How to configure your App Service application to use Microsoft Account login

This topic shows you how to configure Azure App Service to use Microsoft Account as an authentication provider.

Register your app with Microsoft Account

  1. Sign in to the Azure portal, and navigate to your application.
  1. Navigate to App registrations, and sign in with your Microsoft account, if requested.

  2. Click New registration, then type an application name.

  3. In Redirect URIs, select Web, and then type https://<app-domain-name>/.auth/login/microsoftaccount/callback supply the endpoint for your application. Replace <app-domain-name> with the domain name of your app. For example, https://contoso.azurewebsites.net/.auth/login/microsoftaccount/callback.

    Note

    Use the HTTPS scheme in the URL.

  4. select Register.

  5. Copy the Application (Client) ID. You need it later.

  6. From the left navigation of the new app registration, select Certificates & secrets > New client secret. Supply a description, select the validity duration, and select Add.

  7. Copy the value that appears in the Certificates & secrets page. Once you leave the page, it will not be displayed again.

    Important

    The password is an important security credential. Do not share the password with anyone or distribute it within a client application.

Add Microsoft Account information to your App Service application

  1. In the Azure portal, navigate to your application. From the left navigation, click Authentication / Authorization.

  2. If the Authentication / Authorization feature is not enabled, select On.

  3. Under Authentication Providers, select Microsoft Account. Paste in the Application (client) ID and client secret that you obtained earlier, and optionally enable any scopes your application requires. Then click OK.

    By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code.

  4. (Optional) To restrict access to Microsoft account users, set Action to take when request is not authenticated to Log in with Microsoft Account. This requires that all requests be authenticated, and all unauthenticated requests are redirected to Microsoft account for authentication.

Caution

Restricting access in this way applies to all calls to your app, which may not be desirable for apps wanting a publicly available home page, as in many single-page applications. For such applications, Allow anonymous requests (no action) may be preferred, with the app manually starting login itself, as described here.

  1. Click Save.

You are now ready to use Microsoft Account for authentication in your app.