diff --git a/1-WebApp-OIDC/1-1-MyOrg/README.md b/1-WebApp-OIDC/1-1-MyOrg/README.md
index a1a029c7..6bbfffc4 100644
--- a/1-WebApp-OIDC/1-1-MyOrg/README.md
+++ b/1-WebApp-OIDC/1-1-MyOrg/README.md
@@ -163,7 +163,7 @@ cd "1-WebApp-OIDC\1-1-MyOrg"
by this line:
```CSharp
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration);
```
This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
diff --git a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs
index d9810720..e3a4aac0 100644
--- a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs
+++ b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs
@@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services)
});
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration);
services.AddControllersWithViews(options =>
{
diff --git a/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj
index 82c72450..dc681a7b 100644
--- a/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj
+++ b/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj
@@ -25,8 +25,8 @@
runtime; build; native; contentfiles; analyzers; buildtransitive
-
-
+
+
diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md
index 2cdab737..87d30543 100644
--- a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md
+++ b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md
@@ -57,14 +57,14 @@ The actual sign-in audience (accounts to sign-in) is the lowest set of what is s
In order to restrict users from specific organizations from signing-in to your web app, you'll need to customize your code a bit more to restrict issuers. In Azure AD, the token issuers are the Azure AD tenants which issue tokens to applications.
-In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddSignIn(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate.
+In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftWebAppAuthentication(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate.
```CSharp
public void ConfigureServices(IServiceCollection services)
{
...
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(Configuration, options =>
+ services.AddMicrosoftWebAppAuthentication(Configuration, options =>
{
Configuration.Bind("AzureAd", options);
// Restrict users to specific belonging to specific tenants
diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README.md b/1-WebApp-OIDC/1-2-AnyOrg/README.md
index cafa2d0f..0c6149aa 100644
--- a/1-WebApp-OIDC/1-2-AnyOrg/README.md
+++ b/1-WebApp-OIDC/1-2-AnyOrg/README.md
@@ -155,7 +155,7 @@ cd "1-WebApp-OIDC\1-2-AnyOrg"
by this line:
```CSharp
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration);
```
This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
@@ -221,14 +221,14 @@ These steps are encapsulated in the [Microsoft.Identity.Web](..\..\Microsoft.Ide
In order to restrict users from specific organizations from signing-in to your web app, you'll need to customize your code a bit more to restrict issuers. In Azure AD, the token issuers are the Azure AD tenants which issue tokens to applications.
-In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftIdentityPlatformAuthentication(Configuration)` add some code to filter issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate.
+In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftWebAppAuthentication(Configuration)` add some code to filter issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate.
```CSharp
public void ConfigureServices(IServiceCollection services)
{
...
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration);
// Restrict users to specific belonging to specific tenants
services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options =>
diff --git a/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs b/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs
index f2537676..c4a3bacf 100644
--- a/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs
+++ b/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs
@@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services)
});
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration);
services.AddControllersWithViews(options =>
{
diff --git a/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj
index bc67eed0..1cfea74e 100644
--- a/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj
+++ b/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj
@@ -18,8 +18,8 @@
-
-
+
+
diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md
index 9e6c30f6..51c891ff 100644
--- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md
+++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md
@@ -150,7 +150,9 @@ In the **appsettings.json** file:
by this line:
```CSharp
- services.AddSignIn(Configuration);
+
+ services.AddMicrosoftWebAppAuthentication(Configuration);
+
```
This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs
index 2e63693a..c2335032 100644
--- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs
+++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs
@@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services)
});
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration);
services.AddControllersWithViews(options =>
