diff --git a/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADJwtBearerOptionsConfiguration.cs b/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADJwtBearerOptionsConfiguration.cs
index fbf398888dfe..bfa5f9877e72 100644
--- a/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADJwtBearerOptionsConfiguration.cs
+++ b/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADJwtBearerOptionsConfiguration.cs
@@ -30,8 +30,10 @@ public void Configure(string name, JwtBearerOptions options)
return;
}
- options.Audience = azureADOptions.ClientId;
- options.Authority = new Uri(new Uri(azureADOptions.Instance), azureADOptions.TenantId).ToString();
+ options.Audience = string.Format(azureADOptions.Audience?.Replace("{ClientId}", "{0}"),
+ azureADOptions.ClientId);
+ options.Authority = string.Format(azureADOptions.Authority.Replace("{Instance}", "{0}").Replace("{TenantId}", "{1}"),
+ azureADOptions.Instance, azureADOptions.TenantId);
}
public void Configure(JwtBearerOptions options)
diff --git a/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOpenIdConnectOptionsConfiguration.cs b/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOpenIdConnectOptionsConfiguration.cs
index a991620aae32..6f1bb4fda42d 100644
--- a/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOpenIdConnectOptionsConfiguration.cs
+++ b/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOpenIdConnectOptionsConfiguration.cs
@@ -29,7 +29,8 @@ public void Configure(string name, OpenIdConnectOptions options)
options.ClientId = azureADOptions.ClientId;
options.ClientSecret = azureADOptions.ClientSecret;
- options.Authority = new Uri(new Uri(azureADOptions.Instance), azureADOptions.TenantId).ToString();
+ options.Authority = string.Format(azureADOptions.Authority.Replace("{Instance}", "{0}").Replace("{TenantId}", "{1}"),
+ azureADOptions.Instance, azureADOptions.TenantId);
options.CallbackPath = azureADOptions.CallbackPath ?? options.CallbackPath;
options.SignedOutCallbackPath = azureADOptions.SignedOutCallbackPath ?? options.SignedOutCallbackPath;
options.SignInScheme = azureADOptions.CookieSchemeName;
diff --git a/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOptions.cs b/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOptions.cs
index 89a8a84beb5e..3e8e94b92d09 100644
--- a/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOptions.cs
+++ b/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authentication.Cookies;
@@ -30,30 +30,62 @@ public class AzureADOptions
public string JwtBearerSchemeName { get; internal set; }
///
- /// Gets or sets the client Id.
+ /// Gets or sets the client Id (Application Id) of the Azure AD application
///
public string ClientId { get; set; }
///
- /// Gets or sets the client secret.
+ /// Gets or sets the client secret for the application (application password)
///
+ ///
+ /// The client secret is only used if the Web app or Web API
+ /// calls a Web API
+ ///
public string ClientSecret { get; set; }
///
- /// Gets or sets the tenant Id.
+ /// Gets or sets the tenant id. The tenant id can have one of the following values:
+ ///
+ /// - a proper tenant IDA GUID representing the ID of the Azure Active Directory Tenant (directory ID)
+ /// - a domain nameassociated with the Azure Active Directory tenant
+ /// - commonif the is Azure AD v2.0, enables to sign-in users from any
+ /// Work and School account or Microsoft Personal Account. If Authority is Azure AD v1.0, enables sign-in from any Work and School accounts
+ /// - organizationsif the is Azure AD v2.0, enables to sign-in users from any
+ /// Work and School account
+ /// - consumersif the is Azure AD v2.0, enables to sign-in users from any
+ /// Microsoft personal account
+ ///
///
public string TenantId { get; set; }
///
/// Gets or sets the Azure Active Directory instance.
+ /// Typical values are:
+ ///
+ /// - https://login.microsoftonline.com/For Microsoft Azure public cloud
+ /// - https://login.microsoftonline.us/For Azure US Government
+ /// - https://login.partner.microsoftonline.cn/For Azure China 21Vianet
+ /// - https://login.microsoftonline.de/For Azure Germany
+ ///
///
- public string Instance { get; set; }
+ public string Instance { get; set; } = "https://login.microsoftonline.com/";
///
- /// Gets or sets the domain of the Azure Active Directory tennant.
+ /// Gets or sets the domain associated with the Azure Active Directory tenant.
///
public string Domain { get; set; }
+ ///
+ /// Azure Active Directory Authority
+ ///
+ public string Authority { get; set; } = "{Instance}{TenantId}/";
+
+ ///
+ /// Gets or sets the audience for a Web API (This audience needs
+ /// to match the audience of the tokens sent to access this application)
+ ///
+ public string Audience { get; set; } = "{ClientId}";
+
///
/// Gets or sets the sign in callback path.
