This guide provides a step-by-step process to implement Single Sign-On (SSO) using Azure Active Directory (Azure AD) in an ASP.NET Core application. The selected runtime stack is ASP.NET Core .NET 10 LTS and the operating system is Linux.
To integrate your application with Azure AD, you need the following permissions:
- User.Read: Read the profile of signed-in users.
- Directory.Read.All: Read directory data.
Make sure you grant these permissions in the Azure portal during the app registration process.
-
Register Your Application:
- Go to the Azure portal, then navigate to Azure Active Directory > App Registrations > New Registration.
- Fill in the Name of your application and set the Redirect URI to
https://localhost:5001/signin-oidc. - Click Register.
-
Configure Authentication:
- After registration, go to the Authentication tab and set the redirect URL.
- Enable ID tokens under the Implicit grant and hybrid flows section.
-
Add API Permissions:
- Navigate to API permissions > Add a permission > Microsoft Graph.
- Select Delegated permissions and add the required permissions.
-
Generate Client Secret:
- Go to the Certificates & secrets tab, create a new client secret, and record the value for later use.
-
Copy Required Values:
- From Overview, copy the Application (client) ID and Directory (tenant) ID.
Below are the complete code files needed for your ASP.NET Core application:
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Hosting;
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "YOUR_DOMAIN",
"TenantId": "YOUR_TENANT_ID",
"ClientId": "YOUR_CLIENT_ID",
"ClientSecret": "YOUR_CLIENT_SECRET",
"CallbackPath": "/signin-oidc"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
[Authorize]
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
}@model dynamic
<h1>Welcome to the Azure AD SSO Implementation Guide</h1>
<p>This guide will help you set up Azure AD SSO step by step.</p>@model dynamic
<h1>Dashboard</h1>
<p>User logged in: @User.Identity.Name</p><!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>@ViewData["Title"]</title>
</head>
<body>
<div class="container">
@RenderBody()
</div>
</body>
</html><Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="6.2.0" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="6.0.0" />
</ItemGroup>
</Project>- Build the project using the command:
dotnet build - Deploy on a Linux web server with the following command:
dotnet publish -c Releaseto create a publish directory. - Transfer the contents of the publish directory to your Linux server.
- Run the application using
dotnet yourapp.dll.
-
Successful Login:
- Visit the application URL and ensure the Azure AD login page appears. Log in with a valid user.
-
Access Denied:
- Attempt to access secured areas without logging in to verify that access is denied with appropriate messages.
-
Permission Issues:
- Remove any permissions in Azure AD and validate if the application fails as expected.