{
diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj
index bc67eed0..1cfea74e 100644
--- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj
+++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj
@@ -18,8 +18,8 @@
-
-
+
+
diff --git a/1-WebApp-OIDC/1-4-Sovereign/README.md b/1-WebApp-OIDC/1-4-Sovereign/README.md
index 400a002b..8a127c36 100644
--- a/1-WebApp-OIDC/1-4-Sovereign/README.md
+++ b/1-WebApp-OIDC/1-4-Sovereign/README.md
@@ -121,7 +121,7 @@ cd "1-WebApp-OIDC\1-4-Sovereign"
by this line:
```CSharp
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration);
```
This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
diff --git a/1-WebApp-OIDC/1-4-Sovereign/Startup.cs b/1-WebApp-OIDC/1-4-Sovereign/Startup.cs
index 2e63693a..c2335032 100644
--- a/1-WebApp-OIDC/1-4-Sovereign/Startup.cs
+++ b/1-WebApp-OIDC/1-4-Sovereign/Startup.cs
@@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services)
});
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration);
services.AddControllersWithViews(options =>
{
diff --git a/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj
index bc67eed0..1cfea74e 100644
--- a/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj
+++ b/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj
@@ -18,8 +18,8 @@
-
-
+
+
diff --git a/1-WebApp-OIDC/1-5-B2C/README.md b/1-WebApp-OIDC/1-5-B2C/README.md
index 6779940e..0d59dd13 100644
--- a/1-WebApp-OIDC/1-5-B2C/README.md
+++ b/1-WebApp-OIDC/1-5-B2C/README.md
@@ -125,12 +125,12 @@ You can trigger the middleware to send an OpenID Connect sign-in request by deco
Here is the middleware example:
```csharp
- services.AddSignIn(Configuration, "AzureAdB2C");
+ services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAdB2C");
```
Important things to notice:
-- The method `AddSignIn` will configure the authentication based on the `MicrosoftIdentityOptions.cs` options. Feel free to bind more properties on `AzureAdB2C` section on `appsettings.json` if you need to set more options.
+- The method `AddMicrosoftWebAppAuthentication` will configure the authentication based on the `MicrosoftIdentityOptions.cs` options. Feel free to bind more properties on `AzureAdB2C` section on `appsettings.json` if you need to set more options.
- The urls you set for `CallbackPath` and `SignedOutCallbackPath` should be registered on the **Reply Urls** of your application, in [Azure Portal](https://portal.azure.com).
## Next steps
diff --git a/1-WebApp-OIDC/1-5-B2C/Startup.cs b/1-WebApp-OIDC/1-5-B2C/Startup.cs
index 222e421b..d72b81c7 100644
--- a/1-WebApp-OIDC/1-5-B2C/Startup.cs
+++ b/1-WebApp-OIDC/1-5-B2C/Startup.cs
@@ -35,7 +35,7 @@ public void ConfigureServices(IServiceCollection services)
});
// Configuration to sign-in users with Azure AD B2C
- services.AddSignIn(Configuration, "AzureAdB2C");
+ services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAdB2C");
services.AddControllersWithViews()
.AddMicrosoftIdentityUI();
diff --git a/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj
index bc67eed0..1cfea74e 100644
--- a/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj
+++ b/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj
@@ -18,8 +18,8 @@
-
-
+
+
diff --git a/1-WebApp-OIDC/1-6-SignOut/README.md b/1-WebApp-OIDC/1-6-SignOut/README.md
index c461eb1f..b7a0e378 100644
--- a/1-WebApp-OIDC/1-6-SignOut/README.md
+++ b/1-WebApp-OIDC/1-6-SignOut/README.md
@@ -66,7 +66,7 @@ services.Configure(OpenIdConnectDefaults.AuthenticationSch
### Clearing the token cache
-Your application can also intercept the logout event, for instance to clear the entry of the token cache associated with the account that signed out. We'll see in the second part of this tutorial (about the Web app calling a Web API), that the web app will store access tokens for the user in a cache. Intercepting the logout callback enables your web application to remove the user from the token cache. This is illustrated in the `AddWebAppCallsProtectedWebApi()` method of [WebAppServiceCollectionExtensions.cs](https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs#L202-L208)
+Your application can also intercept the logout event, for instance to clear the entry of the token cache associated with the account that signed out. We'll see in the second part of this tutorial (about the Web app calling a Web API), that the web app will store access tokens for the user in a cache. Intercepting the logout callback enables your web application to remove the user from the token cache. This is illustrated in the `AddMicrosoftWebAppCallsWebApi()` method of [WebAppServiceCollectionExtensions.cs](https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs#L202-L208)
### Single Sign-Out
diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/README.md b/2-WebApp-graph-user/2-1-Call-MSGraph/README.md
index b70e956a..036085e5 100644
--- a/2-WebApp-graph-user/2-1-Call-MSGraph/README.md
+++ b/2-WebApp-graph-user/2-1-Call-MSGraph/README.md
@@ -100,11 +100,9 @@ After the following lines in the ConfigureServices(IServiceCollection services)
public void ConfigureServices(IServiceCollection services)
{
. . .
