From 31e68f6a860421119e0892cd67f960489f4a9082 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Mon, 24 Nov 2025 07:54:49 -0500 Subject: [PATCH 1/5] AAD B2C support notice for articles --- .../includes/azure-active-directory-b2c-support-notice.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md diff --git a/aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md b/aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md new file mode 100644 index 000000000000..7d65266c692f --- /dev/null +++ b/aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md @@ -0,0 +1,7 @@ + + +> [!NOTE] +> Azure Active Directory B2C is no longer available as a service to new customers as of May 1, 2025. AAD B2C tenants are supported for customers with accounts established prior to May 1, 2025 until 2030. For more information, see [Azure AD B2C: Frequently asked questions (FAQ)](/azure/active-directory-b2c/faq). From a254e447426e72defe9ce99990e8b2c526cda69c Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Tue, 13 Jan 2026 06:01:02 -0500 Subject: [PATCH 2/5] React to feedback --- .../includes/azure-active-directory-b2c-support-notice.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md b/aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md index 7d65266c692f..5c119169f5ed 100644 --- a/aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md +++ b/aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md @@ -4,4 +4,4 @@ accounts established prior to 5/1/25. --> > [!NOTE] -> Azure Active Directory B2C is no longer available as a service to new customers as of May 1, 2025. AAD B2C tenants are supported for customers with accounts established prior to May 1, 2025 until 2030. For more information, see [Azure AD B2C: Frequently asked questions (FAQ)](/azure/active-directory-b2c/faq). +> Azure Active Directory B2C is no longer available as a service to new customers as of May 1, 2025. For more information, see [Azure AD B2C: Frequently asked questions (FAQ)](/azure/active-directory-b2c/faq). From 92156e60333448167769501fe0acd4f90eb2ee62 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Tue, 13 Jan 2026 06:23:29 -0500 Subject: [PATCH 3/5] Move INCLUDES file and add to articles --- aspnetcore/blazor/hybrid/security/index.md | 8 ++++++++ .../blazor/security/blazor-web-app-with-entra.md | 4 +++- .../blazor/security/blazor-web-app-with-oidc.md | 16 +++++++++------- aspnetcore/blazor/security/index.md | 4 ++++ .../blazor/security/webassembly/graph-api.md | 2 ++ .../hosted-with-azure-active-directory-b2c.md | 2 ++ .../hosted-with-microsoft-entra-id.md | 2 ++ aspnetcore/blazor/security/webassembly/index.md | 2 ++ .../standalone-with-authentication-library.md | 2 +- ...standalone-with-azure-active-directory-b2c.md | 2 ++ aspnetcore/includes/DuendeIdentityServer.md | 1 - aspnetcore/includes/IdentityServer4.md | 1 - ...e-active-directory-b2c-eol-support-notice.md} | 0 .../azure-active-directory/index.md | 1 - .../security/authentication/azure-ad-b2c.md | 2 ++ .../configure-oidc-web-authentication.md | 1 - aspnetcore/security/authentication/individual.md | 4 ++++ 17 files changed, 41 insertions(+), 13 deletions(-) rename aspnetcore/{blazor/includes/azure-active-directory-b2c-support-notice.md => includes/azure-active-directory-b2c-eol-support-notice.md} (100%) diff --git a/aspnetcore/blazor/hybrid/security/index.md b/aspnetcore/blazor/hybrid/security/index.md index 7ead4d52e877..e97d22bb89c4 100644 --- a/aspnetcore/blazor/hybrid/security/index.md +++ b/aspnetcore/blazor/hybrid/security/index.md @@ -56,12 +56,16 @@ WPF apps use the [Microsoft identity platform](/entra/identity-platform/) to int * [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](/azure/active-directory-b2c/quickstart-native-app-desktop) * [Configure authentication in a sample WPF desktop app by using Azure AD B2C](/azure/active-directory-b2c/configure-authentication-sample-wpf-desktop-app) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::zone-end :::zone pivot="winforms" Windows Forms apps use the [Microsoft identity platform](/entra/identity-platform/) to integrate with Microsoft Entra (ME-ID) and AAD B2C. