AspNetCore.Docs
AspNetCore.Docs copied to clipboard
dotnet
Missing information for single tenant registrations
Description
I was following the guidance given here, and struggled setting up external MS login with a single tenant configuration. As far as I can tell, the listed configuration only works for multi-tenant configurations. For single tenant configurations, one has to specify the TenantId like
var tenantId = builder.Configuration["Authentication:Microsoft:TenantId"];
microsoftOptions.AuthorizationEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize";
microsoftOptions.TokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token";
microsoftOptions.CallbackPath = new PathString("/signin-microsoft");
I am not so sure about the URLs, but it seems to work for me.
The last line I found also helpful, as it a allows to specify the return path I have to enter in the Azure App registration. The link in the documentation to Register an application with the Microsoft identity platform lists /signin-oidc as return path for ASP.NET Core Web Apps, but for my Blazor App, this did not work. So I think it is anyway safer and clearer, if the return path is explicitly specified.
Somewhere I found a link that describes how to change the appearance of the login button. It would be nice if this information is included in this documentation.
One last remark: On the documentation page you recommend to add a Client Secret, but the official page recommend to use a certificate instead:
Client secrets are less secure than certificate or federated credentials and therefore should not be used in production environments.
It would be nice if you could update the documentation page.
Page URL
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-9.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/social/microsoft-logins.md
Document ID
ce69b990-0b4c-abda-cd2d-68f85cd8031e
Platform Id
c1bb804d-a454-af4f-b074-976f71ffb606
Article author
@Rick-Anderson
Metadata
- ID: a4c264c0-0c5c-298e-bb45-9b4891c8d162
- PlatformId: c1bb804d-a454-af4f-b074-976f71ffb606
- Service: aspnet-core
- Sub-service: security
Blazor App,
he link in the documentation to Register an application with the Microsoft identity platform lists /signin-oidc as return path for ASP.NET Core Web Apps, but for my Blazor App, this did not work. So I think it is anyway safer and clearer, if the return path is explicitly specified.
@guardrex
I can't explain that. That article is correct (BWAs are "Web" platform apps with that Redirect URI), and our Blazor coverage matches and is also correct. If there's a problem, @KurtP20 should open an issue on the PU's repo to investigate what's going on (and will probably need to put up a minimal repro app on GH for them to look at). Halter and/or Javier may recognize instantly what's going on. I'll keep an 👂 open if you, @KurtP20, will open an issue on their repo at ...
https://github.com/dotnet/aspnetcore/issues
... with ...
cc: @guardrex https://github.com/dotnet/AspNetCore.Docs/issues/34992
... at the bottom of your opening comment so that I can follow the discussion/investigation.
@Rick-Anderson ... See Mackinnon's/Halter's response on @KurtP20's PU issue. It kind'a sounds like this guidance for AddMicrosoftAccount in this article is stale.
UPDATE: 👇😆 ... That's what I thought.
It's probably time to update the content of microsoft-logins.md to use AddMicrosoftIdentityWebApp from Microsoft.Identity.Web rather than AddMicrosoftAccount from Microsoft.AspNetCore.Authentication.MicrosoftAccount.
Microsoft.Identity.Web supports a lot more scenarios and is a lot more feature rich. https://github.com/dotnet/AspNetCore.Docs/issues/20222 is an existing issue tracking removing AddMicrosoftAccount from the docs.
This should also help avoid confusion when people find other docs from the Entra team about how to register a web application that assume you're using Microsoft.Identity.Web as was the case with https://github.com/dotnet/aspnetcore/issues/61017.
