mergin master to jmprieur/SimplifyTokenCacheProviders branch

Author: jmprieur

1-WebApp-OIDC/1-1-MyOrg/README.md

@@ -32,26 +32,32 @@ To run this sample:
 
 There is one project in this sample. To register it, you can:
 
-- either use PowerShell scripts that **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you and modify the Visual Studio projects' configuration files. If you want to use this automation:
+- either use PowerShell scripts that **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you and modify the Visual Studio projects' configuration files.
 
-  1. On Windows run PowerShell and navigate to the solution's folder
-  2. In PowerShell run:
+  <details>
+  <summary>Expand to see how to use this automation</summary>
 
-     ```PowerShell
-     Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
-     ```
+    1. On Windows run PowerShell and navigate to the solution's folder
 
-  3. Run the script to create your Azure AD application and configure the code of the sample application accordinly
+    2. In PowerShell run:
 
-     ```PowerShell
-     .\AppCreationScripts\Configure.ps1
-     ```
+       ```PowerShell
+       Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
+       ```
+
+    3. Run the script to create your Azure AD application and configure the code of the sample application accordingly
+
+       ```PowerShell
+       .\AppCreationScripts\Configure.ps1
+       ```
 
-   > Other ways of running the scripts are described in [App Creation Scripts](./AppCreationScripts/AppCreationScripts.md)
+       > Other ways of running the scripts are described in [App Creation Scripts](./AppCreationScripts/AppCreationScripts.md)
 
-  4. Open the Visual Studio solution and click start. That's it!
+    4. Open the Visual Studio solution and click start. That's it!
 
-- or, if you don't want to use automation, follow the steps below:
+    </details>
+
+- or, if you want to register your application with the Azure portal, follow the steps below:
 
 #### Choose the Azure AD tenant where you want to create your applications
 
@@ -68,9 +74,23 @@ As a first step you'll need to:
 1. When the **Register an application page** appears, enter your application's registration information:
    - In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `WebApp`.
    - In the **Supported account types** section, select **Accounts in this organizational directory only ({tenant name})**.
+     <details open=true>
+     <summary>Expand/collapse screenshot</summary>
+
+       ![Register app](../../ReadmeFiles/screenshot-register-app.png)
+
+     </details>
      > Note that there are more than one redirect URIs. You'll need to add them from the **Authentication** tab later after the app has been created succesfully.
+     
 1. Select **Register** to create the application.
 1. On the app **Overview** page, find the **Application (client) ID** value and record it for later. You'll need it to configure the Visual Studio configuration file for this project.
+   <details open=true>
+   <summary>Expand/collapse screenshot</summary>
+
+     ![OVerview page](../../ReadmeFiles/screenshot-overview.png)
+
+   </details>
+
 1. In the list of pages for the app, select **Authentication**..
    - In the Redirect URIs section, select **Web** in the combo-box and enter the following redirect URIs.
        - `https://localhost:44321/`
@@ -79,6 +99,13 @@ As a first step you'll need to:
    - In the **Advanced settings** | **Implicit grant** section, check **ID tokens** as this sample requires
      the [Implicit grant flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-implicit-grant-flow) to be enabled to
      sign-in the user.
+     <details open=true>
+     <summary>Expand/collapse screenshot</summary>
+
+       ![Authentication page](../../ReadmeFiles/screenshot-authentication.png)
+
+     </details>
+
 1. Select **Save**.
 
 > Note that unless the Web App calls a Web API, no certificate or secret is needed.

1-WebApp-OIDC/README.md

@@ -1,22 +1,3 @@
----
-services: active-directory
-platforms: dotnet
-author: jmprieur
-level: 200
-client: ASP.NET Core .Web App
-service: Microsoft Graph, Azure Storage, ASP.NET Core Web API
-endpoint: Microsoft identity platform
-page_type: sample
-languages:
-  - csharp  
-products:
-  - azure
-  - azure-active-directory  
-  - dotnet
-  - office-ms-graph
-  - aspnet-core
-  - azure-storage
----
 [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/AAD%20Samples/.NET%20client%20samples/ASP.NET%20Core%20Web%20App%20tutorial)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=819)
 
 # Tutorial Phase - Enable your Web Apps to sign-in users

2-WebApp-graph-user/2-1-Call-MSGraph/README.md

@@ -104,6 +104,37 @@ The two new lines of code:
   > - replace `using Microsoft.Identity.Web.TokenCacheProviders.InMemory` by `using Microsoft.Identity.Web.TokenCacheProviders.Session`
   > - Replace `.AddInMemoryTokenCaches()` by `.AddSessionTokenCaches()`
   > add `app.UseSession();` in the `Configure(IApplicationBuilder app, IHostingEnvironment env)` method, for instance after `app.UseCookiePolicy();`
+  >
+  >
+  > You can also use a distributed token cache, and choose the serialization implementation. For this,  in **Startup.cs**:
+  > - replace `using Microsoft.Identity.Web.TokenCacheProviders.InMemory` by `using Microsoft.Identity.Web.TokenCacheProviders.Distributed`
+  > - Replace `.AddInMemoryTokenCaches()` by `.AddDistributedTokenCaches()`
+  > - Then choose the distributed cache implementation. For details, see https://docs.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-2.2#distributed-memory-cache
+  >
+  >   ```CSharp
+  >   // use a distributed Token Cache by adding
+  >      .AddDistributedTokenCaches();
+  >
+  >   // and then choose your implementation.
+  >  
+  >   // For instance the distributed in memory cache (not cleaned when you stop the app)
+  >   services.AddDistributedMemoryCache()
+  >
+  >   // Or a Redis cache
+  >   services.AddStackExchangeRedisCache(options =>
+  >   {
+  >    options.Configuration = "localhost";
+  >    options.InstanceName = "SampleInstance";
+  >   });
+  >
+  >   // Or even a SQL Server token cache
+  >   services.AddDistributedSqlServerCache(options =>
+  >   {
+  >    options.ConnectionString =_config["DistCache_ConnectionString"];
+  >    options.SchemaName = "dbo";
+  >    options.TableName = "TestCache";
+  >   });
+  >   ```
 