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](/entra/identity-platform/msal-overview). +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::zone-end ## Create a custom `AuthenticationStateProvider` without user change updates @@ -594,12 +598,16 @@ WPF apps use the [Microsoft identity platform](/entra/identity-platform/) to int * [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](/azure/active-directory-b2c/quickstart-native-app-desktop) * [Configure authentication in a sample WPF desktop app by using Azure AD B2C](/azure/active-directory-b2c/configure-authentication-sample-wpf-desktop-app) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::zone-end :::zone pivot="winforms" Windows Forms apps use the [Microsoft identity platform](/entra/identity-platform/) to integrate with Microsoft Entra (ME-ID) and AAD B2C. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](/entra/identity-platform/msal-overview). +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::zone-end ## Create a custom `AuthenticationStateProvider` without user change updates diff --git a/aspnetcore/blazor/security/blazor-web-app-with-entra.md b/aspnetcore/blazor/security/blazor-web-app-with-entra.md index 7b512b64a3f6..88baa77844af 100644 --- a/aspnetcore/blazor/security/blazor-web-app-with-entra.md +++ b/aspnetcore/blazor/security/blazor-web-app-with-entra.md @@ -16,6 +16,8 @@ zone_pivot_groups: blazor-web-app-entra-specification [!INCLUDE[](~/includes/not-latest-version.md)] --> +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article describes how to secure a Blazor Web App with [Microsoft identity platform](/entra/identity-platform/) with [Microsoft Identity Web packages](/entra/msal/dotnet/microsoft-identity-web/) for [Microsoft Entra ID](https://www.microsoft.com/security/business/microsoft-entra) using a sample app. :::zone pivot="non-bff-pattern" @@ -972,7 +974,7 @@ For more information on how this app secures its weather data, see [Secure data * [Microsoft identity platform documentation](/entra/identity-platform/) * [Web API documentation | Microsoft identity platform](/entra/identity-platform/index-web-api) * [A web API that calls web APIs: Call an API: Option 2: Call a downstream web API with the helper class](/entra/identity-platform/scenario-web-api-call-api-call-api?tabs=aspnetcore#option-2-call-a-downstream-web-api-with-the-helper-class) -* [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID and Azure Active Directory B2C for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. +* [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. * [`AuthenticationStateProvider` service](xref:blazor/security/index#authenticationstateprovider-service) * [Manage authentication state in Blazor Web Apps](xref:blazor/security/index#manage-authentication-state-in-blazor-web-apps) * [Service abstractions in Blazor Web Apps](xref:blazor/call-web-api#service-abstractions-for-web-api-calls) diff --git a/aspnetcore/blazor/security/blazor-web-app-with-oidc.md b/aspnetcore/blazor/security/blazor-web-app-with-oidc.md index a1a2485fbe3d..f0ff18a93dfd 100644 --- a/aspnetcore/blazor/security/blazor-web-app-with-oidc.md +++ b/aspnetcore/blazor/security/blazor-web-app-with-oidc.md @@ -13,13 +13,15 @@ zone_pivot_groups: blazor-web-app-oidc-specification [!INCLUDE[](~/includes/not-latest-version-without-not-supported-content.md)] +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article describes how to secure a Blazor Web App with [OpenID Connect (OIDC)](https://openid.net/developers/how-connect-works/) using a sample app in the [`dotnet/blazor-samples` GitHub repository (.NET 8 or later)](https://github.com/dotnet/blazor-samples) ([how to download](xref:blazor/fundamentals/index#sample-apps)). :::zone pivot="non-bff-pattern" :::moniker range=">= aspnetcore-9.0" -For Microsoft Entra ID or Azure AD B2C, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . +For Microsoft Entra ID, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . :::moniker-end @@ -368,7 +370,7 @@ oidcOptions.RemoteSignOutPath = new PathString("/signout-oidc"); (*Microsoft Azure only with the "common" endpoint*) : Many OIDC providers work with the default issuer validator, but we need to account for the issuer parameterized with the Tenant ID (`{TENANT ID}`) returned by `https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration`. For more information, see [SecurityTokenInvalidIssuerException with OpenID Connect and the Azure AD "common" endpoint (`AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet` #1731)](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1731). -Only for apps using Microsoft Entra ID or Azure AD B2C with the "common" endpoint: +Only for apps using Microsoft Entra ID with the "common" endpoint: ```csharp var microsoftIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcOptions.Authority); @@ -401,7 +403,7 @@ The sample app only provides a user name and email for display purposes. :::moniker range=">= aspnetcore-9.0" -For Microsoft Entra ID or Azure AD B2C, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . +For Microsoft Entra ID, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . :::moniker-end @@ -749,7 +751,7 @@ oidcOptions.RemoteSignOutPath = new PathString("/signout-oidc"); (*Microsoft Azure only with the "common" endpoint*) : Many OIDC providers work with the default issuer validator, but we need to account for the issuer parameterized with the Tenant ID (`{TENANT ID}`) returned by `https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration`. For more information, see [SecurityTokenInvalidIssuerException with OpenID Connect and the Azure AD "common" endpoint (`AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet` #1731)](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1731). -Only for apps using Microsoft Entra ID or Azure AD B2C with the "common" endpoint: +Only for apps using Microsoft Entra ID with the "common" endpoint: ```csharp var microsoftIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcOptions.Authority); @@ -762,7 +764,7 @@ oidcOptions.TokenValidationParameters.IssuerValidator = microsoftIssuerValidator :::moniker range=">= aspnetcore-9.0" -For Microsoft Entra ID or Azure AD B2C, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . +For Microsoft Entra ID, you can use from [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) ([`Microsoft.Identity.Web` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web), [API documentation]()), which adds both the OIDC and Cookie authentication handlers with the appropriate defaults. The sample app and the guidance in this article don't use Microsoft Identity Web. The guidance demonstrates how to configure the OIDC handler *manually* for any OIDC provider. For more information on implementing Microsoft Identity Web, see . :::moniker-end @@ -1086,7 +1088,7 @@ oidcOptions.RemoteSignOutPath = new PathString("/signout-oidc"); (*Microsoft Azure only with the "common" endpoint*) : Many OIDC providers work with the default issuer validator, but we need to account for the issuer parameterized with the Tenant ID (`{TENANT ID}`) returned by `https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration`. For more information, see [SecurityTokenInvalidIssuerException with OpenID Connect and the Azure AD "common" endpoint (`AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet` #1731)](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1731). -Only for apps using Microsoft Entra ID or Azure AD B2C with the "common" endpoint: +Only for apps using Microsoft Entra ID with the "common" endpoint: ```csharp var microsoftIssuerValidator = AadIssuerValidator.GetAadIssuerValidator(oidcOptions.Authority); @@ -1491,7 +1493,7 @@ For more information, see the [Duende Access Token Management documentation for -* [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID and Azure Active Directory B2C for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. +* [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. * [`AuthenticationStateProvider` service](xref:blazor/security/index#authenticationstateprovider-service) * [Manage authentication state in Blazor Web Apps](xref:blazor/security/index#manage-authentication-state-in-blazor-web-apps) * [Refresh token during http request in Blazor Interactive Server with OIDC (`dotnet/aspnetcore` #55213)](https://github.com/dotnet/aspnetcore/issues/55213) diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md index 3a820c5ffc9b..fd5d005039aa 100644 --- a/aspnetcore/blazor/security/index.md +++ b/aspnetcore/blazor/security/index.md @@ -176,6 +176,8 @@ Permissible authentication values for the `{AUTHENTICATION}` placeholder are sho | `MultiOrg` | Organizational authentication for multiple tenants | | `Windows` | Windows Authentication | +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::moniker-end For more information, see the [`dotnet new`](/dotnet/core/tools/dotnet-new) command in the .NET Guide. @@ -213,6 +215,8 @@ Permissible authentication values for the `{AUTHENTICATION}` placeholder are sho | `MultiOrg` | Organizational authentication for multiple tenants | | `Windows` | Windows Authentication | +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::moniker-end For more information: diff --git a/aspnetcore/blazor/security/webassembly/graph-api.md b/aspnetcore/blazor/security/webassembly/graph-api.md index 4e744466f2de..bc93b118d26d 100644 --- a/aspnetcore/blazor/security/webassembly/graph-api.md +++ b/aspnetcore/blazor/security/webassembly/graph-api.md @@ -35,6 +35,8 @@ To provide feedback or seek assistance with this article or ASP.NET Core, see [!IMPORTANT] > The scenarios described in this article apply to using Microsoft Entra (ME-ID) as the identity provider, not AAD B2C. Using Microsoft Graph with a client-side Blazor WebAssembly app and the AAD B2C identity provider isn't supported at this time because the app would require a client secret, which can't be secured in the client-side Blazor app. For an AAD B2C standalone Blazor WebAssembly app use Graph API, create a backend server (web) API to access Graph API on behalf of users. The client-side app authenticates and authorizes users to [call the web API](xref:blazor/call-web-api) to securely access Microsoft Graph and return data to the client-side Blazor app from your server-based web API. The client secret is safely maintained in the server-based web API, not in the Blazor app on the client. **Never store a client secret in a client-side Blazor app.** +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + :::moniker range="< aspnetcore-8.0" Using a hosted Blazor WebAssembly app is supported, where the **:::no-loc text="Server":::** app uses the Graph SDK/API to provide Graph data to the **:::no-loc text="Client":::** app via web API. For more information, see the [Hosted Blazor WebAssembly solutions](#hosted-blazor-webassembly-solutions) section of this article. diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md index f0713489a794..813ed9043e58 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md @@ -12,6 +12,8 @@ uid: blazor/security/webassembly/hosted-with-azure-active-directory-b2c [!INCLUDE[](~/blazor/security/includes/hosted-blazor-webassembly-notice.md)] +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article explains how to create a [hosted Blazor WebAssembly solution](xref:blazor/hosting-models#blazor-webassembly) that uses [Azure Active Directory (AAD) B2C](/azure/active-directory-b2c/overview) for authentication. For additional security scenario coverage after reading this article, see . diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md index ec576bfc4d21..5e439a6586c6 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md @@ -12,6 +12,8 @@ uid: blazor/security/webassembly/hosted-with-microsoft-entra-id [!INCLUDE[](~/blazor/security/includes/hosted-blazor-webassembly-notice.md)] +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article explains how to create a [hosted Blazor WebAssembly solution](xref:blazor/hosting-models#blazor-webassembly) that uses [Microsoft Entra ID (ME-ID)](https://azure.microsoft.com/services/active-directory/) for authentication. This article focuses on a single tenant app with a single tenant Azure app registration. This article doesn't cover a *multi-tenant ME-ID registration*. For more information, see [Making your application multi-tenant](/entra/identity-platform/howto-convert-app-to-be-multi-tenant). diff --git a/aspnetcore/blazor/security/webassembly/index.md b/aspnetcore/blazor/security/webassembly/index.md index b2e6ad489ce8..9f9bf17a1619 100644 --- a/aspnetcore/blazor/security/webassembly/index.md +++ b/aspnetcore/blazor/security/webassembly/index.md @@ -351,6 +351,8 @@ Hosted Blazor WebAssembly apps: :::moniker-end +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + Further configuration guidance is found in the following articles: * diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md index a115deb85baf..10676a462767 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md @@ -16,7 +16,7 @@ This article explains how to secure an ASP.NET Core Blazor WebAssembly standalon The Blazor WebAssembly Authentication library (`Authentication.js`) only supports the Proof Key for Code Exchange (PKCE) authorization code flow via the [Microsoft Authentication Library (MSAL, `msal.js`)](/entra/identity-platform/msal-overview). To implement other grant flows, access the MSAL guidance to implement MSAL directly, but we don't support or recommend the use of grant flows other than PKCE for Blazor apps. -*For Microsoft Entra (ME-ID) and Azure Active Directory B2C (AAD B2C) guidance, don't follow the guidance in this topic. See or .* +*For Microsoft Entra (ME-ID) guidance, don't follow the guidance in this topic. See .* For additional security scenario coverage after reading this article, see . diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md index 405fa2632178..14725f6fc0bc 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-azure-active-directory-b2c.md @@ -12,6 +12,8 @@ uid: blazor/security/webassembly/standalone-with-azure-active-directory-b2c [!INCLUDE[](~/includes/not-latest-version.md)] +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + This article explains how to create a [standalone Blazor WebAssembly app](xref:blazor/hosting-models#blazor-webassembly) that uses [Azure Active Directory (AAD) B2C](/azure/active-directory-b2c/overview) for authentication. For additional security scenario coverage after reading this article, see . diff --git a/aspnetcore/includes/DuendeIdentityServer.md b/aspnetcore/includes/DuendeIdentityServer.md index ea7f0ebf1fe5..ad3017145eb2 100644 --- a/aspnetcore/includes/DuendeIdentityServer.md +++ b/aspnetcore/includes/DuendeIdentityServer.md @@ -1,7 +1,6 @@ ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following: * [Microsoft Entra ID](/azure/api-management/api-management-howto-protect-backend-with-aad) -* [Azure Active Directory B2C](/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw) (Azure AD B2C) * [Duende Identity Server](https://docs.duendesoftware.com) Duende Identity Server is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Duende Identity Server enables the following security features: diff --git a/aspnetcore/includes/IdentityServer4.md b/aspnetcore/includes/IdentityServer4.md index fb41061ae6a3..d0fe356034c9 100644 --- a/aspnetcore/includes/IdentityServer4.md +++ b/aspnetcore/includes/IdentityServer4.md @@ -1,7 +1,6 @@ ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following: * [Microsoft Entra ID](/azure/api-management/api-management-howto-protect-backend-with-aad) -* [Azure Active Directory B2C](/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw) (Azure AD B2C) * [Duende IdentityServer](https://docs.duendesoftware.com). Duende IdentityServer is 3rd party product. Duende IdentityServer is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Duende IdentityServer enables the following security features: diff --git a/aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md b/aspnetcore/includes/azure-active-directory-b2c-eol-support-notice.md similarity index 100% rename from aspnetcore/blazor/includes/azure-active-directory-b2c-support-notice.md rename to aspnetcore/includes/azure-active-directory-b2c-eol-support-notice.md diff --git a/aspnetcore/security/authentication/azure-active-directory/index.md b/aspnetcore/security/authentication/azure-active-directory/index.md index d88b16b802d1..9f5a60c71e84 100644 --- a/aspnetcore/security/authentication/azure-active-directory/index.md +++ b/aspnetcore/security/authentication/azure-active-directory/index.md @@ -18,7 +18,6 @@ These tutorials and samples demonstrate authentication in ASP.NET Core using Mic * [Web app that calls web APIs](/azure/active-directory/develop/scenario-web-app-call-api-overview) * [Protected web API](/azure/active-directory/develop/scenario-protected-web-api-overview) * [Web API that calls other web APIs](/azure/active-directory/develop/scenario-web-api-call-api-overview) -* [Web