Registering Identity Library with Microsoft ID

David Thielen 3,186 Reputation points
2025-01-20T19:02:29.27+00:00

Hi all;

I'm not sure exactly which tag to use for this. This pertains to the ASP.NET Identity Library and in particular, to logging in with a Microsoft ID.

First off, this works. And it was very easy to add.

Second, please clarify in the instructions that the ClientId is the Application ID and the ClientSecret is the secret Value. And out of curiosity, what is the secret | Secret ID for?

Third, is there a way to assign multiple URLs to the secret? I have my dev system, the dev test server, and the production server. The dev & production servers are on Azure.

Fourth, when the login is successful, it goes to the page ExternalLogin and asks the user to register and they can change their email. Is it ok to instead just register the user with the email for their Microsoft account? I'm trying to minimize the steps for a user because each step is an invitation for them to cancel. Is there any security issue with this?

thanks - dave

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
752 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,149 questions
{count} votes

Accepted answer
  1. Akhilesh Vallamkonda 11,515 Reputation points Microsoft Vendor
    2025-01-20T21:36:32.1466667+00:00

    Hi @David Thielen

    Thank you for reaching Microsoft Q&A Forum!
    Let me answer your question one after one.

    1. When you register an application in Entra ID, you can create a secret for the app and a new Secret ID is generated. which is used as a shared secret between the application and the authentication service.
      The Secret ID can be used to retrieve the client secret value, which is essential for the application to authenticate itself to the authorization server and request access tokens. This process ensures that only authorized applications can access the resources they need.
    2. As of now there is no option to assign multiple URLs to the secret. but you can add multiple redirect URL to particular application, and this can use the same client secret for all of the redirect URIs
    3. For external users generally recommended to allow users to register with the email, as this is a convenient and secure way to verify their identity. if the users is within the organization assign the application access to internal users.

    Reference: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app?tabs=client-secret#add-credentials
    https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-application-configuration#client-id
    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh V.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.