diff --git a/aspnetcore/blazor/call-web-api.md b/aspnetcore/blazor/call-web-api.md index eab24ab47352..98e9bf9f4e54 100644 --- a/aspnetcore/blazor/call-web-api.md +++ b/aspnetcore/blazor/call-web-api.md @@ -33,11 +33,69 @@ For more information, see the following resources: ## Microsoft identity platform for web API calls -Blazor Web Apps that use use [Microsoft identity platform](/entra/identity-platform/)/[Microsoft Identity Web packages](/entra/msal/dotnet/microsoft-identity-web/) for [Microsoft Entra ID](https://www.microsoft.com/security/business/microsoft-entra) can make streamlined calls using Entra-specific API. This approach is used by the `BlazorWebAppEntra` and `BlazorWebAppEntraBff` sample apps described in the *Sample apps* section of this article. +Blazor Web Apps that use use [Microsoft identity platform](/entra/identity-platform/)/[Microsoft Identity Web packages](/entra/msal/dotnet/microsoft-identity-web/) for [Microsoft Entra ID](https://www.microsoft.com/security/business/microsoft-entra) can make streamlined web API calls with API provided by the [`Microsoft.Identity.Web.DownstreamApi` NuGet package](https://www.nuget.org/packages/Microsoft.Identity.Web.DownstreamApi). + +[!INCLUDE[](~/includes/package-reference.md)] + +In the app settings file (`appsettings.json`), provide a base URL and scopes. In the following example, the `{BASE ADDRESS}` placeholder is the base URL of the web API. A single scope is specified with an App ID URI (`{APP ID URI}` placeholder) and scope name (`{SCOPE NAME}` placeholder): + +```json +"DownstreamApi": { + "BaseUrl": "{BASE ADDRESS}", + "Scopes": [ "{APP ID URI}/{SCOPE NAME}" ] +} +``` + +Example: + +```json +"DownstreamApi": { + "BaseUrl": "https://localhost:7277", + "Scopes": [ "api://11112222-bbbb-3333-cccc-4444dddd5555/Weather.Get" ] +} +``` + +In the app's `Program` file, call: + + + +* : Enables token acquisition to call web APIs. +* `AddDownstreamApi`: Adds a named downstream web service related to a specific configuration section. +* : Adds both the app and per-user in-memory token caches. + +```csharp +builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd")) + .EnableTokenAcquisitionToCallDownstreamApi() + .AddDownstreamApi("DownstreamApi", builder.Configuration.GetSection("DownstreamApi")) + .AddInMemoryTokenCaches(); +``` + +Inject and call when calling on behalf of a user: + +```csharp +internal sealed class ServerWeatherForecaster(IDownstreamApi downstreamApi) : IWeatherForecaster +{ + public async Task> GetWeatherForecastAsync() + { + var response = await downstreamApi.CallApiForUserAsync("DownstreamApi", + options => + { + options.RelativePath = "/weather-forecast"; + }); + + return await response.Content.ReadFromJsonAsync() ?? + throw new IOException("No weather forecast!"); + } +} +``` + +This approach is used by the `BlazorWebAppEntra` and `BlazorWebAppEntraBff` sample apps described in the *Sample apps* section of this article. For more information, see the following resources: -* +* [Web API documentation | Microsoft identity platform](/entra/identity-platform/index-web-api) +* * *Secure an ASP.NET Core Blazor Web App with Microsoft Entra ID* * [Non-BFF pattern (Interactive Auto)](xref:blazor/security/blazor-web-app-entra?pivots=non-bff-pattern) * [BFF pattern (Interactive Auto)](xref:blazor/security/blazor-web-app-entra?pivots=non-bff-pattern-server)