If you’re building a secure application in .NET and want to allow users to sign in with Microsoft accounts, you’re in the right place. In this guide, we’ll walk through integrating OAuth2 and Microsoft Identity Platform with an ASP.NET Core 8 MVC web app using OpenID Connect.

What We’ll Build

We’ll create a simple ASP.NET Core 8 MVC web app where users can:

  • Sign in using Microsoft accounts (via Azure AD)
  • View protected pages after login
  • Log out securely

Technologies Used

  • .NET 8 (ASP.NET Core MVC)
  • OAuth2 / OpenID Connect
  • Microsoft Identity Platform (Azure AD)
  • Visual Studio / VS Code

Prerequisites

Before starting, make sure you have:

  • .NET 8 SDK
  • An Azure account (free tier works)
  • Visual Studio 2022 or VS Code
  • Basic understanding of ASP.NET Core MVC

How to Build ASP.NET Core 8 MVC Web Applications?

Step 1: Register the App in Azure AD

  1. Go to the Azure Portal
  2. Navigate to Microsoft Entra ID > App registrations
  3. Click New registration
  4. Fill in the fields:
    • Name: MyOAuthApp
    • Supported account types: Choose based on your needs (e.g., Single Tenant or Multitenant)
    • Redirect URI: Set it to https://localhost:5001/signin-oidc
  5. Click Register

Save the following values:

  • Client ID (Application ID)
  • Tenant ID
  • Generate a Client Secret under Certificates & Secrets

Step 2: Create ASP.NET Core 8 MVC App

Open your terminal or Visual Studio and create a new project:

dotnet new mvc -n OAuthMicrosoftIdentityDemo
cd OAuthMicrosoftIdentityDemo

Step 3: Add Required NuGet Packages

Open your .csproj and add:

<ItemGroup> <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.0" /> <PackageReference Include="Microsoft.Identity.Web" Version="2.16.0" /> <PackageReference Include="Microsoft.Identity.Web.UI" Version="2.16.0" /></ItemGroup>

Then run:

dotnet restore

Step 4: Configure Azure AD in appsettings.json

{ "AzureAd": { "Instance": "https://login.microsoftonline.com/", "Domain": "yourdomain.onmicrosoft.com", "TenantId": "YOUR_TENANT_ID", "ClientId": "YOUR_CLIENT_ID", "ClientSecret": "YOUR_CLIENT_SECRET", "CallbackPath": "/signin-oidc" }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*"
}

Step 5: Configure Authentication in Program.cs

Replace the contents of Program.cs with:

using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.Identity.Web;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddAuthorization(options =>{ options.FallbackPolicy = options.DefaultPolicy;
});
builder.Services.AddControllersWithViews() .AddMicrosoftIdentityUI();
var app = builder.Build();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication(); // Enable auth
app.UseAuthorization();
app.MapControllerRoute( name: "default", pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();

Step 6: Protect a Page with [Authorize]

Open or create a new controller like this:

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
[Authorize]
public class DashboardController : Controller
{ public IActionResult Index() { return View(); }
}

Create the view under Views/Dashboard/Index.cshtml and put any content you like.

Step 7: Add Login / Logout Functionality

In _Layout.cshtml, add:

@using Microsoft.AspNetCore.Authentication
@using Microsoft.AspNetCore.Authentication.OpenIdConnect
<div class="navbar"> @if (User.Identity.IsAuthenticated) { <span>Hello, @User.Identity.Name</span> <form asp-controller="Account" asp-action="SignOut" method="post"> <button type="submit">Sign out</button> </form> } else { <a asp-controller="Account" asp-action="SignIn">Sign in</a> }
</div>

Step 8: Add AccountController

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authentication.Cookies;
public class AccountController : Controller
{ public IActionResult SignIn(string returnUrl = "/") { return Challenge(new AuthenticationProperties { RedirectUri = returnUrl }, OpenIdConnectDefaults.AuthenticationScheme); } [HttpPost] public IActionResult SignOut() { return SignOut(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectDefaults.AuthenticationScheme, CookieAuthenticationDefaults.AuthenticationScheme); }
}

Step 9: Run the App

dotnet run

Go to https://localhost:5001, click Sign in, and authenticate with your Microsoft Account.

Once logged in, access your protected route like /Dashboard.

Final Thoughts

That’s it! You now have a secure ASP.NET Core 8 application using OAuth2 and Microsoft Identity. This sets the stage for building enterprise-ready applications with Microsoft 365, Graph API, or custom APIs secured by Azure AD.