How can I programmatically retrieve the domain name of the Azure Active Directory in a given subscription?

Question

I'm working on an application that will allow users to authenticate to Azure Active Directory and then manage resources in their Azure account via Azure Resource Manager API calls.

I've found several walkthroughs on building such an app including this post. However, in the part that discusses authentication with Azure Active Directory, there's a step showing the need to manually retrieve the Azure Active Directory name from the Azure Portal.

The directory name is plugged into app settings (and ultimately authentication calls to the directory) as follows

http://login.microsoftonline.com/{directory_domain_name}/OAuth2/Authorize

Is there any way to programmatically retrieve {directory_domain_name} without requiring users to login and lookup the information in the Azure Portal?

The one answer to this question has a dead link and another pointing to the Graph API, which seems to still require the domain name.

Answer 1

For your particular scenario, look like you want to build an app that will be users from different Azure AD tenants. This scenario is best addressed by building a multi-tenant application.

To make your application multi-tenant, you'll need to go to the Azure Portal and in the Configure tab of your Azure AD application, set the "Application is Mult-Tenant" option to yes.

Once you do this, you can just call

http://login.microsoftonline.com/common/oauth/authorize
http://login.microsoftonline.com/common/oauth/token

And Azure AD will resolve the figure out which tenant to authenticate against based on the the credential that the user types in.

More information on multi-tenant applications:https://azure.microsoft.com/en-us/documentation/articles/guidance-multitenant-identity-authenticate/

Sample multi-tenant application: https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect