In the Azure Portal, I create a resource Microsoft Entra ID and then add an app registration.
In the app registration I can specify redirect URIs for Microsoft logins (SSO) via "Authentication" for my .NET web app:
Authentication button on side bar
To use this this feature in my website, I currently use appsettings.json where I specify the client ID, tenant ID, and secret that I generate via the "Certificates and secrets":
However the secrets expire and I need to regenerate new client secrets.
I am aware Azure has Managed Identities, but I'm not sure they're applicable in this case and there is something called "federated credentials". Is there a way to deploy a web app and not have to manage secrets/certificates as they expire?
What I tried: Attempted to find if I could use Managed Identities but couldn't figure out how.
Tried to use federated certificates but from the error response it indicates I need to upload a certificate?
The best solution I came up with is that I can use this in my C# ASP.NET web app:
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
and then in my config I don't need to use secrets and it allows me to login via the app registration created in Entra ID on my tenant, using only Application ID and Tenant ID.