AADSTS90130: Application '{application id}' (aad name) is not supported over the /common or /consumers endpoints. Please use the /organizations or tenant-specific endpoint.

[marcoforce]

I have been using the .Net Core 2.0 sample which uses the Azure AD endpoint, so that we registered using our company Azure Portal.

I have already set the client id, base URL, reply url, tenant id in my appsettings. Is there any work around or fix for this issue?

https://github.com/microsoftgraph/aspnetcore-connect-sample/tree/netcore1.1

[mark-szabo]

Hi @marcoforce The current version of this sample is using the new endpoint (aka AzureAD v2, aka MSAL). For this new endpoint you need to register your apps on https://apps.dev.microsoft.com and not on the Azure portal. You still can register it with your company email address and give permissions to others. If there is no technical reason not to use the new endpoint, I would strongly recommend to use it. If you really want to use the old endpoint (aka AzureAD v1, aka ADAL), there's an older version of the sample using that, and you can check in the commits what were changed. I'll link it here, but I'm from a phone now. Let me know wether your question was answered! 😊

[marcoforce]

Hi Mark,

Our apps are currently deployed and authenticated via portal azure. It would be a great help if we can work this out in v1 endpoint because all of our authentication (security) came from the portal azure. I have seen the solution and the steps that uses portal azure as creation of client id.

In this link. https://github.com/microsoftgraph/aspnetcore-connect-sample/tree/netcore1.1

I noticed that this is for .NetCore1.1 but indicated in the title it is .net core 2.0 (which is what we needed because all of our API is developed by .Net Core 2.0). I cloned the solution and input the client id, secret, baseurl and reply url as I thought (indicated on your guide) that this solution is for when you registered the app via azure portal.

[mark-szabo]

Duplicate of #18

[mark-szabo]

Hi @marcoforce Next time please reopen the issue instead of creating a new one with the same title!

Using MSAL (AzureAD v2) concurrently with ADAL in the same organization causes no problem at all. They should work just fine. You should just use the new app registration portal.

As I said in the other thread, this sample has a not-release version using aspnetcore2.0 and ADAL (AzureAD v1) in the git tree: https://github.com/microsoftgraph/aspnetcore-connect-sample/tree/6d2fcf63eefe4b61d769e4ce93050de736e0ab44 If you really want to stick with ADAL, you can use that as a boilerplate.

[marcoforce]

Hi Mark,

Thanks for your feedback and by sending a sample version and apologies for raising a new issue as I thought that each of the issue are different (AADSTS70001 and AADSTS90130).

As I try to clone the link you sent, I'm still experiencing the same error (just a FYI). Maybe I will wait for a release version or try to investigate/play around in this sample.

[mark-szabo]

What's the value of Instance in your appsettings.json?

[mark-szabo]

I mean, if it would be a bug in the sample, that would be ok to open a new issue. But for a question, I think it's better for the flow of the conversation / helping others later debugging to keep one question/debugging in one issue.

[marcoforce]

my value for 'Instance' is https://login.microsoftonline.com/ which all of our apps are configured in this 'Instance'.

[mark-szabo]

Yeah, that's fine. Then in Startup.cs there is common hardcoded in the AzureAd config. You need to modify that to your tenant id you want user to be able to log in from.

[marcoforce]

There is no common hardcoded in Startup.cs Azuread config. Do you mean AzureAdAuthenticationBuilderExtensions.cs? There is a config options.Authority = $"{_azureOptions.Instance}common/v2.0";.

[mark-szabo]

ohh, yeah, sorry! It's in AzureAdAuthenticationBuilderExtensions.cs as this is aspnetcore2.0. It was in Startup.cs in aspnetcore1.1...

[mark-szabo]

and remove that v2.0 too!

[marcoforce]

I tried replacing it with $"{_azureOptions.Instance}{_azureOptions.TenantId}"; the same as configured with our other app but I got 3 errors.

HttpRequestException: Response status code does not indicate success: 404 (Not Found). System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()

IOException: IDX10804: Unable to retrieve document from: 'https://login.microsoftonline.com/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.HttpDocumentRetriever+d__8.MoveNext()

InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://login.microsoftonline.com/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.ConfigurationManager+d__24.MoveNext()

[mark-szabo]

You should replace .well-known with your tenant id. You can read your tenant id from the Azure portal.

[marcoforce]

I cant seem to find .well-known but I already configured tenant id in appsetting.json

[mark-szabo]

Ohh sorry, fake news. That's not that url... So the thing is that this is loading the AD configs, but it needs a tenant id. So like https://login.microsoftonline.com/{tenant_id}/.well-known/openid-configuration. You can use the tenant domain too, like https://login.microsoftonline.com/microsoft.onmicrosoft.com/.well-known/openid-configuration. So we need to find where this url is generated and why does not include the tenant id...

[mark-szabo]

Can you please try adding the tenentid after the instance setting in appsettings.json and removing {_azureOptions.TenantId} in AzureAdAuthenticationBuilderExtensions.cs? Maybe the instance gets picked up by something else and this would solve the issue...

[marcoforce]

Hi Mark,

After applying the steps you mentioned, Sadly, I'm still getting the same error.

An unhandled exception occurred while processing the request. HttpRequestException: Response status code does not indicate success: 404 (Not Found). System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()

IOException: IDX10804: Unable to retrieve document from: 'https://login.microsoftonline.com/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.HttpDocumentRetriever+d__8.MoveNext()

InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://login.microsoftonline.com/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.ConfigurationManager+d__24.MoveNext()