Scenario: Web app that signs in users
Learn all you need to build a web app that uses the Microsoft identity platform to sign in users.
If you want to create your first portable (ASP.NET Core) web app that signs in users, follow this quickstart:
You add authentication to your web app so that it can sign in users. Adding authentication enables your web app to access limited profile information in order to customize the experience for users.
Web apps authenticate a user in a web browser. In this scenario, the web app directs the user's browser to sign them in to Azure Active Directory (Azure AD). Azure AD returns a sign-in response through the user's browser, which contains claims about the user in a security token. Signing in users takes advantage of the Open ID Connect standard protocol, simplified by the use of middleware libraries.
As a second phase, you can enable your application to call web APIs on behalf of the signed-in user. This next phase is a different scenario, which you'll find in Web app that calls web APIs.
- During the application registration, provide one or several (if you deploy your app to several locations) reply URIs. For ASP.NET, you will need to select ID tokens under Implicit grant and hybrid flows. Finally, set up a sign-out URI so that the application reacts to users signing out.
- In the app's code, provide the authority to which the web app delegates sign-in. Consider customizing token validation for certain scenarios (in particular, in partner scenarios).
- Web applications support any account types. For more information, see Supported account types.
If you're new to identity and access management (IAM) with OAuth 2.0 and OpenID Connect, or even just new to IAM on the Microsoft identity platform, the following set of articles should be high on your reading list.
Although not required reading before completing your first quickstart or tutorial, they cover topics integral to the platform, and familiarity with them will help you on your path as you build more complex scenarios.