ASP.NET Core, Microsoft Account Login & AADSTS70001

Question

I'm trying to use the Microsoft Account Login in my application. I tried it some years ago and MSAccount was always difficult to use because of some restrictions (localhost development etc.) - but it seems this is now possible.

I used this docs.microsoft guide and created a brand new ASP.NET Core Application & used the Microsoft.AspNetCore.Authentication.MicrosoftAccount NuGet package.

When I click the Microsoft Login Button I'm redirected to the login.microsoft page: (I removed the clientId & state)

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=....&scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A44320%2Fsignin-microsoft&state=....

Now I'm entering my personal Microsoft Account login information (e.g. [email protected])

Next I will be redirected to the "Enter password" page:

https://login.live.com/oauth20_authorize.srf?client_id=....&scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A44320%2Fsignin-microsoft&state=...&login_hint=...&ui_locales=en-US&display=page&uaid=21775924944348cfb0f84a8c0af34259&issuer=mso&tenant=common&msproxy=1

After I type in my password and click sign-in I'm redirected back to my application with a big "unhandled exception occurred"

Exception: OAuth token endpoint failure: Status: BadRequest;Headers: Cache-Control: no-store, no-cache Date: Wed, 12 Apr 2017 06:57:18 GMT Pragma: no-cache P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Server: Microsoft-IIS/8.5 Set-Cookie: esctx=AQABAAAAAABnfiG-mA6NTae7CdWW7QfdD3JzLSDc3ZvXogRmsm6vmOSSFDequk0G6rQQlFmOrTaEnzNYcStgzBDm04fNESerSjI3ytHGCzBQkCrOZSy5bYq5CrARZbRfx_oh8wbkqVaK8c1Q6VYyxN43noSOCpff72HxLg9fgB7t4DIPl7QLSjsFVmVxxeN4Xs06bT40AxogAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly, x-ms-gateway-slice=004; path=/; secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff x-ms-request-id: de0960ca-282b-4832-8d79-7e544fb30500 X-Powered-By: ASP.NET ;Body: {"error":"unauthorized_client","error_description":"AADSTS70001: Application with identifier '000000004C1CEB08' was not found in the directory 9188040d-6c67-4c5b-b112-36a304b66dad\r\nTrace ID: de0960ca-282b-4832-8d79-7e544fb30500\r\nCorrelation ID: f204ae6b-8169-4b2c-8af6-902f1c62b79d\r\nTimestamp: 2017-04-12 06:57:19Z","error_codes":[70001],"timestamp":"2017-04-12 06:57:19Z","trace_id":"de0960ca-282b-4832-8d79-7e544fb30500","correlation_id":"f204ae6b-8169-4b2c-8af6-902f1c62b79d"}; ```

In the past we did some Azure Active Directory / Office 365 development and my MSAccount might also be inside one or two different Azure Active Directories, but my goal is just to login with my personal Microsoft Account, so I'm not sure why the error points to some AAD directory.

Any hint how to solve this?

Answer 1

The problem was related to my app registration. Under this URL you can create to different application types - make sure you use a converged application and not(!) a Live SDK application.

The application ID should be in form of a guid (the live SDK applications app ids are not guids).

Answer 2

As below image your ClientSecret is under "Value"(not under "Secret ID"):

and As below image your ClientId is "Application (client) ID"(not "Directory (tenant) ID"):