Skip to content
ASP.NET Core 2.0 Azure AD authentication example
Branch: master
Clone or download
Joonas Westlin
Latest commit 97ef0d6 Mar 10, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.vscode Initial commit Jun 4, 2017
Core2AadAuth Upgraded project to ASP.NET Core 2.1 Mar 10, 2019
.gitignore Added HTTPS enforcement and HSTS in production. Feb 18, 2018
Core2AadAuth.sln Updated README, included README in sln Mar 10, 2019 Updated README, included README in sln Mar 10, 2019

ASP.NET Core 2.1 Azure AD authentication example

This sample application is built on ASP.NET Core 2.1 to test authentication via Azure AD.


You will need a development environment capable of running an ASP.NET Core 2.1 application.

Windows users can install Visual Studio 2017 with the ASP.NET and web development workload.

Users on Windows, Mac, or Linux can download the .NET Core SDK and use any editor that works best. Visual Studio Code is pretty good.

Setup instructions

To run the app locally, you'll need to register an application in Azure AD.

How to register the app:

  1. Go to
  2. Find Azure Active Directory on the left or from under All services
  3. Go to App registrations
  4. Click on New application registration
  5. Give the app a name, e.g. ASP.NET Core 2 Azure AD Test
  6. Make sure the application type is Web app/API
  7. Set sign-on URL to http://localhost:5000/Account/SignIn
  8. Click Create

Getting client id, setting reply URL, and generating client secret:

  1. After creation, open the app
  2. Copy the Application ID, and put it somewhere, this is also called the Client ID
  3. Click Settings and then Reply URLs
  4. Add https://localhost:5000/signin-oidc to the list and save it
  5. Go to Keys
  6. In the Passwords section, put some description for the key, select the expiry, and hit Save
  7. Copy the key value somewhere, this is your client secret (keep it secret)

Adding permissions for Microsoft Graph API:

  1. Find your app in the Azure AD blade's App Registrations tab in Azure Portal
  2. Go to Required permissions
  3. Click Add
  4. Choose Microsoft Graph as the API
  5. Select Sign in and read user profile, View users' basic profile, and View users' email address under Delegated permissions
  6. Click Select and Done

Getting the authority URL:

  1. Go back to the App registrations list
  2. Click Endpoints
  3. Copy the OAuth 2.0 Authorization Endpoint value
  4. Remove the /oauth2/authorize part from the URL, the result is your Authority

Fill the values in settings:

  1. Open the solution in Visual Studio
  2. Set client id and authority in appsettings.json
  3. Right-click on the project and click Manage user secrets
  4. Add the client secret here. Example below:
        "ClientSecret": "your-client-secret....."

The main reason to put the client secret there is to make sure it is not accidentally put into version control. This is not absolute advice and you must make the decision how to store configurations for your app.

You can’t perform that action at this time.