Preparing Microsoft.Identity.Web for being disributed as a NuGet package (#153)

* Preparing Microsoft.Identity.Web for being disributed as a NuGet package
1) Merging the content from microsoft-authentication-extensions-for-dotnet Web
2) Aligning the namespaces with the folder strucuture
3) Renaming files and classes per the style used in MSAL.NET

* Improving the doc

* Updating the README.md

* Adding an architecture diagram

* Updating the code

* Enabling the creation of a NuGet package

* Fixing regression introduced when merging both code bases

* 1. Added CreateTokenCachingTablesInSqlDatabase in SqlTokenCacheProviderExtension.cs as the developer can no longer uncomment a piece of code to create tables for Sql token caching. Updated 2-2-Token-caching
2. Fixed a bug in 4-WebApp-Your-Api which needed **services.AddSession();** in AddProtectWebApiWithMicrosoftIdentityPlatformV2().
3. Added "JwtSecurityTokenHandler.DefaultMapInboundClaims = false;" in a few startup.cs to encourage using the new claim set in V2 samples.
4. Lots of comments updated in Microsoft.IDentity.Web classes
5. Renamed *ServiceCollectionExtension classes to *TokenCacheProviderExtensions as the classes have extention methods for token providers and the name matches the purpose.
6. Fixed a bug in MsalAppMemoryTokenCacheProvider
7. Remove redundant parameters from IMsalAppTokenCacheProvider and IMsalUserTokenCacheProvider Initialize() methods

* minor typo fixed

* Removing, `JwtSecurityTokenHandler.DefaultMapInboundClaims = false;` because `preferred_username` claim was not being mapped

* Revert "Removing, `JwtSecurityTokenHandler.DefaultMapInboundClaims = false;` because `preferred_username` claim was not being mapped"

This reverts commit 45baf51.

* Change AddProtectWebApiWithMicrosoftIdentityPlatformV2 by AddProtectedWebApiWithMicrosoftIdentityPlatformV2

* Acting on @MarkZuber 's PR feedback

* AddAzureAdV2Authentication, AddProtectedApiCallsWebApis; AddMsal now takes the configuration (and optional parameters to let the developer choose the options section) => all the Startup.cs file using it are modified.

Simplifying the implementation of the token cache serializers by creating a IMsalTokenCacheProvider interface and a MsalAbstractTokenCacheProvider class implementing the common code in all the token cache providers.

Fixing a few code smells (including ConfigureAwait(false) where needed.
Chaning the CallGraph solution to be a Visual Studio 2019 solution.

* Addressing Mark's additional suggestions

* Updating the token caches

* Renaming the AbstractMsalTokenCacheProvider into MsaAbstractTokenCacheProvider, adding a class diagram and improving a README.md

* - Renamed AddAzureAdV2Authentication into AddMicrosoftIdentityPlatformAuthentication
- Renamed AddProtectedWebApiWithMicrosoftIdentityPlatformV2 into AddProtectedWebApi

* Provide migration help for the Sql Token cache provider
Remove the AsyncUsageAnalyzers
Improves the build.bat and buildAllSln.proj to add more target (restore and clean)

* Fixing a merged project

* Renaming MsalUiRequiredExceptionFilterAttribute to AuthorizeForScopesAttribute

Author: jmprieur

.gitignore

@@ -96,3 +96,8 @@
 /4-WebApp-your-API/TodoListService/obj
 /4-WebApp-your-API/TodoListService/bin
 /4-WebApp-your-API/Client/obj
+/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/bin/Debug/netcoreapp2.2
+/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/obj
+/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/bin/Release/netcoreapp2.2
+/Microsoft.Identity.Web.Test/bin/Release/netcoreapp2.2
+/Microsoft.Identity.Web.Test/obj

1-WebApp-OIDC/1-1-MyOrg/README.md

@@ -136,7 +136,7 @@ cd "1-WebApp-OIDC\1-1-MyOrg"
      by this line:
 
      ```CSharp
-      services.AddAzureAdV2Authentication(Configuration);
+      services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
      ```
 
      This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

1-WebApp-OIDC/1-1-MyOrg/Startup.cs

@@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Sign-in users with the Microsoft identity platform
-            services.AddAzureAdV2Authentication(Configuration);
+            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
 
             services.AddMvc(options =>
             {

1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md

@@ -48,14 +48,14 @@ The actual sign-in audience (accounts to sign-in) is the lowest set of what is s
 
 In order to restrict users from specific organizations to sign-in to your web app, you'll need to follow the steps above, and customize a bit more the code to restrict the valid token issuers. The token issuers are really the tenanted Azure AD authority which are allowed to issue a token to access your web application.
 
