Configuring an Entra External ID application directly from Visual Studio

Rory Braybrook
The new control plane
3 min readOct 23, 2024
Image of gears
Keistutis at openclipart.com, CC0, via Wikimedia Commons

I got the idea from this post.

You drive everything from within Visual Studio — portal not required 😃

I used VS Enterprise 17.10.6, the latest update at the time of writing.

Create a new ASP.NET Core Web App (Razor Pages) project:

Image showing ASP.NET Core Web App (Razor Pages) template

Choose Framework = “.NET 8.0 (LTS)” and Authentication = “Microsoft identity platform”:

Image showing Framework = “.NET 8.0 (LTS)” and Authentication = “Microsoft identity platform”

Click “Next” to install the msidentity tools:

Image showing “dotnet msidentity tool”

Ensure you have the external ID tenant selected in the dropdown and then “Create new”:

Image showing external ID tenant selected in the dropdown and “Create new” button

Give your application a name:

Image showing application name

You will see the application created:

Image showing created app.

Note: I changed the application name during the screenshots!

Add any extra permissions:

Image showing “Add Micdroft Graph permissions”

A client secret is generated:

Image showing generated client secret

I chose to save it in the local user secrets file.

Review the summary of changes:

Image showing summary of changes

Configuration changes are applied:

Image showing dependencies being installed

If I look at the application registration list for the tenant, I can see the new application:

Image showing created app. in app. registrations screen

In the VS project, under “Connected services”:

Image showing secrets.json in “Connected services” screen

To display the secret key, click on the three dots to the right of “Secrets.json” and then click “Manage user secrets.”

{
"AzureAD:ClientSecret": "Oy...5t"
}

The project appsettings.json is also configured for you:

{
"AzureAd": {
"Authority": "https://tenant.ciamlogin.com",
"ClientId": "40...05",
"ClientSecret": "Client secret from app-registration.
Check user secrets/azure portal.",
"ClientCertificates": [],
"CallbackPath": "/signin-oidc"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"MicrosoftGraph": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "user.read"
}
}

I then rebuilt the project and hit F5 to run it:

I need to add admin approval:

Image showing “Need admin approval”

Note that this is because I added “Microsoft Graph permissions” above.

I added “User.Read” and granted admin. consent, which fixed the problem:

Image showing added “User.Read” permissions

and I can now see the web application in the browser:

Image showing web application in the browser

And I did all this without configuring anything in the actual tenant!

All good!

--

--

The new control plane
The new control plane

Published in The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook
Rory Braybrook

Written by Rory Braybrook

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5

No responses yet