- services.AddSignIn(Configuration);
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
- .AddInMemoryTokenCache();
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
+ .AddInMemoryTokenCaches();
```
The two new lines of code:
diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs
index b8c160ec..e914fc61 100644
--- a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs
+++ b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs
@@ -39,17 +39,13 @@ public void ConfigureServices(IServiceCollection services)
});
services.AddOptions();
-
- services.AddSignIn(Configuration);
-
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
- .AddInMemoryTokenCaches();
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
+ .AddInMemoryTokenCaches();
/*
// or use a distributed Token Cache by adding
- .AddDistributedTokenCaches();
+ .AddDistributedTokenCaches();
// and then choose your implementation.
// See https://docs.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-2.2#distributed-memory-cache
@@ -111,11 +107,11 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
app.UseEndpoints(endpoints =>
{
- endpoints.MapControllerRoute(
- name: "default",
- pattern: "{controller=Home}/{action=Index}/{id?}");
- endpoints.MapRazorPages();
- });
+ endpoints.MapControllerRoute(
+ name: "default",
+ pattern: "{controller=Home}/{action=Index}/{id?}");
+ endpoints.MapRazorPages();
+ });
}
}
}
diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj
index 6723dd91..f3cb6d91 100644
--- a/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj
+++ b/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj
@@ -19,8 +19,8 @@
-
-
+
+
diff --git a/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.json b/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.json
new file mode 100644
index 00000000..a4e7aa3d
--- /dev/null
+++ b/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+ "dependencies": {
+ "secrets1": {
+ "type": "secrets"
+ }
+ }
+}
\ No newline at end of file
diff --git a/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.local.json b/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.local.json
new file mode 100644
index 00000000..09b109bc
--- /dev/null
+++ b/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+ "dependencies": {
+ "secrets1": {
+ "type": "secrets.user"
+ }
+ }
+}
\ No newline at end of file
diff --git a/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md b/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md
index fc2289d1..7061a119 100644
--- a/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md
+++ b/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md
@@ -96,8 +96,8 @@ public void ConfigureServices(IServiceCollection services)
. . .
// Token acquisition service based on MSAL.NET
// and the Sql server based token cache implementation
- services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Constants.ScopeUserRead })
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(new string[] { Constants.ScopeUserRead })
.AddSqlAppTokenCache(Configuration)
.AddSqlPerUserTokenCache(Configuration);
```
diff --git a/2-WebApp-graph-user/2-2-TokenCache/README.md b/2-WebApp-graph-user/2-2-TokenCache/README.md
index 94de5609..0b719e10 100644
--- a/2-WebApp-graph-user/2-2-TokenCache/README.md
+++ b/2-WebApp-graph-user/2-2-TokenCache/README.md
@@ -185,11 +185,10 @@ This sample proposes a distributed SQL token cache. To use it, you'll need to ad
public void ConfigureServices(IServiceCollection services)
{
. . .
- // Token acquisition service based on MSAL.NET
- // and the Sql server based token cache implementation
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
- .AddDistributedTokenCaches();
+ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
+ .AddDistributedTokenCaches();
services.AddDistributedSqlServerCache(options =>
{
diff --git a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs
index ecae4669..bd5ab73a 100644
--- a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs
+++ b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs
@@ -47,16 +47,17 @@ public void ConfigureServices(IServiceCollection services)
// NOTE : This is a one time use method. We advise using it in development environments to create the tables required to enable token caching.
