Switching your .NET application from Twilio-based authentication (like SMS 2FA/OTP) to Active Directory authentication (either Azure AD or on-prem AD) involves replacing your current authentication mechanism with one based on enterprise identity management.
After the migration, authentication will be secured through Azure Active Directory, supporting Single Sign-On (SSO) and ready for Multi-Factor Authentication (MFA).
The identity storage is fully managed within Azure AD, removing the need for custom solutions.
User onboarding will automatically be handled through Active Directory, simplifying access management.
SMS-related costs, such as those from Twilio, will be eliminated.
Lastly, the overall enterprise compliance posture will be improved through standardized and secure identity practices.
Let’s break this down clearly:
Pre-Requisites:
- Your app is built in ASP.NET Core (.NET 5, 6, 7 or 8).
- You have access to an Azure AD tenant.
- You are able to register applications in Azure AD (via Azure Portal or your AD admin).
- Your app currently uses Twilio for OTP logins (e.g., phone number + code). Overview of Key Differences
Twilio OTP :
User Identity Source uses a Custom database or phone-based
Auth Type uses one time pass code (OTP) using SMS
Security & Scalability are Basic
User Experience is Manual login
Auth Azure AD Authentication :
User Identity Source uses Azure AD (SSO, corporate directory)
Auth Type is OAuth2 + OpenID Connect
Security & Scalability - Enterprise-grade (MFA, conditional access)
User Experience - Seamless SSO, AD-integrated login
Step-by-Step : Switch from Twilio to Active Directory Authentication
Step 1: Identify Your Target AD
Azure Active Directory (Azure AD) – for cloud-based authentication (common for web apps)
On-Premises Active Directory – use Windows Authentication or LDAP via a VPN or internal network
Most modern .NET Core apps use Azure AD for seamless SSO and federation.
Step 2: Remove Twilio Auth Logic
Remove or comment out OTP generation and SMS logic in your login flow
Typically, this would be in services like AuthService, OTPController, or middleware
Example:
//C#
// Remove code that sends verification code via Twilio
// twilioClient.SendMessage(phoneNumber, "Your OTP is...");
Step 3: Add Azure AD Authentication (for ASP.NET Core)
3.1. Install the NuGet Package:
bash: dotnet add package Microsoft.AspNetCore.Authentication.AzureAD.UI
For .NET 6+, use Microsoft.Identity.Web
3.2. In Program.cs or Startup.cs:
//If .NET 6+
//C#
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddControllersWithViews();
//If .NET Core 3.1/5.0:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
3.3. In appsettings.json:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "yourcompany.com",
"TenantId": "YOUR_TENANT_ID",
"ClientId": "YOUR_CLIENT_ID",
"CallbackPath": "/signin-oidc"
3.4. Add Authentication Middleware:
//C#
app.UseAuthentication();
app.UseAuthorization();
Step 4: Protect Your Controllers/Pages
//C#
[Authorize]
public class DashboardController : Controller
{
public IActionResult Index()
{
return View();
}
}
Step 5: (Optional) Display AD Info or Roles
//C#
User.Identity.Name; // Gets AD username
User.IsInRole("Admin"); // Role-based access
Note: If you need to access more user info (email, group membership, etc.), you can use Microsoft Graph API.
Final Step: Test the Authentication Flow
- When users hit a protected route, they should be redirected to Microsoft login
- After login, they’re redirected back to your app with an authenticated session
Nice post!!