你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Integrate Microsoft Entra authentication with Web Apps on Azure Government
The following quickstart helps you get started integrating Microsoft Entra authentication with applications on Azure Government. Microsoft Entra authentication on Azure Government is similar to the Azure commercial platform, with a few exceptions.
Learn more about Microsoft Entra authentication Scenarios.
Integrate Microsoft Entra login into a web application using OpenID Connect
This section shows how to integrate Microsoft Entra ID using the OpenID Connect protocol for signing in users into a web app.
Prerequisites
- A Microsoft Entra tenant in Azure Government. You must have an Azure Government subscription in order to have a Microsoft Entra tenant in Azure Government. For more information on how to get a Microsoft Entra tenant, see How to get a Microsoft Entra tenant
- A user account in your Microsoft Entra tenant. This sample does not work with a Microsoft account, so if you signed in to the Azure Government portal with a Microsoft account and have never created a user account in your directory before, you need to do that now.
- Have an ASP.NET Core application deployed and running in Azure Government
Step 1: Register your web application with your Microsoft Entra tenant
Sign in to the Azure Government portal.
On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.
Click on All Services in the left-hand nav, and choose Microsoft Entra ID.
Click on App registrations and choose Add.
Enter the name for your application, and select 'Web Application and/or Web API' as the Application Type. For the sign-on URL, enter the base URL for your application, which is your Azure App URL + "/signin-oidc."
Note
If you have not deployed your application and want to run it locally, your App URL would be your local host address.
Click on Create to create the application.
While still in the Azure portal, choose your application, click on Settings, and choose Properties.
Find the Application ID value and copy it to the clipboard.
For the App ID URI, enter https://<your_tenant_name>/<name_of_your_app>, replacing <your_tenant_name> with the name of your Microsoft Entra tenant and <name_of_your_app> with the name of your application.
Step 2: Configure your app to use your Microsoft Entra tenant
Azure Government Variations
The only variation when setting up Microsoft Entra Authorization on the Azure Government cloud is in the Microsoft Entra Instance:
- "https://login.microsoftonline.us"
Configure the InventoryApp project
Open your application in Visual Studio 2019.
Open the
appsettings.json
file.Add an
Authentication
section and fill out the properties with your Microsoft Entra tenant information.//ClientId: Azure AD-> App registrations -> Application ID //Domain: <tenantname>.onmicrosoft.us //TenantId: Azure AD -> Properties -> Directory ID "Authentication": { "AzureAd": { "Azure ADInstance": "https://login.microsoftonline.us/", "CallbackPath": "/signin-oidc", "ClientId": "<clientid>", "Domain": "<domainname>", "TenantId": "<tenantid>" } }
Fill out the
ClientId
property with the Client ID for your app from the Azure Government portal. You can find the Client ID by navigating to Microsoft Entra ID -> App Registrations -> Your Application -> Application ID.Fill out the
TenantId
property with the Tenant ID for your app from the Azure Government portal. You can find the Tenant ID by navigating to Microsoft Entra ID -> Properties -> Directory ID.Fill out the
Domain
property with<tenantname>.onmicrosoft.us
.Open the
startup.cs
file.In your
ConfigureServices
method, add the following code:public void ConfigureServices(IServiceCollection services) { //Add Azure AD authentication services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(options => { options.Authority = Configuration["Authentication:AzureAd:Azure ADInstance"] + Configuration["Authentication:AzureAd:TenantId"]; options.ClientId = Configuration["Authentication:AzureAd:ClientId"]; options.CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"]; }); }
In the same file, add this one line of code to the
Configure
method:app.UseAuthentication();
Navigate to your Home controller or whichever controller file is your home page, where you want your users to log in. Add the
[Authorize]
tag before the class definition.
Next steps
- Navigate to the Azure Government PaaS Sample to see Microsoft Entra authentication as well as other services being integrated in an Application running on Azure Government.
- Subscribe to the Azure Government blog
- Get help on Stack Overflow by using the "azure-gov" tag