Reputation: 207
ADAL Authentication Error Multi-Tenant
I taken the sample code from the GIT for multi-tenant. https://github.com/OfficeDev/O365-WebApp-MultiTenant
In https://manage.windowsazure.com/ i enabled MULTI-TENANT to YES. But when ever i tried to login with different organization i am getting error as follows.
User account '[email protected]' from identity provider 'https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxx/' does not exist in tenant 'My Test App ' and cannot access the application 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
How can i resolve this??
Upvotes: 1
Views: 1414
Answers (3)
Reputation: 3866
I had the same issue. Just replaced
string authorityUri = "https://login.microsoftonline.net/common/";
with
string authorityUri = "https://login.windows.net/common";
Upvotes: 0
Reputation: 207
Finally i found the solution to my problem. From this URL https://github.com/dream-365/OfficeDev-Samples/blob/master/samples/Office365DevQuickStart/AspNetMvc-MultiTenant/
I copied the following files to my project
TokenCacheDBContext.cs
SqlDBTokenCache.cs
ServiceConstants.cs
App_Start/Startup.auth.cs
I ran the project and got one error for Office365AssertedFailedException. For that i created one more class file like
Office365AssertedFailedException.cs
I rebuild the code again and got success. Now i am able to login with multi-tenants.
Upvotes: 1
Reputation: 4680
Please ensure your authority url is "https://login.windows.net/common".
If your authority url is "https://login.windows.net/{tenant_id}", you will get the error as following:
To fix this issue, in the Startup.Auth.cs, config the authority url as "https://login.windows.net/common".
var authority = string.Format("{0}/{1}", ServiceConstants.AzureADEndPoint, "common");
var options = new OpenIdConnectAuthenticationOptions {
ClientId = OAuthSettings.ClientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters {
ValidateIssuer = false
}
};
Upvotes: 0
Related Questions
- Azure Active Directory exception thrown while fetching access token
- Azure Active Directory Multi-tenant: User doesn't exist in tenant
- Azure B2C - enable logins without needing to create a User
- Azure Multi-tenant application
- Azure AD B2C - no option to login by normal account, but there is for external
- Unable to Authenticate Azure apis with Different Tenant
- Sign in Azure AD external account
- Azure Active Directory - SSO w/ Multi-Tenant with non AAD IdP
- Can't connect to azure ad app from different tenants even after setting app as multi tenant
- Azure multi-tenant application token issueing error