// For production deployments, preferably, generate the schema from the tables generated in dev environments and use it to create the necessary tables in production.
/*
- dotnet tool install --global dotnet-sql-cache
- dotnet sql-cache create "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=MsalTokenCacheDatabase;Integrated Security=True;" dbo TokenCache
+ * 1. For instance in Visual Studio, open the SQL Server Object explorer, then (localdb)\MSSQLLocalDB, then databases
+ * 2. Right click on Databases and select "Add New database", and then choose the name of the database: 'MsalTokenCacheDatabase'
+ * 3. In the console application run the 2 following commands:
+ dotnet tool install --global dotnet-sql-cache
+ dotnet sql-cache create "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=MsalTokenCacheDatabase;Integrated Security=True;" dbo TokenCache
*/
- services.AddSignIn(Configuration);
-
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
- .AddDistributedTokenCaches();
+ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
+ .AddDistributedTokenCaches();
services.AddDistributedSqlServerCache(options =>
{
diff --git a/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj
index 7395927e..dc97aa70 100644
--- a/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj
+++ b/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj
@@ -20,8 +20,8 @@
-
-
+
+
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md
index b62218b0..00e2fde1 100644
--- a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md
+++ b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md
@@ -273,7 +273,7 @@ The `https://graph.microsoft.com/.default` is a static scope that allows the ten
### Custom token validation allowing only registered tenants
-On the `Startup.cs` we are calling `AddSignIn` to configure the authentication, and within that method, we validates that the token issuer is from AAD.
+On the `Startup.cs` we are calling `AddMicrosoftWebAppAuthentication` to configure the authentication, and within that method, we validates that the token issuer is from AAD.
```csharp
options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate;
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md
index 465888c8..d890d3f2 100644
--- a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md
+++ b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md
@@ -212,7 +212,8 @@ These steps are encapsulated in the [Microsoft.Identity.Web](..\..\Microsoft.Ide
In order to be able to sign-in users from multiple tenants, the [/common endpoint](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-your-code-to-send-requests-to-common) must be used. In the sample, this endpoint is used as a result of setting the value for `TenantId` as `organizations` on the `appsettings.json` file, and configuring the middleware to read the values from it.
```csharp
-services.AddSignIn(Configuration);
+services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(Configuration)
```
You can read about the various endpoints of the Microsoft Identity Platform [here](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols#endpoints).
@@ -248,7 +249,7 @@ The `https://graph.microsoft.com/.default` is a static scope that allows the ten
### Custom token validation allowing only registered tenants
-On the `Startup.cs` we are calling `AddSignIn` to configure the authentication, and within that method, we validates that the token issuer is from AAD.
+On the `Startup.cs` we are calling `AddMicrosoftWebAppAuthentication` to configure the authentication, and within that method, we validates that the token issuer is from AAD.
```csharp
options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate;
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs
index 6d17d94b..c29fc071 100644
--- a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs
+++ b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs
@@ -56,7 +56,8 @@ public void ConfigureServices(IServiceCollection services)
services.AddScoped();
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(options =>
+ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(options =>
{
Configuration.Bind("AzureAd", options);
options.Events.OnTokenValidated = async context =>
@@ -83,13 +84,9 @@ public void ConfigureServices(IServiceCollection services)
return Task.FromResult(0);
};
- }, options =>
- {
- Configuration.Bind("AzureAD", options);
- });
-
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { GraphScope.UserReadAll })
- .AddInMemoryTokenCaches();
+ })
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { GraphScope.UserReadAll })
+ .AddInMemoryTokenCaches();
services.AddControllersWithViews(options =>
{
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj
index c03b7e98..85014e12 100644
--- a/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj
+++ b/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj
@@ -22,8 +22,8 @@
-
-
+
+
diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md
index d34cc0f7..de038d24 100644
--- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md
+++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md
@@ -91,11 +91,13 @@ After the following lines in the ConfigureServices(IServiceCollection services)
public void ConfigureServices(IServiceCollection services)
{
. . .