app that signs in users with Azure AD B2C](xref:security/authentication/azure-ad-b2c) ## Samples diff --git a/aspnetcore/security/authentication/azure-ad-b2c.md b/aspnetcore/security/authentication/azure-ad-b2c.md index 70ca64e7e2b0..cf7e82a57ca9 100644 --- a/aspnetcore/security/authentication/azure-ad-b2c.md +++ b/aspnetcore/security/authentication/azure-ad-b2c.md @@ -11,6 +11,8 @@ uid: security/authentication/azure-ad-b2c By [Damien Bod](https://github.com/damienbod) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + [Azure Active Directory B2C](/azure/active-directory-b2c/active-directory-b2c-overview) (Azure AD B2C) is a cloud identity management solution for web and mobile apps. The service provides authentication for apps hosted in the cloud and on-premises. Authentication types include individual accounts, social network accounts, and federated enterprise accounts. Additionally, Azure AD B2C can provide multi-factor authentication with minimal configuration. > [!TIP] diff --git a/aspnetcore/security/authentication/configure-oidc-web-authentication.md b/aspnetcore/security/authentication/configure-oidc-web-authentication.md index b76264915d2c..7bd979d4937e 100644 --- a/aspnetcore/security/authentication/configure-oidc-web-authentication.md +++ b/aspnetcore/security/authentication/configure-oidc-web-authentication.md @@ -314,7 +314,6 @@ Microsoft has multiple identity providers and OpenID Connect implementations. Mi * Microsoft Entra ID * Microsoft Entra External ID -* Azure AD B2C If authenticating using one of the Microsoft identity providers in ASP.NET Core, it is recommended to use the [`Microsoft.Identity.Web`](https://github.com/AzureAD/microsoft-identity-web) Nuget packages. diff --git a/aspnetcore/security/authentication/individual.md b/aspnetcore/security/authentication/individual.md index 6466f8cd5b27..afefad5699e0 100644 --- a/aspnetcore/security/authentication/individual.md +++ b/aspnetcore/security/authentication/individual.md @@ -64,6 +64,8 @@ The following table shows the authentication options available for new web apps: | MultiOrg | Organizational authentication for multiple tenants. | [Entra ID](/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp) | | Windows | Windows authentication. | [Windows Authentication](xref:security/authentication/windowsauth) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + ## Visual Studio new webapp authentication options The following table shows the authentication options available when creating a new web app with Visual Studio: @@ -77,6 +79,8 @@ The following table shows the authentication options available when creating a n | Work or School Cloud / Multiple Org | Organizational authentication for multiple tenants | [Azure AD](/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp) | | Windows | Windows authentication | [Windows Authentication](xref:security/authentication/windowsauth) +[!INCLUDE[](~/includes/azure-active-directory-b2c-eol-support-notice.md)] + ## Additional resources The following articles show how to use the code generated in ASP.NET Core templates that use individual accounts: From 28f3c2b3cca2cbcac6ba2ba7adfd8d752e5ad7e7 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Tue, 13 Jan 2026 06:58:53 -0500 Subject: [PATCH 4/5] Refactor link text --- aspnetcore/security/authorization/limitingidentitybyscheme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/security/authorization/limitingidentitybyscheme.md b/aspnetcore/security/authorization/limitingidentitybyscheme.md index 960c2e605d1f..2290d6c99c13 100644 --- a/aspnetcore/security/authorization/limitingidentitybyscheme.md +++ b/aspnetcore/security/authorization/limitingidentitybyscheme.md @@ -63,7 +63,7 @@ Update the default authorization policy to accept both authentication schemes. F As the default authorization policy is overridden, it's possible to use the `[Authorize]` attribute in controllers. The controller then accepts requests with JWT issued by the first or second issuer. -See [this GitHub issue](https://github.com/dotnet/aspnetcore/issues/26002) on using multiple authentication schemes. +For more information on using multiple authentication schemes, see [Multiple jwt