-In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddAzureAdV2Authentication(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate.
+In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftIdentityPlatformAuthentication(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate.
 
 ```CSharp
     public void ConfigureServices(IServiceCollection services)
     {
     ...
     // Sign-in users with the Microsoft identity platform
-    services.AddAzureAdV2Authentication(Configuration);
+    services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
 
     // Restrict users to specific belonging to specific tenants
     services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>

1-WebApp-OIDC/1-2-AnyOrg/README.md

@@ -136,7 +136,7 @@ cd "1-WebApp-OIDC\1-2-AnyOrg"
      by this line:
 
      ```CSharp
-      services.AddAzureAdV2Authentication(Configuration);
+      services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
      ```
 
      This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

1-WebApp-OIDC/1-2-AnyOrg/Startup.cs

@@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Sign-in users with the Microsoft identity platform
-            services.AddAzureAdV2Authentication(Configuration);
+            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
 
             services.AddMvc(options =>
             {

1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md

@@ -150,7 +150,7 @@ In the **appsettings.json** file:
      by this line:
 
      ```CSharp
-      services.AddAzureAdV2Authentication(Configuration);
+      services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
      ```
 
      This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs

@@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Sign-in users with the Microsoft identity platform
-            services.AddAzureAdV2Authentication(Configuration);
+            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
 
             services.AddMvc(options =>
             {

1-WebApp-OIDC/1-4-Sovereign/README.md

@@ -124,7 +124,7 @@ cd "1-WebApp-OIDC\1-4-Sovereign"
      by this line:
 
      ```CSharp
-            services.AddAzureAdV2Authentication(Configuration);
+            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
      ```
 
      This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

1-WebApp-OIDC/1-4-Sovereign/Startup.cs

@@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Sign-in users with the Microsoft identity platform
-            services.AddAzureAdV2Authentication(Configuration);
+            services.AddMicrosoftIdentityPlatformAuthentication(Configuration);
 
             services.AddMvc(options =>
             {

1-WebApp-OIDC/1-6-SignOut/README.md

@@ -56,7 +56,7 @@ from <https://github.com/aspnet/AspNetCore/blob/master/src/Azure/AzureAD/Authent
 The ASP.NET Core OpenIdConnect middleware enables your app to intercept the call to the Microsoft identity platform logout endpoint by providing an OpenIdConnect event named `OnRedirectToIdentityProviderForSignOut`.
 
 ```CSharp
-public static IServiceCollection AddAzureAdV2Authentication(this IServiceCollection services,
+public static IServiceCollection AddMicrosoftIdentityPlatformAuthentication(this IServiceCollection services,
                                                             IConfiguration configuration)
 {
     services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>

2-WebApp-graph-user/2-1-Call-MSGraph/AspnetCoreWebApp-calls-Microsoft-Graph.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27130.2027
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29123.89
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebApp-OpenIDConnect-DotNet", "WebApp-OpenIDConnect-DotNet.csproj", "{8DCFEEC2-0A85-4C7E-B96A-21C9184470B1}"
 EndProject

2-WebApp-graph-user/2-1-Call-MSGraph/Controllers/HomeController.cs

@@ -6,7 +6,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 using Graph=Microsoft.Graph;
-using Microsoft.Identity.Web.Client;
+using Microsoft.Identity.Web;
 using WebApp_OpenIDConnect_DotNet.Infrastructure;
 using WebApp_OpenIDConnect_DotNet.Models;
 using WebApp_OpenIDConnect_DotNet.Services;
@@ -31,7 +31,7 @@ public IActionResult Index()
             return View();
         }
 