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Constants.ScopeUserRead })
- .AddInMemoryTokenCache();
+ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(Configuration)
+
+ // Token acquisition service based on MSAL.NET
+ // and chosen token cache implementation
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead });
+ services.AddInMemoryTokenCaches();
```
The two new lines of code:
diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs
index 467c0c69..46fe4b81 100644
--- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs
+++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs
@@ -41,12 +41,13 @@ public void ConfigureServices(IServiceCollection services)
services.AddOptions();
- services.AddSignIn(Configuration);
+ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(Configuration)
// Token acquisition service based on MSAL.NET
// and chosen token cache implementation
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
- .AddInMemoryTokenCaches();
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead });
+ services.AddInMemoryTokenCaches();
// Add Graph
services.AddGraphService(Configuration);
diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj
index bc67eed0..1cfea74e 100644
--- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj
+++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj
@@ -18,8 +18,8 @@
-
-
+
+
diff --git a/3-WebApp-multi-APIs/README.md b/3-WebApp-multi-APIs/README.md
index f126195f..74f271a7 100644
--- a/3-WebApp-multi-APIs/README.md
+++ b/3-WebApp-multi-APIs/README.md
@@ -76,17 +76,15 @@ Starting from the [previous phase of the tutorial](../../2-WebApp-graph-user/2-1
### Update the `Startup.cs` file to enable TokenAcquisition by a MSAL.NET based service
-After the following lines in the ConfigureServices(IServiceCollection services) method, after `services.AddSignIn(Configuration);`, add `services.AddHttpClient();`:
+After the following lines in the ConfigureServices(IServiceCollection services) method, after `services.AddMicrosoftWebAppAuthentication(Configuration);`, add `services.AddHttpClient();`:
```CSharp
public void ConfigureServices(IServiceCollection services)
{
. . .
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Constants.ScopeUserRead })
- .AddInMemoryTokenCache();
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
+ .AddInMemoryTokenCaches();
services.AddHttpClient();
```
diff --git a/3-WebApp-multi-APIs/Startup.cs b/3-WebApp-multi-APIs/Startup.cs
index 05fd7819..a095557d 100644
--- a/3-WebApp-multi-APIs/Startup.cs
+++ b/3-WebApp-multi-APIs/Startup.cs
@@ -42,12 +42,9 @@ public void ConfigureServices(IServiceCollection services)
services.AddOptions();
- services.AddSignIn(Configuration);
-
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
- .AddInMemoryTokenCaches();
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
+ .AddInMemoryTokenCaches();
// Add APIs
services.AddGraphService(Configuration);
diff --git a/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj b/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj
index b6938de7..ec205b96 100644
--- a/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj
+++ b/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj
@@ -19,8 +19,8 @@
-
-
+
+
diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs b/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs
index e899b0fc..22b48d7f 100644
--- a/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs
+++ b/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs
@@ -43,17 +43,8 @@ public void ConfigureServices(IServiceCollection services)
services.AddOptions();
- services.AddSignIn(Configuration);
-
- // This is required to be instantiated before the OpenIdConnectOptions starts getting configured.
- // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications.
- // 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles'
- // This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token
- // JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
-
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] })
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] })
.AddInMemoryTokenCaches();
// Add APIs
diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj b/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj
index 97b2b3a5..8ebaba32 100644
--- a/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj
+++ b/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj
@@ -24,8 +24,8 @@
-
-
+
+
diff --git a/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md b/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md
index f2f070e5..15a1acdf 100644
--- a/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md
+++ b/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md
@@ -208,9 +208,9 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present.
1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache.
