Web app that signs in users: Move to production
Now that you know how to get a token to call web APIs, here are some things to consider when moving your application to production.
To help in debugging and authentication failure troubleshooting scenarios, the Microsoft Authentication Library provides built-in logging support. Logging in each library is covered in the following articles:
Here are some suggestions for data collection:
Users might ask for help when they have problems. A best practice is to capture and temporarily store logs. Provide a location where users can upload the logs. MSAL provides logging extensions to capture detailed information about authentication.
If telemetry is available, enable it through MSAL to gather data about how users sign in to your app.
Validate your integration
Test your integration by following the Microsoft identity platform integration checklist.
Build for resilience
Learn how to increase resiliency in your app. For details, see Increase resilience of authentication and authorization applications you develop
When users sign-in to the web application for the first time, they will need to consent. However, in some organizations, users can see a message like the following: AppName needs permissions to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it. This is because your tenant administrator has disabled the ability for users to consent. In that case, contact your tenant administrators so that they do an admin-consent for the scopes required by the application.
Make sure you understand possible issues with new versions of the Chrome browser: How to handle SameSite cookie changes in Chrome browser.
The Microsoft.Identity.Web NuGet package handles the most common SameSite issues.
Deep dive: ASP.NET Core web app tutorial
Learn about other ways to sign in users with this ASP.NET Core tutorial:
This progressive tutorial has production-ready code for a web app, including how to add sign-in with accounts in:
- Your organization
- Multiple organizations
- Work or school accounts, or personal Microsoft accounts
- Azure AD B2C
- National clouds
Tutorial: Node.js web app
Learn more about the Node.js web in this tutorial:
Sample code: Java web app
Learn more about the Java web app from this sample on GitHub:
After your web app signs in users, it can call web APIs on behalf of the signed-in users. Calling web APIs from the web app is the object of the following scenario: Web app that calls web APIs.