Create client credential for Azure AD's App registration

Question

I created a new ASP.NET Core MVC 6.0 web application >> and i define it to use Azure AD for authentication, as follow:-

then i were asked to create owned application, so i created one named "ad" as follow:-

and inside my application's appsetting i got these settings:-

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "*****",
    "TenantId": "***",
    "ClientId": "***",
    "CallbackPath": "/signin-oidc"
  },

so seems visual studio did all the work for us. but when i accessed the "ad" application inside Azure >> i got that this application does not have any client credentials, so is this fine, as follow:-

Second question, if i want to define credentials, seems i have 2 options; create a client secret or certificate. so what are the differences between them? and if we add a client credentials then do we need to update our asp.net application accordingly ?

Thanks

Answer 1

Note that: Client Secret and certificate is kind of password to the Azure AD Application and can be used to authenticate the Application.

I tried to reproduce the same in my environment and got the results like below:

You can create the client_secret while creating the Application as below:

The appsettings.json file looks like below:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "*****",
    "TenantId": "***",
    "ClientId": "***",
    "ClientSecret" : "***"
    "CallbackPath": "/signin-oidc"
  },

Otherwise, you can generate the client secret manually in the Azure Portal like below:

For certificate authentication, refer this MsDoc.

• To prove the application identity client secret or certificate is required while generating the token.
• Certificate is more secure than client secret.
• Certificate is more expensive than client secret.
• While accessing the API, client secret is required.
• Client secret or certificate provides security to the Application blocking anonyms access.