You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The old microsoft account identity provider only works with the old Microsoft Account identity apps, not with AAD V2 applications. The documentation does not accurately reflect this, which is the source of confusion in #37847
-------
cc: @cephalin
This topic shows you how to configure Azure App Service to use Microsoft Account as an authentication provider.
16
+
This topic shows you how to configure Azure App Service to use AAD to support personal Microsoft account logins.
17
+
18
+
> [!NOTE]
19
+
> Both personal Microsoft accounts and organizational accounts use the AAD identity provider. At this time, is not possible to configure this identity provider to support both types of log-ins.
17
20
18
21
## <aname="register-microsoft-account"> </a>Register your app with Microsoft Account
19
22
20
23
1. Go to [**App registrations**](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) in the Azure portal. If needed, sign in with your Microsoft account.
21
24
1. Select **New registration**, then enter an application name.
22
-
1. In **Redirect URIs**, select **Web**, and then enter `https://<app-domain-name>/.auth/login/microsoftaccount/callback`. Replace *\<app-domain-name>* with the domain name of your app. For example, `https://contoso.azurewebsites.net/.auth/login/microsoftaccount/callback`. Be sure to use the HTTPS scheme in the URL.
25
+
1. Under **Supported account types**, select **Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)**
26
+
1. In **Redirect URIs**, select **Web**, and then enter `https://<app-domain-name>/.auth/login/aad/callback`. Replace *\<app-domain-name>* with the domain name of your app. For example, `https://contoso.azurewebsites.net/.auth/login/aad/callback`. Be sure to use the HTTPS scheme in the URL.
23
27
24
28
1. Select **Register**.
25
29
1. Copy the **Application (Client) ID**. You'll need it later.
@@ -33,12 +37,12 @@ This topic shows you how to configure Azure App Service to use Microsoft Account
33
37
34
38
1. Go to your application in the [Azure portal].
35
39
1. Select **Settings** > **Authentication / Authorization**, and make sure that **App Service Authentication** is **On**.
36
-
1. Under **Authentication Providers**, select **Microsoft Account**. Paste in the Application (client) ID and client secret that you obtained earlier. Enable any scopes needed by your application.
40
+
1. Under **Authentication Providers**, select **Azure Active Directory**. Select **Advanced** under **Management mode**. Paste in the Application (client) ID and client secret that you obtained earlier. Use **https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0** for the **Issuer Url** field.
37
41
1. Select **OK**.
38
42
39
43
App Service provides authentication, but doesn't restrict authorized access to your site content and APIs. You must authorize users in your app code.
40
44
41
-
1. (Optional) To restrict access to Microsoft account users, set **Action to take when request is not authenticated** to **Log in with Microsoft Account**. When you set this functionality, your app requires all requests to be authenticated. It also redirects all unauthenticated requests to Microsoft account for authentication.
45
+
1. (Optional) To restrict access to Microsoft account users, set **Action to take when request is not authenticated** to **Log in with Azure Active Directory**. When you set this functionality, your app requires all requests to be authenticated. It also redirects all unauthenticated requests to use AAD for authentication. Note that becuase you have configured your **Issuer Url** to use the Microsoft Account tenant, only personal acccounts will successfully authenticate.
42
46
43
47
> [!CAUTION]
44
48
> Restricting access in this way applies to all calls to your app, which might not be desirable for apps that have a publicly available home page, as in many single-page applications. For such applications, **Allow anonymous requests (no action)** might be preferred so that the app manually starts authentication itself. For more information, see [Authentication flow](overview-authentication-authorization.md#authentication-flow).
0 commit comments