ASP.NET Core Authentication with Microsoft Entra External ID
June 24, 2026 by Anuraj
dotnet azure entra
In this blog post, we will explore how implement authentication in Microsoft Entra External ID. On May 1, 2025, Microsoft stopped selling Azure AD B2B and B2C - new customers won’t be able to create instance of Azure AD B2B and B2C. Existing customers can continue using it likely through 2030.
I am using an ASP.NET MVC application for this blog post. So in the application we need to add reference of two nuget packages.
dotnet package add Microsoft.Identity.Web
dotnet package add Microsoft.Identity.Web.UI
Next in the Program.cs add the following code.
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("EntraId"));
services.AddRazorPages(options =>
{
options.Conventions.AllowAnonymousToPage("/Index");
})
.AddMicrosoftIdentityUI();
In the appsettings.json file we need to add the following configuration.
"EntraId": {
"Authority": "https://<TENANT_SUBDOMAIN>.ciamlogin.com/",
"ClientId": "<CLIENT_ID>",
"ClientCredentials": [
{
"SourceType": "ClientSecret",
"ClientSecret": "<CLIENT_SECRET>"
}
],
"CallbackPath": "/signin-oidc",
"SignedOutCallbackPath": "/signout-callback-oidc"
}
And while configuring the app in Entra, we need to set the Application type as Web, and callback URL as http://localhost:<PORT_NUMBER>/signin-oidc. Also make sure the Access tokens and ID tokens check boxes checked.
For Sign In and Signout actions we can use the following action methods of MicrosoftIdentity like this.
@using System.Security.Principal
<ul class="navbar-nav">
@if (User.Identity is not null && User.Identity.IsAuthenticated)
{
<li class="nav-item">
<span class="nav-link text-dark">Hello @User.Claims.First(c => c.Type == "preferred_username").Value</span>
</li>
<li class="nav-item">
<a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignOut">Sign out</a>
</li>
}
else
{
<li class="nav-item">
<a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignIn">Sign in</a>
</li>
}
</ul>
This way we can integrate ASP.NET Core application to Microsoft Entra External Id.
Happy Programming
Found this useful? Share it with your network!
Copyright © 2026 Anuraj. Blog content licensed under the Creative Commons CC BY 2.5 | Unless otherwise stated or granted, code samples licensed under the MIT license. This is a personal blog. The opinions expressed here represent my own and not those of my employer. Powered by Jekyll. Hosted with ❤ by GitHub