1# Auth Recipe — C# (.NET) — REFERENCE ONLY
2 
3## Microsoft Identity Web (ASP.NET Core)
4 
5### NuGet Packages
6 
7```xml
8<PackageReference Include="Microsoft.Identity.Web" Version="3.*" />
9```
10 
11### Program.cs (additions)
12 
13Add these lines — do NOT replace the existing file:
14 
15```csharp
16using Microsoft.Identity.Web;
17 
18// Add after builder creation
19builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration);
20builder.Services.AddAuthorization();
21 
22// Add after app build
23app.UseAuthentication();
24app.UseAuthorization();
25 
26// Protected endpoint
27app.MapGet("/api/me", [Authorize] (HttpContext ctx) =>
28{
29    var name = ctx.User.FindFirst("name")?.Value;
30    return Results.Ok(new { name });
31});
32```
33 
34### appsettings.json
35 
36```json
37{
38  "AzureAd": {
39    "Instance": "https://login.microsoftonline.com/",
40    "TenantId": "<tenant-id>",
41    "ClientId": "<client-id>",
42    "Audience": "api://<client-id>"
43  }
44}
45```
46 
47> ⚠️ The `Audience` must match the Application ID URI of the app registration (typically `api://<client-id>`). Set `AZURE_CLIENT_ID` and `AZURE_TENANT_ID` as app settings in Azure rather than hardcoding them.
48 
49## Files to Modify
50 
51| File | Action |
52|------|--------|
53| `Program.cs` | Add authentication middleware + protected endpoints |
54| `appsettings.json` | Add AzureAd configuration section |
55| `*.csproj` | Add Microsoft.Identity.Web NuGet package |
56