 ### Add additional files to call Microsoft Graph
 

2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs

@@ -7,6 +7,7 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Identity.Web;
+using Microsoft.Identity.Web.TokenCacheProviders.Distributed;
 using Microsoft.Identity.Web.TokenCacheProviders.InMemory;
 using WebApp_OpenIDConnect_DotNet.Infrastructure;
 using WebApp_OpenIDConnect_DotNet.Services;
@@ -40,6 +41,32 @@ public void ConfigureServices(IServiceCollection services)
                .AddMsal(Configuration, new string[] { Constants.ScopeUserRead })
                .AddInMemoryTokenCaches();
 
+            /*
+               // or use a distributed Token Cache by adding 
+                           .AddDistributedTokenCaches();
+
+               // and then choose your implementation. 
+               // See https://docs.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-2.2#distributed-memory-cache
+
+               // For instance the distributed in memory cache
+                services.AddDistributedMemoryCache()
+
+               // Or a Redis cache
+               services.AddStackExchangeRedisCache(options =>
+                    {
+                        options.Configuration = "localhost";
+                        options.InstanceName = "SampleInstance";
+                    });
+
+               // Or even a SQL Server token cache
+               services.AddDistributedSqlServerCache(options =>
+                {
+                    options.ConnectionString = 
+                        _config["DistCache_ConnectionString"];
+                    options.SchemaName = "dbo";
+                    options.TableName = "TestCache";
+                });
+            */
             // Add Graph
             services.AddGraphService(Configuration);
 
@@ -81,4 +108,4 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env)
             });
         }
     }
-}
+}

2-WebApp-graph-user/2-2-TokenCache/AppCreationScripts/Cleanup.ps1

@@ -9,7 +9,7 @@ if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) {
     Install-Module "AzureAD" -Scope CurrentUser 
 } 
 Import-Module AzureAD
-$ErrorActionPreference = 'Stop'
+$ErrorActionPreference = "Stop"
 
 Function Cleanup
 {

2-WebApp-graph-user/2-2-TokenCache/AppCreationScripts/Configure.ps1

@@ -65,7 +65,7 @@ Function AddResourcePermission($requiredAccess, `
 }
 
 #
-# Exemple: GetRequiredPermissions "Microsoft Graph"  "Graph.Read|User.Read"
+# Example: GetRequiredPermissions "Microsoft Graph"  "Graph.Read|User.Read"
 # See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell
 Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requiredDelegatedPermissions, [string]$requiredApplicationPermissions, $servicePrincipal)
 {
@@ -134,18 +134,18 @@ Function UpdateTextFile([string] $configFilePath, [System.Collections.HashTable]
     Set-Content -Path $configFilePath -Value $lines -Force
 }
 
-
 Set-Content -Value "<html><body><table>" -Path createdApps.html
 Add-Content -Value "<thead><tr><th>Application</th><th>AppId</th><th>Url in the Azure portal</th></tr></thead><tbody>" -Path createdApps.html
 
+$ErrorActionPreference = "Stop"
+
 Function ConfigureApplications
 {
 <#.Description
    This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
    configuration files in the client and service project  of the visual studio solution (App.Config and Web.Config)
    so that they are consistent with the Applications parameters
 #> 
-
     $commonendpoint = "common"
 
     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
@@ -177,7 +177,7 @@ Function ConfigureApplications
     $tenant = Get-AzureADTenantDetail
     $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
 
-    # Get the user running the script
+    # Get the user running the script to add the user as the app owner
     $user = Get-AzureADUser -ObjectId $creds.Account.Id
 
    # Create the webApp AAD application
@@ -187,6 +187,7 @@ Function ConfigureApplications
    $fromDate = [DateTime]::Now;
    $key = CreateAppKey -fromDate $fromDate -durationInYears 2 -pw $pw
    $webAppAppKey = $pw
+   # create the application 
    $webAppAadApplication = New-AzureADApplication -DisplayName "WebApp-OpenIDConnect-DotNet-code-v2" `
                                                   -HomePage "https://localhost:44321/" `
                                                   -LogoutUrl "https://localhost:44321/signout-oidc" `
@@ -197,6 +198,7 @@ Function ConfigureApplications
                                                   -Oauth2AllowImplicitFlow $true `
                                                   -PublicClient $False
 
+   # create the service principal of the newly created application 
    $currentAppId = $webAppAadApplication.AppId
    $webAppServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
 
@@ -241,7 +243,8 @@ Function ConfigureApplications
 # Pre-requisites
 if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) { 
     Install-Module "AzureAD" -Scope CurrentUser 
-} 
+}
+
 Import-Module AzureAD
 
 # Run interactively (will ask you for the tenant ID)

2-WebApp-graph-user/2-2-TokenCache/AppCreationScripts/sample.json

@@ -1,6 +1,6 @@
 {
   "Sample": {
-    "Title": "Using the Microsoft identity platform to call the Microsoft Graph API from an An ASP.NET Core 2.x Web App, on behalf of a user signing-in using their work and school or Microsoft personal account",
+    "Title": "Call the Microsoft Graph API from an An ASP.NET Core 2.x Web App, using Sql Server for caching tokens",
     "Level": 200,
     "Client": "ASP.NET Core 2.x Web App",
     "Service": "Microsoft Graph",