ADAL Authentication Error Multi-Tenant

1
votes

I taken the sample code from the GIT for multi-tenant. https://github.com/OfficeDev/O365-WebApp-MultiTenant

In https://manage.windowsazure.com/ i enabled MULTI-TENANT to YES. But when ever i tried to login with different organization i am getting error as follows.

User account '[email protected]' from identity provider 'https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxx/' does not exist in tenant 'My Test App ' and cannot access the application 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

How can i resolve this??

3
c#azureactive-directoryoffice365
What kind of url do you use to login ? - Sébastien Pertus
you mean for api request or my web app url? - Dinesh Manne
yes, but i see Jeffrey give you the answer :) - Sébastien Pertus

3 Answers

1
votes

Finally i found the solution to my problem. From this URL https://github.com/dream-365/OfficeDev-Samples/blob/master/samples/Office365DevQuickStart/AspNetMvc-MultiTenant/

I copied the following files to my project

TokenCacheDBContext.cs

SqlDBTokenCache.cs

ServiceConstants.cs

App_Start/Startup.auth.cs

I ran the project and got one error for Office365AssertedFailedException. For that i created one more class file like

Office365AssertedFailedException.cs

I rebuild the code again and got success. Now i am able to login with multi-tenants.

0
votes

Please ensure your authority url is "https://login.windows.net/common".

If your authority url is "https://login.windows.net/{tenant_id}", you will get the error as following: enter image description here

To fix this issue, in the Startup.Auth.cs, config the authority url as "https://login.windows.net/common".

    var authority = string.Format("{0}/{1}", ServiceConstants.AzureADEndPoint, "common");

    var options = new OpenIdConnectAuthenticationOptions {
        ClientId = OAuthSettings.ClientId,
        Authority = authority,
        TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters {
            ValidateIssuer = false
        }
    };

sample Startup.Auth.cs

0
votes

I had the same issue. Just replaced 

    string authorityUri = "https://login.microsoftonline.net/common/";

with

    string authorityUri = "https://login.windows.net/common";