Web app that signs in users: App registration
This article explains the app registration specifics for a web app that signs in users.
To register your application, you can use:
- The web app quickstarts. In addition to being a great first experience with creating an application, quickstarts in the Azure portal contain a button named Make this change for me. You can use this button to set the properties you need, even for an existing app. You'll need to adapt the values of these properties to your own case. In particular, the web API URL for your app is probably going to be different from the proposed default, which will also affect the sign-out URI.
- The Azure portal to register your application manually.
- PowerShell and command-line tools.
Register an app by using the quickstarts
You can use these links to bootstrap the creation of your web application:
Register an app by using the Azure portal
The portal to use is different depending on whether your application runs in the Microsoft Azure public cloud or in a national or sovereign cloud. For more information, see National clouds.
- Sign in to the Azure portal by using either a work or school account, or a personal Microsoft account. Alternatively, sign in to the Azure portal of choice for the national cloud.
- If your account gives you access to more than one tenant, select your account in the upper-right corner. Then, set your portal session to the desired Azure Active Directory (Azure AD) tenant.
- In the left pane, select the Azure Active Directory service, and then select App registrations > New registration.
- When the Register an application page appears, enter your application's registration information:
- Choose the supported account types for your application. (See Supported account types.)
- In the Name section, enter a meaningful application name that will be displayed to users of the app. For example, enter AspNetCore-WebApp.
- For Redirect URI, add the type of application and the URI destination that will accept returned token responses after successful authentication. For example, enter https://localhost:44321. Then, select Register.
- Select the Authentication menu, and then add the following information:
- For Reply URL, add https://localhost:44321/signin-oidc of type Web.
- In the Advanced settings section, set Logout URL to https://localhost:44321/signout-oidc.
- Under Implicit grant, select ID tokens.
- Select Save.
Register an app by using PowerShell
Currently, Azure AD PowerShell creates applications with only the following supported account types:
- MyOrg (accounts in this organizational directory only)
- AnyOrg (accounts in any organizational directory)
You can create an application that signs in users with their personal Microsoft accounts (for example, Skype, Xbox, or Outlook.com). First, create a multitenant application. Supported account types are accounts in any organizational directory. Then, change the
accessTokenAcceptedVersion property to 2 and the
signInAudience property to
AzureADandPersonalMicrosoftAccount in the application manifest from the Azure portal. For more information, see step 1.3 in the ASP.NET Core tutorial. You can generalize this step to web apps in any language.