Web app that signs in users: Move to production

Now that you know how to get a token to call web APIs, here are some things to consider when moving your application to production.

Enable logging

To help in debugging and authentication failure troubleshooting scenarios, the Microsoft Authentication Library provides built-in logging support. Logging in each library is covered in the following articles:

Here are some suggestions for data collection:

  • Users might ask for help when they have problems. A best practice is to capture and temporarily store logs. Provide a location where users can upload the logs. MSAL provides logging extensions to capture detailed information about authentication.

  • If telemetry is available, enable it through MSAL to gather data about how users sign in to your app.

Validate your integration

Test your integration by following the Microsoft identity platform integration checklist.

Build for resilience

Learn how to increase resiliency in your app. For details, see Increase resilience of authentication and authorization applications you develop


When users sign-in to the web application for the first time, they will need to consent. However, in some organizations, users can see a message like the following: AppName needs permissions to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it. This is because your tenant administrator has disabled the ability for users to consent. In that case, contact your tenant administrators so that they do an admin-consent for the scopes required by the application.

Same site

Make sure you understand possible issues with new versions of the Chrome browser: How to handle SameSite cookie changes in Chrome browser.

The Microsoft.Identity.Web NuGet package handles the most common SameSite issues.

Deep dive: ASP.NET Core web app tutorial

Learn about other ways to sign in users with this ASP.NET Core tutorial:

Enable your web apps to sign in users and call APIs with the Microsoft identity platform for developers

This progressive tutorial has production-ready code for a web app, including how to add sign-in with accounts in:

  • Your organization
  • Multiple organizations
  • Work or school accounts, or personal Microsoft accounts
  • Azure AD B2C
  • National clouds

Tutorial: Node.js web app

Learn more about the Node.js web in this tutorial:

Tutorial: Sign-in users in a Node.js & Express web app

Sample code: Java web app

Learn more about the Java web app from this sample on GitHub:

A Java Web application that signs in users with the Microsoft identity platform and calls Microsoft Graph

Next Steps

After your web app signs in users, it can call web APIs on behalf of the signed-in users. Calling web APIs from the web app is the object of the following scenario: Web app that calls web APIs.