Add Microsoft Entra ID authentication by using Connected Services in Visual Studio

  • Article

You can add support for Microsoft Entra ID to an ASP.NET web app by using the Microsoft Identity platform connected service.

By using Microsoft Entra ID, you can support user authentication for ASP.NET Model-View-Controller (MVC) web applications, or Active Directory Authentication in web API services. With Microsoft Entra authentication, your users can use their accounts from Microsoft Entra ID to connect to your web applications. The advantages of Microsoft Entra authentication with web API include enhanced data security when exposing an API from a web application. With Microsoft Entra ID, you do not have to manage a separate authentication system with its own account and user management.

This article and its companion articles provide details of using the Visual Studio Connected Service feature for Active Directory.

Prerequisites

Connect to Microsoft Identity platform

  1. In Visual Studio, create or open an ASP.NET MVC project, or an ASP.NET Web API project.

  2. Select the Project, Connected Services, Add menu command, or right-click the Connected Services node found under the project in Solution Explorer, and choose Add, Microsoft Identity platform.

    If you are missing the .NET MSIdentity tool, the screen prompts you to install it.

    Screenshot of required components window.

  3. The Configure Microsoft identity platform screen appears. If you haven't signed in to Azure, you're asked to sign in. Once you're signed in, you see a list of your applications.

    Screenshot showing list of owned applications.

  4. If you don't have an application, choose Create new, and enter the application name. For Microsoft Entra ID, choose Microsoft as the tenant.

    Screenshot showing how to register a new application.

    The application you entered now shows in the list. Select it and choose Next.

  5. On the next screen, you can choose to enable Microsoft.Graph or allow another API project to have access. You can configure this later if you don't have the information yet.

    Screenshot of additional options for adding APIs.

  6. Choose Next. The Summary of changes screen appears showing what is being changed in the project.

    Screenshot showing Summary of changes screen.

  7. The Dependency configuration process screen shows the specific changes that are being made to your project.

Now the new service dependency shows on the Connected Services screen.

Screenshot showing the Microsoft Identity platform service dependency has been created.

If you want to modify it, such as to add support for an API such as Microsoft.Graph, click on the three dots, and then choose Edit dependency. You can repeat the steps and choose the APIs that you want to grant access to.

You can also see the Active Directory domain on the Azure portal.

  1. In Visual Studio, create or open an ASP.NET MVC project, or an ASP.NET Web API project.

  2. Select the Project, Manage Connected Services menu command, or right-click the Connected Services node found under the project in Solution Explorer, and choose Manage Connected Services, and then select the link Add a service dependency and choose Microsoft Identity platform.

    Screenshot showing the Microsoft Identity platform option.

    If you are missing the .NET MSIdentity tool, the screen prompts you to install it.

    Screenshot of required components window.

    If you had to install the tool, you might need to restart the process again from step 1.

  3. The Configure Microsoft identity platform screen appears. If you haven't signed in to Azure, you're asked to sign in. Once you're signed in, you see a list of your applications.

    Screenshot showing list of owned applications.

  4. If you don't have an application, choose Create new, and enter the application name. For Microsoft Entra ID, choose Microsoft as the tenant.

    Screenshot showing how to register a new application.

    The application you entered now shows in the list. Select it and choose Next.

  5. On the next screen, you can choose to enable Microsoft.Graph or allow another API project to have access. You can configure this later if you don't have the information yet.

    Screenshot of additional options for adding APIs.

  6. Choose Next. The Summary of changes screen appears showing what is being changed in the project.

    Screenshot showing Summary of changes screen.

  7. The Dependency configuration process screen shows the specific changes that are being made to your project.

Now the new service dependency shows on the Connected Services screen.

Screenshot showing the Microsoft Identity platform service dependency has been created.

If you want to modify it, such as to add support for an API such as Microsoft.Graph, click on the three dots, and then choose Edit dependency. You can repeat the steps and choose the APIs that you want to grant access to.

You can also see the Active Directory domain on the Azure portal.

Related content