Originally based on hajekj/aad-b2b-multitenant sample. For full explanation about how this code works, please see following blog post.

Setup instructions

1. Create an Azure AD application in the Portal.
2. Configure application's permissions to have access to Windows Azure Service Management API and also Microsoft Graph (add permissions to sign-in the user and read user's profile, read basic profiles of users and also access directory as currently signed in user)
3. Get the application's client id, client secret and configure the reply url to http://localhost:5000/signin-oidc
4. Replace the client id in the appsettings.json and place the client secret into user secrets or environmental variables if deploying to Azure.
5. In order for this to work, due to current Microsoft Graph permission model, administrator in the foreign tenants has to approve the application. Either by simply signing to it and appending &prompt=admin_consent to the login URL or through the Azure Portal, in Enterprise Applications by clicking Grant Consent (we will eventually streamline this process to make the onboarding process more easier).