Usage of the /common endpoint is not supported for such applications created after '10/15/2018' issue

Question

Similar issue here. I have checked the answer and try to implement all the possible forms of link in my startup.cs class with the following code:

var idClient = ConfidentialClientApplicationBuilder.Create(appId)
                .WithRedirectUri(redirectUri)
                .WithTenantId(tenantId)
                .WithClientSecret(appSecret)
                .WithAuthority(Authority) // Authority contains the link as mentioned in the page(link attached above)
                .Build();

I still get the similar error:

"OpenIdConnectMessage.Error was not null, indicating an error. Error: 'invalid_request'. Error_Description (may be empty): 'AADSTS50194: Application 'xxx-xxx-xxx-xxx-xxxx'(ASPNET-Quickstart) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant. Trace ID: xxx-xxx-xxx-xxx-xxxx Correlation ID: xxx-xxx-xxx-xxx-xxxx Timestamp: 2022-06-11 05:33:24Z'. Error_Uri (may be empty): 'error_uri is null'."

The combination of links I have used in variable Authority are the following: "https://login.microsoftonline.com/MY_TENANT_NAME" and "https://login.microsoftonline.com/MY_TENANT_ID"

I am being redirect to login page but after entering credentials OnAuthenticationFailedAsync method is being executed. This is the code of my startup class:

[assembly: OwinStartup(typeof(Web.Startup))]

namespace Web
{
    public partial class Startup
    {
        // Load configuration settings from PrivateSettings.config
        private static string appId = ConfigurationManager.AppSettings["ida:AppId"];
        private static string appSecret = ConfigurationManager.AppSettings["ida:AppSecret"];
        private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
        private static string graphScopes = ConfigurationManager.AppSettings["ida:AppScopes"];
        private static string tenantId = ConfigurationManager.AppSettings["ida:tenantId"];
        private static string aadInstance = EnsureTrailingSlash(ConfigurationManager.AppSettings["ida:AADInstance"]);
        public static string Authority = "https://graph.microsoft.com/"+ tenantId;
        string graphResourceId = "https://graph.microsoft.com/";

        public void Configuration(IAppBuilder app)
        {
            // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = appId,
                    Authority = "https://login.microsoftonline.com/common/v2.0",
                    Scope = $"openid email profile offline_access {graphScopes}",
                    RedirectUri = redirectUri,
                    PostLogoutRedirectUri = redirectUri,
                    TokenValidationParameters = new TokenValidationParameters
                    {
                        // For demo purposes only, see below
                        ValidateIssuer = true
                    },
                    Notifications = new OpenIdConnectAuthenticationNotifications
                    {
                        AuthenticationFailed = OnAuthenticationFailedAsync,
                        AuthorizationCodeReceived = OnAuthorizationCodeReceivedAsync
                    }
                }
            );
        }
        private static Task OnAuthenticationFailedAsync(AuthenticationFailedNotification<OpenIdConnectMessage,
            OpenIdConnectAuthenticationOptions> notification)
        {
            notification.HandleResponse();
            string redirect = $"/Home/Error?message={notification.Exception.Message}";
            if (notification.ProtocolMessage != null && !string.IsNullOrEmpty(notification.ProtocolMessage.ErrorDescription))
            {
                redirect += $"&debug={notification.ProtocolMessage.ErrorDescription}";
            }
            notification.Response.Redirect(redirect);
            return Task.FromResult(0);
        }

        private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
        {
            var idClient = ConfidentialClientApplicationBuilder.Create(appId)
                .WithRedirectUri(redirectUri)
                .WithTenantId(tenantId)
                .WithClientSecret(appSecret)
                .WithAuthority(Authority)
                .Build();
           
            string email = string.Empty;
            try
            {
                string[] scopes = graphScopes.Split(' ');

                var result = await idClient.AcquireTokenByAuthorizationCode(
                    scopes, notification.Code).ExecuteAsync();

                email = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
            }
            catch (MsalException ex)
            {
                System.Diagnostics.Trace.TraceError(ex.Message);
            }
            notification.HandleResponse();
            notification.Response.Redirect($"/Account/SignInAzure?email={email}");
        }

        private static string EnsureTrailingSlash(string value)
        {
            if (value == null)
            {
                value = string.Empty;
            }

            if (!value.EndsWith("/", StringComparison.Ordinal))
            {
                return value + "/";
            }

            return value;
        }

    }
}

My application is for single tenant so please don't suggest me to change the setting and make it for multi-tenant.

Answer 1

Please check below points:

After trying to change it to specific tenant i.e.; After changing to Ex: - https://login.microsoftonline.com/contoso.onmicrosoft.com (or tenant id), please save changes ,refresh portal / everything and try again.

If still it shows the error , check if the Application is registered to the Azure AD Tenant as Multi Tenant Application.

• Then if it still remains check if the account is actually on Azure AD ,as this error can occur when the user credentials you are trying to use does not belong to the same tenant where the application is actually registered in.
• If it is different tenant and you are trying to access from different account, then you may need to change its supported account types to any organizational directory or you need to check for correct credentials. If not check everything or create a new app registration .
• Also please check this "Use a tenant-specific endpoint or configure the application to be multi-tenant" when signing into my Azure website for possible ways to solve the issue.

Else you can raise a support request

References:

1. msal - MsalException: Applicationis not configured as a multi-tenant application. Android - Stack Overflow
2. Use single-tenant Azure AD apps with Microsoft Graph Toolkit - Waldek Mastykarz