From 12adc8e1146be54f66d01f7c717aa24f1c8a114f Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Tue, 12 Nov 2019 09:23:57 +0100 Subject: [PATCH 1/3] Addressing customer questions --- 4-WebApp-your-API/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/4-WebApp-your-API/README.md b/4-WebApp-your-API/README.md index 66c8aa83..6a4bce27 100644 --- a/4-WebApp-your-API/README.md +++ b/4-WebApp-your-API/README.md @@ -417,6 +417,10 @@ In the left-hand navigation pane, select the **Azure Active Directory** service, > NOTE: Remember, the To Do list is stored in memory in this TodoListService sample. Azure Web Sites will spin down your web site if it is inactive, and your To Do list will get emptied. Also, if you increase the instance count of the web site, requests will be distributed among the instances. To Do will, therefore, not be the same on each instance. +## Next steps + +If you're interested in the Web API calling a downstream API, you might want to have a look at the [ASP.NET Core Web API tutorial](https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2), in chapter 2 [2. Web API now calls Microsoft Graph/](https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph). The client is a desktop app there, whereas you have a Web App, but apart from that all the app registration steps apply. + ## Community Help and Support Use [Stack Overflow](http://stackoverflow.com/questions/tagged/msal) to get support from the community. From 6f44f92fcf44b9fdff88b6547ffb18eb18622394 Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Tue, 12 Nov 2019 09:35:35 +0100 Subject: [PATCH 2/3] Adding instructions --- 3-WebApp-multi-APIs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/3-WebApp-multi-APIs/README.md b/3-WebApp-multi-APIs/README.md index 0bcf2dbe..4fbd3200 100644 --- a/3-WebApp-multi-APIs/README.md +++ b/3-WebApp-multi-APIs/README.md @@ -189,6 +189,8 @@ insert ## Troubleshooting +To access Azure Resource Management (ARM), you'll need a work or School account (AAD account) and an Azure subscription. If your azure subscription is for a Microsoft personal account, just create a new user in your directory, and use this user to run the sample + OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'AADSTS650052: The app needs access to a service (\"https://*.blob.core.windows.net\") that your organization \"*tenantname*.onmicrosoft.com\" has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions. this is because the AzureStorage API was not registered as an API used by your Web App From f0873933e9980924f86e9857517ef66ef42b58c5 Mon Sep 17 00:00:00 2001 From: jennyf19 Date: Tue, 12 Nov 2019 12:42:16 -0800 Subject: [PATCH 3/3] fix capitals --- 3-WebApp-multi-APIs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/3-WebApp-multi-APIs/README.md b/3-WebApp-multi-APIs/README.md index 4fbd3200..37d8494e 100644 --- a/3-WebApp-multi-APIs/README.md +++ b/3-WebApp-multi-APIs/README.md @@ -189,7 +189,7 @@ insert ## Troubleshooting -To access Azure Resource Management (ARM), you'll need a work or School account (AAD account) and an Azure subscription. If your azure subscription is for a Microsoft personal account, just create a new user in your directory, and use this user to run the sample +To access Azure Resource Management (ARM), you'll need a work or school account (AAD account) and an Azure subscription. If your Azure subscription is for a Microsoft personal account, just create a new user in your directory, and use this user to run the sample OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'AADSTS650052: The app needs access to a service (\"https://*.blob.core.windows.net\") that your organization \"*tenantname*.onmicrosoft.com\" has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions. this is because the AzureStorage API was not registered as an API used by your Web App @@ -200,4 +200,4 @@ You can learn more about the tokens by looking at the following articles in MSAL - The [Authorization code flow](https://aka.ms/msal-net-authorization-code), which is used, after the user signed-in with Open ID Connect, in order to get a token and cache it for a later use. See [TokenAcquisition L 107](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/f99e913cc032e16c59b748241111e97108e87918/Extensions/TokenAcquisition.cs#L107) for details of this code - [AcquireTokenSilent](https://aka.ms/msal-net-acquiretokensilent ), which is used by the controller to get an access token for the downstream API. See [TokenAcquisition L 168](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/f99e913cc032e16c59b748241111e97108e87918/Extensions/TokenAcquisition.cs#L168) for details of this code -- [Token cache serialization](msal-net-token-cache-serialization) \ No newline at end of file +- [Token cache serialization](msal-net-token-cache-serialization)