-        [MsalUiRequiredExceptionFilter(Scopes = new[] { Constants.ScopeUserRead })]
+        [AuthorizeForScopes(Scopes = new[] { Constants.ScopeUserRead })]
         public async Task<IActionResult> Profile()
         {
             // Initialize the GraphServiceClient. 
@@ -43,9 +43,11 @@ public async Task<IActionResult> Profile()
             try
             {
                 // Get user photo
-                var photoStream = await graphClient.Me.Photo.Content.Request().GetAsync();
-                byte[] photoByte = ((MemoryStream)photoStream).ToArray();
-                ViewData["Photo"] = Convert.ToBase64String(photoByte);
+                using (var photoStream = await graphClient.Me.Photo.Content.Request().GetAsync())
+                {
+                    byte[] photoByte = ((MemoryStream)photoStream).ToArray();
+                    ViewData["Photo"] = Convert.ToBase64String(photoByte);
+                }
             }
             catch (System.Exception)
             {
@@ -59,8 +61,7 @@ public async Task<IActionResult> Profile()
         {
             return GraphServiceClientFactory.GetAuthenticatedGraphClient(async () =>
             {
-                string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUser(
-                       HttpContext, scopes);
+                string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes);
                 return result;
             }, webOptions.GraphApiUrl);
         }

2-WebApp-graph-user/2-1-Call-MSGraph/README.md

@@ -82,16 +82,16 @@ Starting from the [previous phase of the tutorial](../../1-WebApp-OIDC), the cod
 
 ### Update the `Startup.cs` file to enable TokenAcquisition by a MSAL.NET based service
 
-After the following lines in the ConfigureServices(IServiceCollection services) method, replace `services.AddAzureAdV2Authentication(Configuration);`, by the following lines:
+After the following lines in the ConfigureServices(IServiceCollection services) method, replace `services.AddMicrosoftIdentityPlatformAuthentication(Configuration);`, by the following lines:
 
 ```CSharp
  public void ConfigureServices(IServiceCollection services)
 {
     . . .
     // Token acquisition service based on MSAL.NET 
     // and chosen token cache implementation
-    services.AddAzureAdV2Authentication(Configuration)
-            .AddMsal(new string[] { Constants.ScopeUserRead })
+    services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
+            .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
             .AddInMemoryTokenCache();
 ```
 
@@ -100,9 +100,14 @@ The two new lines of code:
 - enable MSAL.NET to hook-up to the OpenID Connect events and redeem the authorization code obtained by the ASP.NET Core middleware and after obtaining a token, saves it into the token cache, for use by the Controllers.
 - Decide which token cache implementation to use. In this part of the phase, we'll use a simple in memory token cache, but next steps will show you other implementations you can benefit from, including distributed token caches based on a SQL database, or a Redis cache.
 
+  > Note that you can replace the *in memory token cache* serialization by a *session token cache*  (stored in a session cookie). To do this replacement, change the following in **Startup.cs**:
+  > - replace `using Microsoft.Identity.Web.TokenCacheProviders.InMemory` by `using Microsoft.Identity.Web.TokenCacheProviders.Session`
+  > - Replace `.AddInMemoryTokenCaches()` by `.AddSessionTokenCaches()`
+  > add `app.UseSession();` in the `Configure(IApplicationBuilder app, IHostingEnvironment env)` method, for instance after `app.UseCookiePolicy();`
+
 ### Add additional files to call Microsoft Graph
 
