In this quickstart, you download and run a code sample that demonstrates how an ASP.NET Core web app can sign in users from any Microsoft Entra organization.
Step 1: Configure your application in the Azure portalFor the code sample in this quickstart to work:
The authorization endpoint will issue request ID tokens.
Your application is configured with these attributes.
Step 2: Download the ASP.NET Core projectRun the project.
Tip
To avoid errors caused by path length limitations in Windows, we recommend extracting the archive or cloning the repository into a directory near the root of your drive.
Step 3: Your app is configured and ready to runWe've configured your project with values of your app's properties, and it's ready to run.
Note
Enter_the_Supported_Account_Info_Here
This section gives an overview of the code required to sign in users. This overview can be useful to understand how the code works, what the main arguments are, and how to add sign-in to an existing ASP.NET Core application.
How the sample works Startup classThe Microsoft.AspNetCore.Authentication middleware uses a Startup class that's run when the hosting process starts:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddRazorPages()
.AddMicrosoftIdentityUI();
}
The AddAuthentication() method configures the service to add cookie-based authentication. This authentication is used in browser scenarios and to set the challenge to OpenID Connect.
The line that contains .AddMicrosoftIdentityWebApp adds Microsoft identity platform authentication to your application. The application is then configured to sign in users based on the following information in the AzureAD section of the appsettings.json configuration file:
ClientId Application (client) ID of the application registered in the Azure portal. Instance Security token service (STS) endpoint for the user to authenticate. This value is typically https://login.microsoftonline.com/, indicating the Azure public cloud. TenantId Name of your tenant or the tenant ID (a GUID), or common to sign in users with work or school accounts or Microsoft personal accounts.
The Configure() method contains two important methods, app.UseAuthentication() and app.UseAuthorization(), that enable their named functionality. Also in the Configure() method, you must register Microsoft Identity Web routes with at least one call to endpoints.MapControllerRoute() or a call to endpoints.MapControllers():
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
You can protect a controller or controller methods by using the [Authorize] attribute. This attribute restricts access to the controller or methods by allowing only authenticated users. An authentication challenge can then be started to access the controller if the user isn't authenticated.
If you need help, want to report an issue, or want to learn about your support options, see Help and support for developers.
Next stepsThe GitHub repo that contains this ASP.NET Core tutorial includes instructions and more code samples that show you how to:
ASP.NET Core web app tutorials on GitHub
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4