ASP.NET Core 2.1 Azure AD authentication example

This sample application is built on ASP.NET Core 2.1 to test authentication via Azure AD.

Pre-requisites

You will need a development environment capable of running an ASP.NET Core 2.1 application.

Windows users can install Visual Studio 2017 with the ASP.NET and web development workload.

Users on Windows, Mac, or Linux can download the .NET Core SDK and use any editor that works best. Visual Studio Code is pretty good.

Setup instructions

To run the app locally, you'll need to register an application in Azure AD.

How to register the app:

1. Go to https://portal.azure.com
2. Find Azure Active Directory on the left or from under All services
3. Go to App registrations
4. Click on New application registration
5. Give the app a name, e.g. ASP.NET Core 2 Azure AD Test
6. Make sure the application type is Web app/API
7. Set sign-on URL to http://localhost:5000/Account/SignIn
8. Click Create

Getting client id, setting reply URL, and generating client secret:

1. After creation, open the app
2. Copy the Application ID, and put it somewhere, this is also called the Client ID
3. Click Settings and then Reply URLs
4. Add https://localhost:5000/signin-oidc to the list and save it
5. Go to Keys
6. In the Passwords section, put some description for the key, select the expiry, and hit Save
7. Copy the key value somewhere, this is your client secret (keep it secret)

Adding permissions for Microsoft Graph API:

1. Find your app in the Azure AD blade's App Registrations tab in Azure Portal
2. Go to Required permissions
3. Click Add
4. Choose Microsoft Graph as the API
5. Select Sign in and read user profile, View users' basic profile, and View users' email address under Delegated permissions
6. Click Select and Done

Getting the authority URL:

1. Go back to the App registrations list
2. Click Endpoints
3. Copy the OAuth 2.0 Authorization Endpoint value
4. Remove the /oauth2/authorize part from the URL, the result is your Authority

Fill the values in settings:

1. Open the solution in Visual Studio
2. Set client id and authority in appsettings.json
3. Right-click on the project and click Manage user secrets
4. Add the client secret here. Example below:

{
    "Authentication":{
        "ClientSecret": "your-client-secret....."
    }
}

The main reason to put the client secret there is to make sure it is not accidentally put into version control. This is not absolute advice and you must make the decision how to store configurations for your app.