Azure AD and ASP.NET Core

Now that the imminent release of ASP.NET Core  is here I felt that it was time for me to check out once again how everything has been integrated specially with regards to Azure AD . If you have been following the history behind ASP.NET Core by now you have seen how much it has evolved from the initial concept to the final 1.0 release. If you would like to get a sweet and short overview of the new ASP.NET Core & .NET Core framework I recommend you read Rick Strahl’s blog post on this subject, he does an excellent job presenting this information. And for more in depth knowledge on all new things .NET related, head over to Channel 9 and check out the 2016 dotnetConf.

If you have not yet installed the ASP.NET Core tooling please do so now by heading over to the and clicking on the install:

Please note that the actual RTM for ASP.NET Core is releasing in a few days, so if you are reading this later on next week your mileage will vary, however, I will update this post if the final 1.0 version differs greatly from the RC2 regarding the Azure AD templates.

Here I am simply going to create a new ASP.NET Core Application and compare it to a non-authenticated ASP.NET Core Application. I am going to assume that you already have an Azure AD setup, since the Visual Studio templates I will use will assume that an Azure AD tenant already exists.

Setting up the stage

So after you install the new Visual Studio ASP.NET Core templates and tooling you will now see the following when you create a new ASP.NET project:

Choose the Web Application as the project template of choice:

Then click on the Change Authentication button and select Work and School Accounts and choose the Cloud – Single Organization and set the Domain input to the Azure AD tenant that you want your application authentication/authorization connected to. You can also choose to enable Read directory data if you want to query the Graph API, but it is not necessary to just connect your application to your Azure AD tenant and we will not be doing any queries for now, so it’s up to you.

Once all those inputs are set, you are ready to launch, press OK to close the Change Authentication window and then press OK on the current template creation wizard to launch your brand new Azure AD Authenticated ASP.NET Core App!

And presto!

So let’s give our new web app a spin and make sure our authentication is working as expected. Launching the application from Visual Studio 2015 immediately redirects me to the Microsoft Azure AD login screen:

As soon you sign in you will experience Azure AD’s OAuth 2.0 integration as a you get a  prompt to grant permissions to the application:

And finally I am in at the home page of my application and authenticated:

Looking at the differences

Visual Studio and the ASP.NET Core tooling take care of configuring the Azure AD tenant information into your application and properly configuring Azure AD to bind an Azure AD Client ID to your application. All of this happens by the ‘magic’ of Visual Studio, but what is really going on under the hood?

Well, if you are curious, you can simply create a new ASP.NET Core project but this time make sure you select No Authentication on the *Change Authentication *window and go ahead and create the new project:

Now you can look at the differences between both projects and see what the ‘magic’ created for you. I am using a WinMerge here to look at the differences between folders, so open up your favorite diff tool and dive in.

At first glance you can see that there are some new files in the authenticated application that are not present on the unauthenticated one. Without diving much deeper into folder differences, we will take a look at a few of those new interesting files:

So the first thing we should look under is the Startup.cs file, this is where the application will bootstrap itself and it is also where you will find hints of where your Azure AD configuration was set:

Under the UseOpenIdConnectAuthentication you can see the Azure AD settings referencing things such as the ClientID. You can find the actual values for these settings in the appsettings.json configuration file under the root of the project. Visual Studio does a nice job of filling all this out for you so it just works:

The rest of the ‘extra’ files that the authenticated project contains are really there to support the login & logout process flow. They are simple but effective in my opinion, they get the job done and do it well enough so that you can get going and change the templates as you see fit:

And lastly there is a new AccountController.cs file that supports the logic for SignIn and SignOut:

Nice and simple!

Looking Ahead to ASP.NET Core

The future for ASP.NET Core and the new .NET Core framework looks very promising. And the integration with Azure AD out of the box is very nice and lightweight for a starter project. Microsoft anticipates many more additions to the .NET Core family, in terms of capabilities, and I am looking forward to seeing how this brave new world of open source .NET Core plays out. In upcoming posts I will be diving more into the integration of Azure AD and ASP.NET Core from a Web API/Client perspective. I look forward to you joining me in this journey of discovery and into the new and uncharted territory of ASP.NET Core.

Until next time, happy discovery!