-Add the `Services\Microsoft-Graph-Rest\*.cs` files. This is an implementation of a custom service which encapsultes the call to the Microsoft Graph /me endpoint. Given an access token for Microsoft Graph, it's capable of getting the user information and the photo of the user.
+Add the `Services\Microsoft-Graph-Rest\*.cs` files. This is an implementation of a custom service which encapsulates the call to the Microsoft Graph /me endpoint. Given an access token for Microsoft Graph, it's capable of getting the user information and the photo of the user.
 
 ```CSharp
 public interface IGraphApiOperations
@@ -138,10 +143,10 @@ In the `Controllers\HomeController.cs`file:
    private readonly IGraphApiOperations graphApiOperations;
    ```
 
-1. Add a `Profile()` action so that it calls the Microsoft Graph *me* endpoint. In case a token cannot be acquired, a challenge is attempted to re-sign-in the user, and have them consent to the requested scopes. This is expressed declaratively by the `MsalUiRequiredExceptionFilter`attribute. This attribute is part of the `Microsoft.Identity.Web` project and automatically manages incremental consent.
+1. Add a `Profile()` action so that it calls the Microsoft Graph *me* endpoint. In case a token cannot be acquired, a challenge is attempted to re-sign-in the user, and have them consent to the requested scopes. This is expressed declaratively by the `AuthorizeForScopes`attribute. This attribute is part of the `Microsoft.Identity.Web` project and automatically manages incremental consent.
 
    ```CSharp
-   [MsalUiRequiredExceptionFilter(Scopes = new[] {Constants.ScopeUserRead})]
+   [AuthorizeForScopes(Scopes = new[] {Constants.ScopeUserRead})]
    public async Task<IActionResult> Profile()
    {
     var accessToken =

2-WebApp-graph-user/2-1-Call-MSGraph/Services/GraphServiceClientFactory.cs

@@ -23,7 +23,7 @@ public CustomAuthenticationProvider(Func<Task<string>> acquireTokenCallback)
             acquireAccessToken = acquireTokenCallback;
         }
 
-        private Func<Task<string>> acquireAccessToken;
+        private readonly Func<Task<string>> acquireAccessToken;
 
         public async Task AuthenticateRequestAsync(HttpRequestMessage request)
         {

2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs

@@ -7,7 +7,7 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Identity.Web;
-using Microsoft.Identity.Web.Client.TokenCacheProviders;
+using Microsoft.Identity.Web.TokenCacheProviders.InMemory;
 using WebApp_OpenIDConnect_DotNet.Infrastructure;
 using WebApp_OpenIDConnect_DotNet.Services;
 
@@ -36,9 +36,9 @@ public void ConfigureServices(IServiceCollection services)
 
             // Token acquisition service based on MSAL.NET
             // and chosen token cache implementation
-            services.AddAzureAdV2Authentication(Configuration)
-                    .AddMsal(new string[] { Constants.ScopeUserRead })
-                    .AddInMemoryTokenCaches();
+            services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
+               .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
+               .AddInMemoryTokenCaches();
 
             // Add Graph
             services.AddGraphService(Configuration);

2-WebApp-graph-user/2-2-TokenCache/AppCreationScripts/Cleanup.ps1

@@ -5,7 +5,7 @@ param(
     [string] $tenantId
 )
 
-if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) { 
+if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) { 
     Install-Module "AzureAD" -Scope CurrentUser 
 } 
 Import-Module AzureAD
@@ -44,20 +44,27 @@ This function removes the Azure AD applications for the sample. These applicatio
         $tenantId = $creds.Tenant.Id
     }
     $tenant = Get-AzureADTenantDetail
-    $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
+    $tenantName =  ($tenant.VerifiedDomains | Where-Object { $_._Default -eq $True }).Name
 
     # Removes the applications
     Write-Host "Cleaning-up applications from tenant '$tenantName'"
 
     Write-Host "Removing 'webApp' (WebApp-OpenIDConnect-DotNet-code-v2) if needed"
-    $app=Get-AzureADApplication -Filter "DisplayName eq 'WebApp-OpenIDConnect-DotNet-code-v2'"  
+    Get-AzureADApplication -Filter "DisplayName eq 'WebApp-OpenIDConnect-DotNet-code-v2'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
+    $apps = Get-AzureADApplication -Filter "DisplayName eq 'WebApp-OpenIDConnect-DotNet-code-v2'"
+    if ($apps)
+    {
+        Remove-AzureADApplication -ObjectId $apps.ObjectId
+    }
 
-    if ($app)
+    foreach ($app in $apps) 
     {
         Remove-AzureADApplication -ObjectId $app.ObjectId
-        Write-Host "Removed."
+        Write-Host "Removed WebApp-OpenIDConnect-DotNet-code-v2.."
