If you’re building a secure application in .NET and want to allow users to sign in with Microsoft accounts, you’re in the right place. In this guide, we’ll walk through integrating OAuth2 and Microsoft Identity Platform with an ASP.NET Core 8 MVC web app using OpenID Connect.
What We’ll Build
We’ll create a simple ASP.NET Core 8 MVC web app where users can:
- Sign in using Microsoft accounts (via Azure AD)
- View protected pages after login
- Log out securely
Technologies Used
- .NET 8 (ASP.NET Core MVC)
- OAuth2 / OpenID Connect
- Microsoft Identity Platform (Azure AD)
- Visual Studio / VS Code
Prerequisites
Before starting, make sure you have:
- .NET 8 SDK
- An Azure account (free tier works)
- Visual Studio 2022 or VS Code
- Basic understanding of ASP.NET Core MVC
How to Build ASP.NET Core 8 MVC Web Applications?
Step 1: Register the App in Azure AD
- Go to the Azure Portal
- Navigate to Microsoft Entra ID > App registrations
- Click New registration
- Fill in the fields:
- Name: MyOAuthApp
- Supported account types: Choose based on your needs (e.g., Single Tenant or Multitenant)
- Redirect URI: Set it to https://localhost:5001/signin-oidc
- Click Register
Save the following values:
- Client ID (Application ID)
- Tenant ID
- Generate a Client Secret under Certificates & Secrets
Step 2: Create ASP.NET Core 8 MVC App
Open your terminal or Visual Studio and create a new project:
dotnet new mvc -n OAuthMicrosoftIdentityDemo
cd OAuthMicrosoftIdentityDemo
Step 3: Add Required NuGet Packages
Open your .csproj and add:
<ItemGroup> <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.0" /> <PackageReference Include="Microsoft.Identity.Web" Version="2.16.0" /> <PackageReference Include="Microsoft.Identity.Web.UI" Version="2.16.0" /></ItemGroup>
Then run:
dotnet restore
Step 4: Configure Azure AD in appsettings.json
{ "AzureAd": { "Instance": "https://login.microsoftonline.com/", "Domain": "yourdomain.onmicrosoft.com", "TenantId": "YOUR_TENANT_ID", "ClientId": "YOUR_CLIENT_ID", "ClientSecret": "YOUR_CLIENT_SECRET", "CallbackPath": "/signin-oidc" }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*"
}
Step 5: Configure Authentication in Program.cs
Replace the contents of Program.cs with:
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.Identity.Web;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddAuthorization(options =>{ options.FallbackPolicy = options.DefaultPolicy;
});
builder.Services.AddControllersWithViews() .AddMicrosoftIdentityUI();
var app = builder.Build();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication(); // Enable auth
app.UseAuthorization();
app.MapControllerRoute( name: "default", pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();
Step 6: Protect a Page with [Authorize]
Open or create a new controller like this:
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
[Authorize]
public class DashboardController : Controller
{ public IActionResult Index() { return View(); }
}
Create the view under Views/Dashboard/Index.cshtml and put any content you like.
Step 7: Add Login / Logout Functionality
In _Layout.cshtml, add:
@using Microsoft.AspNetCore.Authentication
@using Microsoft.AspNetCore.Authentication.OpenIdConnect
<div class="navbar"> @if (User.Identity.IsAuthenticated) { <span>Hello, @User.Identity.Name</span> <form asp-controller="Account" asp-action="SignOut" method="post"> <button type="submit">Sign out</button> </form> } else { <a asp-controller="Account" asp-action="SignIn">Sign in</a> }
</div>
Step 8: Add AccountController
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authentication.Cookies;
public class AccountController : Controller
{ public IActionResult SignIn(string returnUrl = "/") { return Challenge(new AuthenticationProperties { RedirectUri = returnUrl }, OpenIdConnectDefaults.AuthenticationScheme); } [HttpPost] public IActionResult SignOut() { return SignOut(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectDefaults.AuthenticationScheme, CookieAuthenticationDefaults.AuthenticationScheme); }
}
Step 9: Run the App
dotnet run
Go to https://localhost:5001, click Sign in, and authenticate with your Microsoft Account.
Once logged in, access your protected route like /Dashboard.
Final Thoughts
That’s it! You now have a secure ASP.NET Core 8 application using OAuth2 and Microsoft Identity. This sets the stage for building enterprise-ready applications with Microsoft 365, Graph API, or custom APIs secured by Azure AD.