SpohnAlbertFAl-5233 avatar image
0 Votes"
SpohnAlbertFAl-5233 asked ·

MSAL "Web app that signs in users" tutorial

I'm many years rusty on .NET, and I'm trying to use MSAL to authenticate my app. Currently I have the same code running from the Web app that signs in users tutorial (.NET Core version.) I'm finding that it only requires a valid user email from our company to pass through without apparently authenticating. It will balk if I try to enter a fictitious username/email. Otherwise it will pass through with them apparently registered via the account that I am logged into my workstation with. I do see this in the debug log when I attempt to log in with a bogus username:

OpenIdConnect was not authenticated. Failure message: Not authenticated

Am I possibly missing a property customized to our installation? Any hints or debugging suggestions appreciated in advance!

· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @SpohnAlbertFAl-5233 , Just so I'm understanding correctly, you're putting in a bogus username and attempting to sign in? What are you seeing when you do this? Are you expecting a message to appear?


0 Votes 0 ·

Hi @SpohnAlbertFAl-5233 , do you still need help with this issue?

0 Votes 0 ·

1 Answer

Imadd avatar image
0 Votes"
Imadd answered ·

Hi @SpohnAlbertFAl-5233 ,
Give this a try, maybe it'll help you.

In the .NET Core web API:

  1. In the appsettings.json file add a section like this one:

    "Authentication": {
    "Instance": "Instance here",
    "TenantId": "TenantIdHere",
    "ClientId": "ClientIdHere",
    "ClientSecret": "ClienSecretHere"

  2. Create a class for the authentication options named AuthenticationOptions

      public class AuthenticationOptions
                 public string ClientId { get; set; }
                 public string ClientSecret { get; set; }
                 public string Instance { get; set; }
                 public string TenantId { get; set; }

  3. In the Startup.cs class, map your configuration to your AuthenticationOptionsClass:


  4. In the ConfigureServices of the Startup.cs class, add the following:
    serviceCollection.AddAuthentication(sharedOptions => { sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }).AddAzureAdBearer();

AddAzureAdBearer() is a custom extension method of AuthenticationBuilder (which is imported from Microsoft.AspNetCore.Authentication).
Here's what it looks like:

 public static AuthenticationBuilder AddAzureAdBearer(this AuthenticationBuilder builder)
     builder.Services.AddSingleton<IConfigureOptions<JwtBearerOptions>, ConfigureJwtBearerOptions>();
     return builder;

JwtBearerOptions is imported from this dependency Microsoft.AspNetCore.Authentication.JwtBearer

Next, create the class ConfigureJwtBearerOptions :

 public class ConfigureJwtBearerOptions : IConfigureNamedOptions<JwtBearerOptions>
     private readonly AuthenticationOptions _azureOptions;
     public ConfigureJwtBearerOptions(IOptions<AuthenticationOptions> authenticationOptions)
         _azureOptions = authenticationOptions.Value;
     public void Configure(string name, JwtBearerOptions options)
         options.Authority = $"{_azureOptions.Instance}{_azureOptions.TenantId}";
     public void Configure(JwtBearerOptions options)
         Configure(string.Empty, options);
  1. In the Configure method of the Startup class, add the following:

  2. Add the Authorize attribute on your controller

Here we are using a JwtBearer for the authentication. All you have to do next is to get this bearer using MSAL, put it in the header of your request, and call the API. You can find a very good example of a JS application doing that here : .

You should replace the values with yours in the authConfig.js file, apiConfig.js and policies.js files.

10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.