Microsoft OAuth Setup
⚠️ Important: The screenshots and step-by-step instructions on this page
reflect the interface as of December 2025. Third-party services like Google, Facebook,
and Microsoft frequently update their user interfaces. While the general process remains
similar, the exact screens, button labels, and menu locations may differ from what you see.
If you encounter significant differences, consult the provider's official documentation.
This guide walks you through setting up Microsoft OAuth authentication for your site using Azure Active Directory.
Quick Setup (Already Have Credentials?)
If you already have a Microsoft/Azure App Registration with Client ID and Secret, just add them to appsettings.json:
{
"Authentication": {
"EnableMicrosoftAuth": true,
"Microsoft": {
"ClientId": "your-application-client-id",
"ClientSecret": "your-client-secret-value"
}
}
}Ensure your redirect URI is configured: https://yourdomain.com/signin-microsoft
Prerequisites
- A Microsoft account or Azure AD account
- Access to the Azure Portal
Step 1: Register an Application
- Go to the Azure Portal
- Search for and select Azure Active Directory
- In the left menu, select App registrations
- Click + New registration
- Enter an application name (e.g., "My Web App")
- Under Supported account types, choose one:
- Single tenant - Only users in your organization
- Multitenant - Users in any organization
- Personal Microsoft accounts - Consumer accounts (outlook.com, etc.)
- Multitenant + personal - All of the above (most flexible)
- Click Register
Step 2: Configure Redirect URIs
- In your app registration, go to Authentication
- Click + Add a platform
- Select Web
- Enter your redirect URI:
- For development:
https://localhost:{port}/signin-microsoft - For production:
https://yourdomain.com/signin-microsoft
- For development:
- Click Configure
Step 3: Create a Client Secret
- In your app registration, go to Certificates & secrets
- Click + New client secret
- Enter a description (e.g., "Web App Secret")
- Select an expiration period
- Click Add
- Copy the secret Value immediately (it won't be shown again)
Critical: Copy the secret value immediately! Once you leave this page,
you cannot retrieve it again. You would need to create a new secret.
Step 4: Get Application (Client) ID
- Go to your app registration's Overview page
- Copy the Application (client) ID
Step 5: Configure Your Application
Add the credentials to your appsettings.json:
{
"Authentication": {
"EnableMicrosoftAuth": true,
"Microsoft": {
"ClientId": "your-application-client-id",
"ClientSecret": "your-client-secret-value"
}
}
}
For Development: Use User Secrets instead of appsettings.json:
dotnet user-secrets set "Authentication:Microsoft:ClientId" "your-client-id"
dotnet user-secrets set "Authentication:Microsoft:ClientSecret" "your-client-secret"Account Type Considerations
| Account Type | Use Case |
|---|---|
| Single tenant | Internal apps for your organization only |
| Multitenant | Apps for any Azure AD organization |
| Personal accounts | Consumer-facing apps (outlook.com, hotmail.com users) |
| Multitenant + personal | Maximum flexibility - supports all account types |
Troubleshooting
- Error: AADSTS50011 - Reply URL does not match
- The redirect URI in your request doesn't match any configured URIs. Verify the URI is exactly correct in Azure, including protocol and trailing slashes.
- Error: AADSTS7000218 - Invalid client secret
- The client secret may have expired or been entered incorrectly. Create a new secret in Azure and update your configuration.
- Error: AADSTS65001 - User or admin hasn't consented
- The user needs to grant consent. For admin consent, an administrator must approve the app in Azure AD.
- Error: AADSTS700016 - Application not found
- The Client ID is incorrect or the app was deleted. Verify the Application (client) ID in Azure.