```CSharp
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
- .AddInMemoryTokenCaches();
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] })
+ .AddInMemoryTokenCaches();
```
### Creating the Web API project (TodoListService)
@@ -250,7 +250,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders;
with
```Csharp
- services.AddProtectedWebApi(Configuration)
+ services.AddMicrosoftWebApi(Configuration)
.AddInMemoryTokenCaches();
```
@@ -260,7 +260,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders;
app.UseAuthentication();
app.UseMvc();
```
- `AddProtectedWebApi` does the following:
+ `AddMicrosoftWebApi` does the following:
- add the **Jwt**BearerAuthenticationScheme (Note the replacement of **BearerAuthenticationScheme** by **Jwt**BearerAuthenticationScheme)
- set the authority to be the Microsoft identity platform
- sets the audiences to validate
diff --git a/4-WebApp-your-API/4-1-MyOrg/README.md b/4-WebApp-your-API/4-1-MyOrg/README.md
index fd154098..a353555d 100644
--- a/4-WebApp-your-API/4-1-MyOrg/README.md
+++ b/4-WebApp-your-API/4-1-MyOrg/README.md
@@ -246,12 +246,12 @@ Explore the sample by signing in into the TodoList client, adding items to the T
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
```
- by this line:
+ with these lines:
```CSharp
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
- .AddInMemoryTokenCaches();
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] })
+ .AddInMemoryTokenCaches();
```
This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
@@ -280,9 +280,10 @@ Explore the sample by signing in into the TodoList client, adding items to the T
1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache.
```CSharp
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
- .AddInMemoryTokenCaches();
+ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
+ services.AddInMemoryTokenCaches();
```
1. Update the `Configure` method to include **app.UseAuthentication();** before **app.UseMvc();**
@@ -332,8 +333,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders;
with
```Csharp
- services.AddProtectedWebApi(Configuration)
- .AddInMemoryTokenCaches();
+ services.AddMicrosoftWebApiAuthentication(Configuration);
```
- Add the method **app.UseAuthentication()** before **app.UseMvc()** in the `Configure` method
@@ -342,7 +342,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders;
app.UseMvc();
```
- `AddProtectedWebApi` does the following:
+ `AddMicrosoftWebApi` does the following:
- add the **Jwt**BearerAuthenticationScheme (Note the replacement of **BearerAuthenticationScheme** by **Jwt**BearerAuthenticationScheme)
- set the authority to be the Microsoft identity platform identity
- sets the audiences to validate
diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs
index 89b9723d..a227d66d 100644
--- a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs
+++ b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs
@@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services)
// JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
// Adds Microsoft Identity platform (AAD v2.0) support to protect this Api
- services.AddProtectedWebApi(Configuration);
+ services.AddMicrosoftWebApiAuthentication(Configuration);
services.AddControllers();
}
diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj b/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj
index a49c0e0f..88490568 100644
--- a/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj
+++ b/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj
@@ -7,7 +7,7 @@
-
+
diff --git a/4-WebApp-your-API/4-2-B2C/Client/Startup.cs b/4-WebApp-your-API/4-2-B2C/Client/Startup.cs
index 162bf4d8..3a4bd3bd 100644
--- a/4-WebApp-your-API/4-2-B2C/Client/Startup.cs
+++ b/4-WebApp-your-API/4-2-B2C/Client/Startup.cs
@@ -42,17 +42,8 @@ public void ConfigureServices(IServiceCollection services)
services.AddOptions();
- services.AddSignIn(Configuration, "AzureAdB2C");
-
- // This is required to be instantiated before the OpenIdConnectOptions starts getting configured.
- // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications.
- // 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles'
- // This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token
- // JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
-
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C")
+ services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAdB2C")
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C")
.AddInMemoryTokenCaches();
// Add APIs
diff --git a/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj b/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj
index 0201e89d..0390beb6 100644
--- a/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj
+++ b/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj
@@ -24,8 +24,8 @@
-
-
+
+
diff --git a/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md b/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md
index 8b10cbe5..d9265b86 100644
--- a/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md
+++ b/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md
@@ -205,8 +205,8 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present.
1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache.
