Description
I was following the guidance given here, and struggled setting up external MS login with a single tenant configuration. As far as I can tell, the listed configuration only works for multi-tenant configurations. For single tenant configurations, one has to specify the TenantId like
var tenantId = builder.Configuration["Authentication:Microsoft:TenantId"];
microsoftOptions.AuthorizationEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize";
microsoftOptions.TokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token";
microsoftOptions.CallbackPath = new PathString("/signin-microsoft");
I am not so sure about the URLs, but it seems to work for me.
The last line I found also helpful, as it a allows to specify the return path I have to enter in the Azure App registration. The link in the documentation to Register an application with the Microsoft identity platform lists /signin-oidc as return path for ASP.NET Core Web Apps, but for my Blazor App, this did not work. So I think it is anyway safer and clearer, if the return path is explicitly specified.
Somewhere I found a link that describes how to change the appearance of the login button. It would be nice if this information is included in this documentation.
One last remark: On the documentation page you recommend to add a Client Secret, but the official page recommend to use a certificate instead:
Client secrets are less secure than certificate or federated credentials and therefore should not be used in production environments.
It would be nice if you could update the documentation page.
Page URL
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-9.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/social/microsoft-logins.md
Document ID
ce69b990-0b4c-abda-cd2d-68f85cd8031e
Platform Id
c1bb804d-a454-af4f-b074-976f71ffb606
Article author
@Rick-Anderson
Metadata
- ID: a4c264c0-0c5c-298e-bb45-9b4891c8d162
- PlatformId: c1bb804d-a454-af4f-b074-976f71ffb606
- Service: aspnet-core
- Sub-service: security
Related Issues
Description
I was following the guidance given here, and struggled setting up external MS login with a single tenant configuration. As far as I can tell, the listed configuration only works for multi-tenant configurations. For single tenant configurations, one has to specify the TenantId like
I am not so sure about the URLs, but it seems to work for me.
The last line I found also helpful, as it a allows to specify the return path I have to enter in the Azure App registration. The link in the documentation to Register an application with the Microsoft identity platform lists
/signin-oidcas return path for ASP.NET Core Web Apps, but for my Blazor App, this did not work. So I think it is anyway safer and clearer, if the return path is explicitly specified.Somewhere I found a link that describes how to change the appearance of the login button. It would be nice if this information is included in this documentation.
One last remark: On the documentation page you recommend to add a Client Secret, but the official page recommend to use a certificate instead:
It would be nice if you could update the documentation page.
Page URL
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-9.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/social/microsoft-logins.md
Document ID
ce69b990-0b4c-abda-cd2d-68f85cd8031e
Platform Id
c1bb804d-a454-af4f-b074-976f71ffb606
Article author
@Rick-Anderson
Metadata
Related Issues