Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
You can add support for Microsoft Entra ID to an ASP.NET web application with the Microsoft identity platform connected service. Microsoft Entra ID enables support for user authentication to ASP.NET Model-View-Controller (MVC) web apps or Active Directory Authentication in web API services.
Microsoft Entra ID authentication offers many advantages:
- Users can authenticate with their accounts from Microsoft Entra ID to connect to your web apps.
- You gain enhanced data security when you expose an API from a web app.
- You don't have to manage a separate authentication system with its own account and user management.
This article and its companion articles describe how to use the Visual Studio Connected Service feature for Active Directory.
Prerequisites
To complete the procedures in this article, the following prerequisites must be satisfied:
-
An Azure account. If you don't have an Azure account, activate your Azure benefits for Visual Studio subscribers or sign up for a free trial.
Visual Studio. Download Visual Studio now.
Connect to Microsoft identity platform
Add Microsoft identity platform as a connected service to your application by following these steps:
In Visual Studio, create or open an ASP.NET MVC project, or an ASP.NET Web API project.
Use one of the following methods to add the Microsoft identity platform connected service:
Select Project > Connected Services > Add > Microsoft identity platform.
In Solution Explorer, right-click the Connected Services node for the project, and select Add > Microsoft identity platform.
Select Project > Manage Connected Services > Add a service dependency > Microsoft identity platform.
In Solution Explorer, right-click the Connected Services node for the project, and select Manage Connected Services > Add a service dependency > Microsoft identity platform.
If your installation is missing the .NET MSIdentity tool, the Required components window opens with a message to complete the install:
As needed, follow the steps to install the .NET MSIdentity tool, and then continue with this procedure.
The Microsoft identity platform configuration screen opens.
As needed, sign in to Azure. After you sign in, you see a list of your applications for the selected Tenant:
If you don't have an application, select Create new:
For Microsoft Entra ID, select Microsoft as the tenant.
Enter the display name for the new application.
Select Register:
After the new application registers, it appears in the application list.
In the application list, select the application to use, and select Next.
On the Additional settings screen, choose your preferred settings. You can enable Microsoft Graph or allow another API project to have access. You can also configure these settings later.
Select Next. The Summary of changes screen appears for the project, including updates to dependencies to support Microsoft identity platform:
Select Finish. The Dependency configuration progress screen shows the process status. When the process finishes successfully, the status shows the statement "Complete. Microsoft identity platform <application> is configured."
Select Close to close the window.
The new connection is listed under Service Dependencies in the Connected Services screen for the project:
You can also see the Microsoft Entra ID domain for the application connection in the Azure portal.
Modify connected service settings
After you add Microsoft identity platform as a connected service, you can modify the settings as needed:
In the Connected Services > Service Dependencies screen, locate the Microsoft identity platform service.
Select More options (...) for the service, and then select Edit dependency.
Select the tenant that contains the application, select the application, and then select Next.
Follow the process described earlier to modify and apply your preferred settings. Repeat the process as needed to grant project access for necessary APIs.