active-directory-dotnet-webapp-multitenant-openidconnect | NET 4.5 MVC web app | Azure library

The scenerio I am trying to tackle is as below.

1) Users can authenticate against my local database using the standard method - Works fine

2) Users can authenticate against social media platforms - Works fine

3) Now, I want certain users who have Azure AD accounts to be able to have a local account BUT get authenticated with their Azure AD. There are solutions for (1) & (2). But I couldn't found a solution that has support for all three. The closest is multi-tenant SaaS auth

For those users who should get authenticated with AD will be pre-configured in the system. (I will have their TenantID, ClientID etc... in my local DB). So, based on their user name If I can redirect to the relevant login page I should be able to support different ADs.

I am not sure how to wire it up properly (Or whether this approach is wrong/doable).

I have an existing web app that we will be adding Azure AD sign in for. The application is multi-tenanted and users currently sign on using our username and password system. The tenants we have may be using an Azure global account or an Azure Germany account. Since Microsoft Azure services for Azure AD are not dependent on a specific region I didn't think this would be an issue (see security + identity section here).

To begin with I have been looking over the documentation and following the Azure samples for multi-tenanted web apps here. The sample app is the base of my initial trial to see how all of this works and how it can then be put into our own system.

So, my sample Azure app is registered on the global version of Azure. The sign up process is successful for a test tenant on the global site. The problem comes from the Germany test tenant.

The app directs the user to the Germany login endpoint and prompts for consent as expected. The application sitting in the global Azure is then also copied into the Germany tenant's Enterprise Application area (you can see it click on it to see the information and publisher - which actually says "Foreign Cloud Applications"). So that seems to have worked out ok also. But, upon requesting a token using AcquireTokenByAuthorizationCode the following error is returned:

We have already running ASP.NET MVC web application which is using internal users via token authentication. This is implemented in standard way ASP.NET MVC template provides.

Now we have requirement to extend this authentication model and allow external Azure AD user to sign into web application for configured tenant. I have figured out everything on Azure AD side. Thanks to microsoft github example here

Now both Individual account authentication and Azure AD are working well independently. But its not working together. When I insert both middleware together its giving issue.

Here's my startup_auth.cs file.

I want to create a second tenant in my subscription in my Azure Germany Account. I need it for testing reasons like in https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-multitenant-openidconnect// step 5.

As I understand, this is done usually in https://manage.windowsazure.com/. But this seems not to work in Azure Germany, because when I try to login there it gives me an error. When I want to open https://manage.windowsazure.de there is nothing as well as on https://manage.microsoftazure.de/.

What can I do?