authentication schemes can't validate signature key (`dotnet/aspnetcore` #26002)](https://github.com/dotnet/aspnetcore/issues/26002). The following example uses [Azure Active Directory B2C](/azure/active-directory-b2c/overview) and another [Azure Active Directory](/azure/active-directory/authentication/overview-authentication) tenant: From c4cb26ff88dc132e85ef17e1a08f48bad2d217da Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Thu, 22 Jan 2026 14:05:37 -0500 Subject: [PATCH 5/5] Update ms.date metadata --- .../security/authentication/azure-active-directory/index.md | 2 +- aspnetcore/security/authentication/azure-ad-b2c.md | 2 +- .../authentication/configure-oidc-web-authentication.md | 2 +- aspnetcore/security/authentication/individual.md | 2 +- aspnetcore/security/authorization/limitingidentitybyscheme.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/aspnetcore/security/authentication/azure-active-directory/index.md b/aspnetcore/security/authentication/azure-active-directory/index.md index 9f5a60c71e84..e3c56aad8d3f 100644 --- a/aspnetcore/security/authentication/azure-active-directory/index.md +++ b/aspnetcore/security/authentication/azure-active-directory/index.md @@ -3,7 +3,7 @@ title: Microsoft identity platform and Microsoft Entra ID with ASP.NET Core author: wpickett description: Discover topics related to authentication with Microsoft identity platform Microsoft Entra ID for web apps and APIs in ASP.NET Core. ms.author: wpickett -ms.date: 01/21/2020 +ms.date: 01/22/2026 ms.custom: mvc uid: security/authentication/azure-active-directory/index --- diff --git a/aspnetcore/security/authentication/azure-ad-b2c.md b/aspnetcore/security/authentication/azure-ad-b2c.md index cf7e82a57ca9..7df298f00e51 100644 --- a/aspnetcore/security/authentication/azure-ad-b2c.md +++ b/aspnetcore/security/authentication/azure-ad-b2c.md @@ -4,7 +4,7 @@ author: guardrex description: Discover how to set up Azure Active Directory B2C authentication with ASP.NET Core. ms.author: wpickett ms.custom: "devx-track-csharp, mvc" -ms.date: 07/22/2021 +ms.date: 01/22/2026 uid: security/authentication/azure-ad-b2c --- # Cloud authentication with Azure Active Directory B2C in ASP.NET Core diff --git a/aspnetcore/security/authentication/configure-oidc-web-authentication.md b/aspnetcore/security/authentication/configure-oidc-web-authentication.md index 7bd979d4937e..2551d4bf0ced 100644 --- a/aspnetcore/security/authentication/configure-oidc-web-authentication.md +++ b/aspnetcore/security/authentication/configure-oidc-web-authentication.md @@ -5,7 +5,7 @@ description: Learn how to set up OpenID Connect authentication in an ASP.NET Cor monikerRange: '>= aspnetcore-8.0' ms.author: tdykstra ms.custom: mvc -ms.date: 12/2/2024 +ms.date: 01/22/2026 uid: security/authentication/configure-oidc-web-authentication --- # Configure OpenID Connect Web (UI) authentication in ASP.NET Core diff --git a/aspnetcore/security/authentication/individual.md b/aspnetcore/security/authentication/individual.md index afefad5699e0..ea9d4ce5e014 100644 --- a/aspnetcore/security/authentication/individual.md +++ b/aspnetcore/security/authentication/individual.md @@ -3,7 +3,7 @@ title: Articles based on ASP.NET Core projects created with individual accounts author: tdykstra description: Discover articles based on ASP.NET Core projects created with individual accounts. ms.author: tdykstra -ms.date: 12/11/2019 +ms.date: 01/22/2026 uid: security/authentication/individual --- # Articles based on ASP.NET Core projects created with individual accounts diff --git a/aspnetcore/security/authorization/limitingidentitybyscheme.md b/aspnetcore/security/authorization/limitingidentitybyscheme.md index 2290d6c99c13..732f5a61145a 100644 --- a/aspnetcore/security/authorization/limitingidentitybyscheme.md +++ b/aspnetcore/security/authorization/limitingidentitybyscheme.md @@ -4,7 +4,7 @@ author: wadepickett description: This article explains how to limit identity to a specific scheme when working with multiple authentication methods. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett -ms.date: 1/11/2022 +ms.date: 01/22/2026 uid: security/authorization/limitingidentitybyscheme --- # Authorize with a specific scheme in ASP.NET Core