     }
-
+    # also remove service principals of this app
+    Get-AzureADServicePrincipal -filter "DisplayName eq 'WebApp-OpenIDConnect-DotNet-code-v2'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    
 }
 
-Cleanup -Credential $Credential -tenantId $TenantId
+Cleanup -Credential $Credential -tenantId $TenantId

2-WebApp-graph-user/2-2-TokenCache/AppCreationScripts/Configure.ps1

@@ -134,6 +134,7 @@ Function UpdateTextFile([string] $configFilePath, [System.Collections.HashTable]
     Set-Content -Path $configFilePath -Value $lines -Force
 }
 
+
 Set-Content -Value "<html><body><table>" -Path createdApps.html
 Add-Content -Value "<thead><tr><th>Application</th><th>AppId</th><th>Url in the Azure portal</th></tr></thead><tbody>" -Path createdApps.html
 
@@ -145,6 +146,8 @@ Function ConfigureApplications
    so that they are consistent with the Applications parameters
 #> 
 
+    $commonendpoint = "common"
+
     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
 
@@ -201,10 +204,11 @@ Function ConfigureApplications
    $owner = Get-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId
    if ($owner -eq $null)
    { 
-    Add-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId -RefObjectId $user.ObjectId
-    Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($webAppServicePrincipal.DisplayName)'"
+        Add-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId -RefObjectId $user.ObjectId
+        Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($webAppServicePrincipal.DisplayName)'"
    }
 
+
    Write-Host "Done creating the webApp application (WebApp-OpenIDConnect-DotNet-code-v2)"
 
    # URL of the AAD application in the Azure portal
@@ -230,7 +234,7 @@ Function ConfigureApplications
    Write-Host "Updating the sample code ($configFile)"
    $dictionary = @{ "ClientId" = $webAppAadApplication.AppId;"TenantId" = $tenantId;"Domain" = $tenantName;"ClientSecret" = $webAppAppKey };
    UpdateTextFile -configFilePath $configFile -dictionary $dictionary
-
+  
    Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html  
 }
 

2-WebApp-graph-user/2-2-TokenCache/Controllers/HomeController.cs

@@ -2,7 +2,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Identity.Web.Client;
+using Microsoft.Identity.Web;
 using WebApp_OpenIDConnect_DotNet.Infrastructure;
 using WebApp_OpenIDConnect_DotNet.Models;
 using WebApp_OpenIDConnect_DotNet.Services.GraphOperations;
@@ -27,11 +27,11 @@ public IActionResult Index()
             return View();
         }
 
-        [MsalUiRequiredExceptionFilter(Scopes = new[] {Constants.ScopeUserRead})]
+        [AuthorizeForScopes(Scopes = new[] {Constants.ScopeUserRead})]
         public async Task<IActionResult> Profile()
         {
             var accessToken =
-                await tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, new[] {Constants.ScopeUserRead});
+                await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] {Constants.ScopeUserRead});
 
             var me = await graphApiOperations.GetUserInformation(accessToken);
             var photo = await graphApiOperations.GetPhotoAsBase64Async(accessToken);

2-WebApp-graph-user/2-2-TokenCache/README.md

@@ -60,8 +60,9 @@ Go to the `"2-WebApp-graph-user\2-2-TokenCache"` folder
    >   "TokenCacheDbConnStr": "Data Source=(LocalDb)\\MSSQLLocalDB;Database=MY_TOKEN_CACHE_DATABASE;Trusted_Connection=True;"
    > },
    > ```
+
 1. If you do not have an existing database and tables needed for token caching, this sample can use  [EF Core- code first](https://docs.microsoft.com/en-us/ef/core/get-started/aspnetcore/new-db?tabs=visual-studio) to create a database and tables for you. to do that, follow the steps below.
-    1. In the file `Microsoft.Identity.Web\Client\TokenCacheProviders\Sql\MSALAppSqlTokenCacheProviderExtension.cs`, uncomment the code under the **// Uncomment the following lines to create the database.**. This comment exists once in the **AddSqlAppTokenCache** and **AddSqlPerUserTokenCache**  methods.
+    1. In the file `Startup.cs`, uncomment the code under the **// Uncomment the following to initialize the sql server database with tables required to cache tokens.**. This comment exists once in the **ConfigureServices** methods.
     1. Run the solution again, when a user signs-in the very first time, the Entity Framework will create the database and tables  `AppTokenCache` and `UserTokenCache` for app and user token caching respectively.
 
 - In case you want to deploy your app in Sovereign or national clouds, ensure the `GraphApiUrl` option matches the one you want. By default this is Microsoft Graph in the Azure public cloud