Authenticating an ASP.NET Core web app using Azure AD - Part 2

Overview I my previous post I showed how to create a ASP.NET Core MVC web app in Visual Studio 2017 and authenticate an user with Azure Active Directory (AAD). It is high time I get to the seond part to show what happens under the covers. For this I will be using Fiddler for capturing the HTTP traffic as I load the web app on a browser and authenticate my user. Authentication Flow I captured the HTTP traffic using Fiddler. This is how the trace looks. So what's going on here. If I draw this as a sequence diagram

Authenticating an ASP.NET Core web app using Azure AD - Part 1

Overview I am in the midst of designing security of a web application hosted on Microsoft Azure. I have been exploring modern authentication and understanding OAuth, OpenID Connect, JWT etc. for sometime and thought doing some hands on demo with authenticating various application types with Azure AD. The first scenario I am describing is a web browser connecting to a ASP.NET Core MVC web application secured by Azure AD. I am updating this post on 17/04/2017 with Visual Studio 2017 and new Azure portal The steps are Create a ASP.NET Core MVC web app Configure for