///
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/RazorPagesWeb-CSharp/appsettings.json b/src/ProjectTemplates/Web.ProjectTemplates/content/RazorPagesWeb-CSharp/appsettings.json
index 526319943f8d..a251f3ea11ce 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/RazorPagesWeb-CSharp/appsettings.json
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/RazorPagesWeb-CSharp/appsettings.json
@@ -1,36 +1,37 @@
{
-////#if (IndividualB2CAuth)
-// "AzureAdB2C": {
-// "Instance": "https:////login.microsoftonline.com/tfp/",
-// "ClientId": "11111111-1111-1111-11111111111111111",
-// "CallbackPath": "/signin-oidc",
-// "Domain": "qualified.domain.name",
-// "SignUpSignInPolicyId": "MySignUpSignInPolicyId",
-// "ResetPasswordPolicyId": "MyResetPasswordPolicyId",
-// "EditProfilePolicyId": "MyEditProfilePolicyId"
-// },
-////#elseif (OrganizationalAuth)
-// "AzureAd": {
-//#if (MultiOrgAuth)
-// "Instance": "https:////login.microsoftonline.com/common",
-//#elseif (SingleOrgAuth)
-// "Instance": "https:////login.microsoftonline.com/",
-// "Domain": "qualified.domain.name",
-// "TenantId": "22222222-2222-2222-2222-222222222222",
-//#endif
-// "ClientId": "11111111-1111-1111-11111111111111111",
-// "CallbackPath": "/signin-oidc"
-// },
-//#endif
-////#if (IndividualLocalAuth)
-// "ConnectionStrings": {
-////#if (UseLocalDB)
-// "DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet-Company.WebApplication1-53bc9b9d-9d6a-45d4-8429-2a2761773502;Trusted_Connection=True;MultipleActiveResultSets=true"
-////#else
-// "DefaultConnection": "DataSource=app.db"
-//#endif
-// },
-//#endif
+ ////#if (IndividualB2CAuth)
+ // "AzureAdB2C": {
+ // "Instance": "https:////login.microsoftonline.com/tfp/",
+ // "ClientId": "11111111-1111-1111-11111111111111111",
+ // "CallbackPath": "/signin-oidc",
+ // "Domain": "qualified.domain.name",
+ // "SignUpSignInPolicyId": "MySignUpSignInPolicyId",
+ // "ResetPasswordPolicyId": "MyResetPasswordPolicyId",
+ // "EditProfilePolicyId": "MyEditProfilePolicyId"
+ // },
+ ////#elseif (OrganizationalAuth)
+ // "AzureAd": {
+ // "Instance": "https:////login.microsoftonline.com/",
+ // "Autority": "{Instance}{TenantId}/v2.0",
+ //#if (MultiOrgAuth)
+ // "TenantId": "organizations",
+ //#elseif (SingleOrgAuth)
+ // "Domain": "qualified.domain.name",
+ // "TenantId": "22222222-2222-2222-2222-222222222222",
+ //#endif
+ // "ClientId": "11111111-1111-1111-11111111111111111",
+ // "CallbackPath": "/signin-oidc"
+ // },
+ //#endif
+ ////#if (IndividualLocalAuth)
+ // "ConnectionStrings": {
+ ////#if (UseLocalDB)
+ // "DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet-Company.WebApplication1-53bc9b9d-9d6a-45d4-8429-2a2761773502;Trusted_Connection=True;MultipleActiveResultSets=true"
+ ////#else
+ // "DefaultConnection": "DataSource=app.db"
+ //#endif
+ // },
+ //#endif
"Logging": {
"LogLevel": {
"Default": "Warning",
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/appsettings.json b/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/appsettings.json
index 526319943f8d..55b821001efa 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/appsettings.json
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/appsettings.json
@@ -11,10 +11,11 @@
// },
////#elseif (OrganizationalAuth)
// "AzureAd": {
+ // "Instance": "https:////login.microsoftonline.com/",
+ // "Autority": "{Instance}{TenantId}/v2.0",
//#if (MultiOrgAuth)
-// "Instance": "https:////login.microsoftonline.com/common",
+ // "TenantId": "organizations",
//#elseif (SingleOrgAuth)
-// "Instance": "https:////login.microsoftonline.com/",
// "Domain": "qualified.domain.name",
// "TenantId": "22222222-2222-2222-2222-222222222222",
//#endif
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/WebApi-CSharp/appsettings.json b/src/ProjectTemplates/Web.ProjectTemplates/content/WebApi-CSharp/appsettings.json
index 456da1fb8e57..ae1cd03c882a 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/WebApi-CSharp/appsettings.json
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/WebApi-CSharp/appsettings.json
@@ -1,23 +1,24 @@
{
-////#if (IndividualB2CAuth)
-// "AzureAdB2C": {
-// "Instance": "https:////login.microsoftonline.com/tfp/",
-// "ClientId": "11111111-1111-1111-11111111111111111",
-// "Domain": "qualified.domain.name",
-// "SignUpSignInPolicyId": "MySignUpSignInPolicyId"
-// },
-////#elseif (OrganizationalAuth)
-// "AzureAd": {
-//#if (!SingleOrgAuth)
-// "Instance": "https:////login.microsoftonline.com/common",
-//#else
-// "Instance": "https:////login.microsoftonline.com/",
-// "Domain": "qualified.domain.name",
-// "TenantId": "22222222-2222-2222-2222-222222222222",
-//#endif
-// "ClientId": "11111111-1111-1111-11111111111111111"
-// },
-//#endif
+ ////#if (IndividualB2CAuth)
+ // "AzureAdB2C": {
+ // "Instance": "https:////login.microsoftonline.com/tfp/",
+ // "ClientId": "11111111-1111-1111-11111111111111111",
+ // "Domain": "qualified.domain.name",
+ // "SignUpSignInPolicyId": "MySignUpSignInPolicyId"
+ // },
+ ////#elseif (OrganizationalAuth)
+ // "AzureAd": {
+ // "Autority": "{Instance}{TenantId}/v2.0",
+ // "Instance": "https:////login.microsoftonline.com/",
+ //#if (!SingleOrgAuth)
+ // "TenantId": "organizations",
+ //#else
+ // "Domain": "qualified.domain.name",
+ // "TenantId": "22222222-2222-2222-2222-222222222222",
+ //#endif
+ // "ClientId": "11111111-1111-1111-11111111111111111"
+ // },
+ //#endif
"Logging": {
"LogLevel": {
"Default": "Warning",