Web app that signs in users: App registration

This article explains the app registration steps for a web app that signs in users.

To register your application, you can use:

  • The web app quickstarts. In addition to being a great first experience with creating an application, quickstarts in the Azure portal contain a button named Make this change for me. You can use this button to set the properties you need, even for an existing app. Adapt the values of these properties to your own case. In particular, the web API URL for your app is probably going to be different from the proposed default, which will also affect the sign-out URI.
  • The Azure portal to register your application manually.
  • PowerShell and command-line tools.

Register an app by using the quickstarts

You can use these links to bootstrap the creation of your web application:

Register an app by using the Azure portal


The portal to use is different depending on whether your application runs in the Microsoft Azure public cloud or in a national or sovereign cloud. For more information, see National clouds.

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, use the Directories + subscriptions filter in the top menu to switch to the tenant in which you want to register the application.
  3. Search for and select Azure Active Directory.
  4. Under Manage, select App registrations > New registration.
  1. When the Register an application page appears, enter your application's registration information:
    1. Enter a Name for your application, for example AspNetCore-WebApp. Users of your app might see this name, and you can change it later.
    2. Choose the supported account types for your application. (See Supported account types.)
    3. For Redirect URI, add the type of application and the URI destination that will accept returned token responses after successful authentication. For example, enter https://localhost:44321.
    4. Select Register.
  2. Under Manage, select Authentication and then add the following information:
    1. In the Web section, add https://localhost:44321/signin-oidc as a Redirect URI.
    2. In Front-channel logout URL, enter https://localhost:44321/signout-oidc.
    3. Under Implicit grant and hybrid flows, select ID tokens.
    4. Select Save.

Register an app by using PowerShell


Currently, Azure AD PowerShell creates applications with only the following supported account types:

  • MyOrg (accounts in this organizational directory only)
  • AnyOrg (accounts in any organizational directory)

You can create an application that signs in users with their personal Microsoft accounts (for example, Skype, Xbox, or Outlook.com). First, create a multitenant application. Supported account types are accounts in any organizational directory. Then, change the accessTokenAcceptedVersion property to 2 and the signInAudience property to AzureADandPersonalMicrosoftAccount in the application manifest from the Azure portal. For more information, see step 1.3 in the ASP.NET Core tutorial. You can generalize this step to web apps in any language.

Next steps

Move on to the next article in this scenario, App's code configuration.