Multitenant Azure AD issuer validation in ASP.NET Core

added by DotNetKicks
12/24/2018 1:59:24 PM

2 Kicks, 204 Views

If you use Azure AD authentication and want to allow users from any tenant to connect to your ASP.NET Core application, you need to configure the Azure AD app as multi-tenant, and use a "wildcard" tenant id such as organizations or common in the authority URL: openIdConnectOptions.Authority = ""; The problem when you do that is that with the default configuration, the token validation will fail because the issuer in the token won't match the issuer specified in the OpenID metadata.