```CSharp
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
+ services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAdB2C")
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C")
.AddInMemoryTokenCaches();
```
@@ -248,7 +248,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
```Csharp
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
- .AddProtectedWebApi("AzureAdB2C", Configuration, options =>
+ .AddMicrosoftWebApi("AzureAdB2C", Configuration, options =>
{
Configuration.Bind("AzureAdB2C", options);
@@ -262,7 +262,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
app.UseAuthentication();
app.UseMvc();
```
- `AddProtectedWebApi` does the following:
+ `AddMicrosoftWebApi` does the following:
- add the **Jwt**BearerAuthenticationScheme (Note the replacement of **BearerAuthenticationScheme** by **Jwt**BearerAuthenticationScheme)
- set the authority to be the Microsoft identity platform
- sets the audiences to validate
diff --git a/4-WebApp-your-API/4-2-B2C/README.md b/4-WebApp-your-API/4-2-B2C/README.md
index 3e6cea66..e2b5ca2a 100644
--- a/4-WebApp-your-API/4-2-B2C/README.md
+++ b/4-WebApp-your-API/4-2-B2C/README.md
@@ -183,9 +183,10 @@ NOTE: Remember, the To-Do list is stored in memory in this `TodoListService` app
by this line:
```CSharp
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
- .AddInMemoryTokenCaches();
+ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(Configuration, "AzureAdB2C")
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C");
+ services.AddInMemoryTokenCaches();
```
This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
@@ -214,9 +215,10 @@ NOTE: Remember, the To-Do list is stored in memory in this `TodoListService` app
1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache.
```CSharp
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] })
- .AddInMemoryTokenCaches();
+ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApp(Configuration, "AzureAdB2C")
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C");
+ services.AddInMemoryTokenCaches();
```
1. Update the `Configure` method to include **app.UseAuthentication();** before **app.UseMvc();**
@@ -266,7 +268,8 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders;
with
```Csharp
- services.AddProtectedWebApi(options =>
+ services.AddAuthentication()
+ .AddMicrosoftWebApi(options =>
{
Configuration.Bind("AzureAdB2C", options);
@@ -281,7 +284,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders;
app.UseMvc();
```
- `AddProtectedWebApi` does the following:
+ `AddMicrosoftWebApi` does the following:
- add the **Jwt**BearerAuthenticationScheme (Note the replacement of **BearerAuthenticationScheme** by **Jwt**BearerAuthenticationScheme)
- set the authority to be the Microsoft identity platform identity
- sets the audiences to validate
diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs b/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs
index a5d7e8f9..03ca6f21 100644
--- a/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs
+++ b/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs
@@ -34,13 +34,14 @@ public void ConfigureServices(IServiceCollection services)
// JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
// Adds Microsoft Identity platform (AAD v2.0) support to protect this Api
- services.AddProtectedWebApi(options =>
+ services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+ .AddMicrosoftWebApi(options =>
{
Configuration.Bind("AzureAdB2C", options);
options.TokenValidationParameters.NameClaimType = "name";
},
- options => { Configuration.Bind("AzureAdB2C", options); });
+ options => { Configuration.Bind("AzureAdB2C", options); });
services.AddControllers();
services.AddAuthorization(options =>
diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj b/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj
index a49c0e0f..88490568 100644
--- a/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj
+++ b/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj
@@ -7,7 +7,7 @@
-
+
diff --git a/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md b/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md
index ab713285..c48004ce 100644
--- a/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md
+++ b/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md
@@ -154,12 +154,12 @@ When you click on the page that fetches the signed-in user's roles and group ass
### Support in ASP.NET Core middleware libraries
-The asp.net middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`.
+The ASP.NET middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`.
```CSharp
// Startup.cs
-public static IServiceCollection AddSignIn(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null)
+public void ConfigureServices(IServiceCollection services)
{
// [removed for brevity]
@@ -171,7 +171,7 @@ public static IServiceCollection AddSignIn(this IServiceCollection services, ICo
// The following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the Authorize attribute and User.IsInrole()
// See https://docs.microsoft.com/aspnet/core/security/authorization/roles?view=aspnetcore-2.2 for more info.
