We use Microsoft account authentication on our website. We have implemented v2 endpoint thinking, which will allow anyone with a Microsoft account to register and log in to our site.
However, some users report that when they try to access our site using their MSA, the Microsoft login page tells them that they cannot authenticate because their MSA is a school / work account and they aim to create another MSA (using Outlook.com).
I apologize that I cannot provide accurate information about the user, because I am trying to connect the problem, as it is reported by our users to our support team.
Microsoft account authentication works for many of our users, so I assume that we are set up correctly. Startup.Auth.csas follows:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
var mo = new MicrosoftAccountAuthenticationOptions
{
ClientId = ConfigurationManager.AppSettings["Microsoft.Account.ApplicationId"],
ClientSecret = ConfigurationManager.AppSettings["Microsoft.Account.ApplicationSecret"],
};
mo.Scope.Add("wl.emails");
app.UseMicrosoftAccountAuthentication(mo);
The application is configured on the application registration portal in the Converged Applications section. Allow support for implicit stream and Live SDK.
In this case, if the MSA is a school / workgroup account, then the MSA cannot also be used to authenticate a Microsoft account on our site? Or did I do something wrong?
source
share