An ASP.NET Core Web App which lets sign-in users (including in your org, many orgs, orgs + personal accounts, sovereign clouds) and call Web APIs (including Microsoft Graph)
languages:
In this tutorial, you will learn, incrementally, how to add sign-in users to your Web App, and how to call Web APIs, both Microsoft APIs or your own APIs. Finally, you'll learn best practices and how to deploy your app to Azure
Note
We recommend that you right click on the picture above and open it in a new tab, or a new window. You'll see a clickable image:
- clicking on a metro/railway station will get you directly to the README.md for the corresponding part of the tutorial (some are still in progress)
- clicking on some of the connectors between stations will get you to an incremental README.md showing how to get from one part of the tutorial to the next (that's for instance the case for the Sign-in ... stations)
In the first chapter you learn how to add signing-in users to your Web App with the Microsoft identity platform for developers (formerly Microsoft Entra ID v2.0). You'll learn how to use the Microsoft.Identity.Web to secure your Web App with the Microsoft Identity Platform.
Depending on your business needs, the platform offers you flexibility in terms of what type of users (sign in audience) can sign-in to your application:
If your Web app only needs to sign-in users, in that case you have all you need from the options provided above, but if your app needs to call APIs that you've developed yourselves or popular Microsoft APIs like Microsoft Graph, then the following chapters will help extend your work so far to also call these Web APIs.
Learn how to update your Web app to call Microsoft Graph:
Your Web App might also want to call other Web APIs than Microsoft Graph.
Learn how to call popular Azure APIs. This also explains how to handle conditional access, incremental consent and claims challenge:
Note that that chapter, as compared to the others, requires you to have an Azure Subscription
If you wish to secure a Web API of your own, and call it from your clients (Web apps, desktop apps).
Once you know how to sign-in users and call Web APIs from your Web App, you might want to restrict part of the application depending on the user having a role in the application or belonging to a group. So far you've learnt how to add and process authentication. Now learn how to add authorization to your Web application, and driving business logic according to roles and group assignments.
If you want to deploy your complete app to Azure. Learn how to do that, along with best practices to ensure security:
This tutorial only covers the case the Web App calls a Web API on behalf of a user. If you are interested in Web Apps calling Web APIs with their own identity (daemon Web Apps), please see Build a daemon Web App with Microsoft Identity platform for developers
From your shell or command line:
git clone https://github.com/Azure-Samples/microsoft-identity-platform-aspnetcore-webapp-tutorial
:warning: Given that the name of the sample is quite long, and so are the names of the referenced packages, you might want to clone it in a folder close to the root of your hard drive, to avoid file size limitations on Windows.
Use Stack Overflow to get support from the community.
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
Make sure that your questions or comments are tagged with [msal
dotnet
].
If you find a bug in the sample, please raise the issue on GitHub Issues.
To provide a recommendation, visit the following User Voice page.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.