mark-szabo
commented
5 years ago Hi @Simosa21, I don't think you can restrict users by tenat in the manifest file. Check here!
You can always add a validation of the token issuer in your authentication flow. Just edit here:
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
IssuerValidator = (issuer, token, tvp) =>
{
tenantId = issuer.Substring(24, 36); // Get the tenant id out of the issuer string
if (tenantId == "your tenant id here")
return issuer;
else
throw new SecurityTokenInvalidIssuerException("Invalid issuer");
},
};
Simosa21
I've been trying to configure the sample for a single tenant but I'm hitting a brick wall. If I go into App Registration (Preview) - Authentication, under Supported account types, when I register the application following the guidelines its allowing users in any organization and doesn't show the option to configure for single organization. It advises editing the manifest, but after attempting this I'm unsure as to what part of the manifest to edit, and how.
I've tried a new registration through the portal and I'm able to set the Supported account types to 'Accounts in this organizational directory only', however when I run the app, after I log in, I get an error message advising me to switch the environment to development. However, the launchSettings.json show the app is already in development. As a result I have no way of debugging the issue.
If I switch the account type to any organizational directory I get no error still. I have specified the tenant in the Authority. Any ideas?