Grant Russell Grant Russell - 1 year ago 90
C# Question

Disable linked personal accounts for MVC active directory sign in

I have followed the instructions here to create an MVC application with the default configuration to authenticate with Azure active directory.

The Microsoft sign in page presents an option to choose whether I sign in with a 'work / school' account or 'personal' account. This is because i have a personal account set up with the same email as my organisational one.

I would like to prevent personal account sign in.

I know that appending the query string (msafed=0) to the login URL does exactly this, however I don't have a clue where to implement this in the default authentication code.

Answer Source

Yep, msafed=0 is the way to go. If you're using OWIN, try hooking the RedirectToIdentityProvider notification in the OpenIdConnectAuthenticationOptions. There you can append extra query parameters in the outgoing request.