n | Work or School Cloud / Multiple Org | Organizational authentication for multiple tenants | [Azure AD](/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp) | | Windows | Windows authentication | [Windows Authentication](xref:security/authentication/windowsauth) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + ## Additional resources The following articles show how to use the code generated in ASP.NET Core templates that use individual accounts: diff --git a/aspnetcore/security/authorization/limitingidentitybyscheme.md b/aspnetcore/security/authorization/limitingidentitybyscheme.md index 960c2e605d1f..732f5a61145a 100644 --- a/aspnetcore/security/authorization/limitingidentitybyscheme.md +++ b/aspnetcore/security/authorization/limitingidentitybyscheme.md @@ -4,7 +4,7 @@ author: wadepickett description: This article explains how to limit identity to a specific scheme when working with multiple authentication methods. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett -ms.date: 1/11/2022 +ms.date: 01/22/2026 uid: security/authorization/limitingidentitybyscheme --- # Authorize with a specific scheme in ASP.NET Core @@ -63,7 +63,7 @@ Update the default authorization policy to accept both authentication schemes. F As the default authorization policy is overridden, it's possible to use the `[Authorize]` attribute in controllers. The controller then accepts requests with JWT issued by the first or second issuer. -See [this GitHub issue](https://github.com/dotnet/aspnetcore/issues/26002) on using multiple authentication schemes. +For more information on using multiple authentication schemes, see [Multiple jwt authentication schemes can't validate signature key (`dotnet/aspnetcore` #26002)](https://github.com/dotnet/aspnetcore/issues/26002). The following example uses [Azure Active Directory B2C](/azure/active-directory-b2c/overview) and another [Azure Active Directory](/azure/active-directory/authentication/overview-authentication) tenant: