Configuring an Entra External ID application directly from Visual Studio
I got the idea from this post.
You drive everything from within Visual Studio — portal not required 😃
I used VS Enterprise 17.10.6, the latest update at the time of writing.
Create a new ASP.NET Core Web App (Razor Pages) project:
Choose Framework = “.NET 8.0 (LTS)” and Authentication = “Microsoft identity platform”:
Click “Next” to install the msidentity tools:
Ensure you have the external ID tenant selected in the dropdown and then “Create new”:
Give your application a name:
You will see the application created:
Note: I changed the application name during the screenshots!
Add any extra permissions:
A client secret is generated:
I chose to save it in the local user secrets file.
Review the summary of changes:
Configuration changes are applied:
If I look at the application registration list for the tenant, I can see the new application:
In the VS project, under “Connected services”:
To display the secret key, click on the three dots to the right of “Secrets.json” and then click “Manage user secrets.”
{
"AzureAD:ClientSecret": "Oy...5t"
}
The project appsettings.json is also configured for you:
{
"AzureAd": {
"Authority": "https://tenant.ciamlogin.com",
"ClientId": "40...05",
"ClientSecret": "Client secret from app-registration.
Check user secrets/azure portal.",
"ClientCertificates": [],
"CallbackPath": "/signin-oidc"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"MicrosoftGraph": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "user.read"
}
}
I then rebuilt the project and hit F5 to run it:
I need to add admin approval:
Note that this is because I added “Microsoft Graph permissions” above.
I added “User.Read” and granted admin. consent, which fixed the problem:
and I can now see the web application in the browser:
And I did all this without configuring anything in the actual tenant!
All good!