This tutorial has one WebApp and some chapters have a Web API project. To deploy them to Azure Web Sites, you'll need to perform these steps for each project:
- create an Azure Web Site with a unique name
- publish the Web App / Web APIs to the web site, and
- update its client(s) to call the web site instead of IIS Express.
- Sign in to the Azure portal.
- Click
Create a resource
in the top left-hand corner, select Web --> Web App, and give your web site a name, for example,WebApp-OpenIDConnect-DotNet-code-v2-contoso.azurewebsites.net
. - Thereafter select the
Subscription
,Resource Group
,App service plan and Location
.OS
will be Windows andPublish
will be Code. - Click
Create
and wait for the App Service to be created. - Once you get the
Deployment succeeded
notification, then click onGo to resource
to navigate to the newly created App service.
- The following steps provide instructions to create a Sql database that the sample needs. If you already have a Sql Server and database present and a connection string available, skip the steps till we ask you to provide the connections string in the
Application Settings
. - Click
Create a resource
in the top left-hand corner again, select Databases --> SQL Database, to create a new database. Follow theQuickstart tutorial
if needed. - You can name the Sql server and database whatever you want to.
- Select or create a database server, and enter server login credentials. Carefully note down the username and password for the Sql server as you'll need it when constructing your Sql connection string later.
- Wait for the
Deployment succeeded
notification, then click onGo to resource
to navigate to the newly created database's manage screen. - Click on Connection Strings on left menu and copy the ADO.NET (SQL authentication) connection string. Populate User ID={your_username};Password={your_password}; with values your provided during database creation.Copy this connection string.
- Click on Application settings in the left menu of the App service and add the copied Sql connection string in the Connection strings section as
DefaultConnection
. - Choose
SQLAzure
in the Type dropdown. Save the setting.
- Navigate back to to the Azure portal. In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations.
- In the resultant screen, select the
WebApp-OpenIDConnect-DotNet-code-v2
application. - In the Authentication tab:
- In the Redirect URIs section, select Web in the combo-box and add the following redirect URIs.
https://WebApp-OpenIDConnect-DotNet-code-v2-contoso.azurewebsites.net
https://WebApp-OpenIDConnect-DotNet-code-v2-contoso.azurewebsites.net/signin-oidc
- In the Advanced settings section set Logout URL to
https://WebApp-OpenIDConnect-DotNet-code-v2-contoso.azurewebsites.net/signout-oidc
- In the Redirect URIs section, select Web in the combo-box and add the following redirect URIs.
- In the Branding tab:
- Update the Home page URL to the address of your app service, for example
https://WebApp-OpenIDConnect-DotNet-code-v2-contoso.azurewebsites.net
. - Save the configuration.
- Update the Home page URL to the address of your app service, for example
- If your application calls a web api, make sure to apply the necessary changes on the project
appsettings.json
, so it calls the published API URL instead oflocalhost
.
- From the Overview tab of the App Service, download the publish profile by clicking the Get publish profile link and save it. Other deployment mechanisms, such as from source control, can also be used.
- Switch to Visual Studio and go to the WebApp-OpenIDConnect-DotNet-code-v2 project. Right click on the project in the Solution Explorer and select Publish. Click Import Profile on the bottom bar, and import the publish profile that you downloaded earlier.
- Click on Configure and in the
Connection tab
, update the Destination URL so that it is ahttps
in the home page url, for example https://WebApp-OpenIDConnect-DotNet-code-v2-contoso.azurewebsites.net. Click Next. - On the Settings tab, make sure
Enable Organizational Authentication
is NOT selected. Click Save. Click on Publish on the main screen. - Visual Studio will publish the project and automatically open a browser to the URL of the project. If you see the default web page of the project, the publication was successful.
Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs).
You can follow this sample as a guide on how to use Azure KeyVault from App Service with Managed Service Identity (MSI).
Use Stack Overflow to get support from the community.
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
Make sure that your questions or comments are tagged with [azure-active-directory
] [msal
] [dotnet
].
If you find a bug in the sample, please raise the issue on GitHub Issues.
To provide a recommendation, visit the following User Voice page.
For more information, see MSAL.NET's conceptual documentation: