I have a 'Cart' application - written as legacy ASP.NET web application with accompanying ASMX services. The application is two-layered, both the back and front end are deployed to the same App Service.
The application's main use case is being accessed via an iFrame from within Microsoft Dynamics 365 online.
We have recently swtiched on the in-built Azure Authentication from the Azure App Service that the application is deployed too.
What we have found is that in some cases, when the a redirect is happening within the iFrame to the AAD Login url, the iFrame is returning an error. I believe this is due to click-jacking protection implemented on iFrames, a feature which can't be 'switched off'.
My question is how to best resolve this, we'd like the application to log in as the same account as is being used to log into Dynamics, seamlessly, without needing to select an account or log in.