.NET Core Multi Tenancy authentication
I have an application hosted in Azure (Tenant A).
I also have tenant B in Azure. There are users split in either tenant A or tenant B (Azure Active Directory) that requires login to this application.
If the user is logging in with "name@tenantA.com", then it should automatically authenticate against tenant A and if a user with "name@tenantB.com" is logging in then should be authenticated with tenant B.
I have tried logging in via single tenant and that works.
What do I need to setup to allow for this to happen?
Azure AD multi-tenant mechanism is designed for the scenario you describe. Since you can work well in single tenant, I trust you already know how to create an Azure AD application. And please make sure the application you created is multi-tenant type. If not, you might need to create a new one for test.
Then to make users from different tenants to sign into your application, we need to make sure the sign url is common rather than the tenant id. Let's assume you are working on an asp.net core MVC application. Then we might have configurations below in your appsettings.json. Make sure the tenant id is set to common.
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "tenant id of the tenant where the AAD app registered",
"TenantId": "common",//make sure it's common
"ClientId": "client id of the AAD app",
"CallbackPath": "/signin-oidc",
"ClientSecret": "client_secret"
},
Then we will see the sign in url looks like this
And users from tenant B could sign in this application using name@tenantB.com. Pls note that the first time users from tenant B sign in the app, they will see a consent window which asking them to consent some API permissions. This is based on the API permissions you added to the Azure AD application. If some of the permissions requires tenant admin consent, then admin of tenantB shall grant consent before normal users sign in. Admin consent url https://login.microsoftonline.com/{tenantB-id}/adminconsent?client_id={your-client-id}.
- Blazor: Implementing 404 not found page
- How to tell when a self-hosted ASP.NET Core application is ready to receive requests?
- What kind of commands/queries can be created with MediatR?
- How to pass js function argument to inline c# in cshtml?
- C# HttpRequestMessage - Host ignores the Content-Type Header I send it and complains that I am sending the wrong Content Type
- User.Identity.IsAuthenticated is false in a non-auth methods after successful login in asp.net core
- InvalidOperationException: Cannot find compilation library location for package 'System.Security.Cryptography.Pkcs'
- How to validate uploaded files in ASP.Net MVC
- .Net Core [Authorize] - Or instead of And for permission test
- NSwag produces incorrect output for IFromFile in Minimal API when file parameter is wrapped in model class
- Get individual error messages from modelstate
- Property Injection in ASP.NET Core
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Confirm form resubmission - ASP.NET 5 MVC
- Serialise HTML Form with time/text input type and validation of time fields
- How to show loading progress while wasm part being loaded (.NET 8, no pre-render)
- How to merge multiple arrays from ASP.Net Core configuration files?
- ASP.NET Core EF Identity Roles while using JWT Bearer Scheme
- Pass the selected value of a dropdown in to a URL.Action so that a modal form is displayed on a button click
- Why I am getting Cascade delete cycle error when updating the database
- To have different session timeout for different users
- How to setup a beta versioning in Swagger endpoint?
- Is there a way to have dynamic regex strings in a RegularExpression attribute?
- Is there a way to have the Identity Library cookies be tied to the root domain?
- How to access Microsoft.AspNetCore.Routing namespace
- What is the difference between regular and Async methods (OnGet vs OnGetAsync)
- Changing property in Razor @ref component does not update its usage in HTML element
- Visual Studio Project doesn't load after changing folder name
- Web Push via Azure Notification Hubs: JSON value could not be converted to Microsoft.NotificationHubs.Contracts.LegacyModels.BrowserPushSubscription
- Unable to create new .NET Core projects in Visual Studio