- services.Configure(AzureADDefaults.OpenIdScheme, options =>
+ services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// Use the groups claim for populating roles
options.TokenValidationParameters.RoleClaimType = "roles";
@@ -183,7 +183,8 @@ public static IServiceCollection AddSignIn(this IServiceCollection services, ICo
options.AddPolicy(AuthorizationPolicies.AssignmentToUserReaderRoleRequired, policy => policy.RequireRole(AppRole.UserReaders));
options.AddPolicy(AuthorizationPolicies.AssignmentToDirectoryViewerRoleRequired, policy => policy.RequireRole(AppRole.DirectoryViewers));
});
- // [removed for brevity]
+
+ // [removed for brevity]
}
// In code..(Controllers & elsewhere)
@@ -198,23 +199,18 @@ The following files have the code that would be of interest to you.
1. HomeController.cs
1. Passes the **HttpContext.User** (the signed-in user) to the view.
-1 Services\GraphServiceClientFactory.cs
+1. Services\GraphServiceClientFactory.cs
1. Uses the [Microsoft Graph SDK](https://github.com/microsoftgraph/msgraph-sdk-dotnet) to carry out various operations with [Microsoft Graph](https://graph.microsoft.com).
1. Home\Index.cshtml
1. This has some code to print the current user's claims
-1. Startup.cs
-
1. In the `ConfigureServices` method of `Startup.cs', add the following lines:
```CSharp
- services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
- .AddAzureAD(options => Configuration.Bind("AzureAd", options));
-
//This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
- services.AddSignIn(Configuration)
- .AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) // Adds support for the MSAL library with the permissions necessary to retrieve the signed-in user's group info in case of a token overage
- .AddInMemoryTokenCaches(); // Adds aspnetcore MemoryCache as Token cache provider for MSAL.
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
+ .AddInMemoryTokenCaches(); // Adds aspnetcore MemoryCache as Token cache provider for MSAL.
services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app.
@@ -225,19 +221,15 @@ The following files have the code that would be of interest to you.
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
```
-1. In the `HomeController.cs`, the following method is added with the `Authorize` attribute with the name of the app role **UserReaders**, that permits listing of users in the tenant.
-
- ```CSharp
- [Authorize(Policy = AuthorizationPolicies.AssignmentToDirectoryViewerRoleRequired)]
- public async Task Users()
- {
- ```
-
-1. In the `ConfigureServices` method of `Startup.cs', the following line instructs the asp.net security middleware to use the **roles** claim to fetch roles for authorization:
+1. In the `ConfigureServices` method of `Startup.cs', the following lines instruct the ASP.NET security middleware to use the **roles** claim to fetch roles for authorization:
```CSharp
- // The claim in the Jwt token where App roles are available.
- options.TokenValidationParameters.RoleClaimType = "roles";
+ // Add this configuration after the call to `AddMicrosoftWebAppAuthentication`.
+ services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options =>
+ {
+ // The claim in the JWT token where App roles are available.
+ options.TokenValidationParameters.RoleClaimType = "roles";
+ });
// Adding authorization policies that enforce authorization using Azure AD roles.
services.AddAuthorization(options =>
@@ -247,6 +239,14 @@ The following files have the code that would be of interest to you.
});
```
+1. In the `HomeController.cs`, the following method is added with the `Authorize` attribute with the name of the app role **UserReaders**, that permits listing of users in the tenant.
+
+ ```CSharp
+ [Authorize(Policy = AuthorizationPolicies.AssignmentToDirectoryViewerRoleRequired)]
+ public async Task Users()
+ {
+ ```
+
1. A new class called `AccountController.cs` is introduced. This contains the code to intercept the default AccessDenied error's route and present the user with an option to sign-out and sign-back in with a different account that has access to the required role.
```CSharp
diff --git a/5-WebApp-AuthZ/5-1-Roles/README.md b/5-WebApp-AuthZ/5-1-Roles/README.md
index 4e2a36e7..434b4b68 100644
--- a/5-WebApp-AuthZ/5-1-Roles/README.md
+++ b/5-WebApp-AuthZ/5-1-Roles/README.md
@@ -229,12 +229,12 @@ When you click on the page that fetches the signed-in user's roles and group ass
### Support in ASP.NET Core middleware libraries
-The asp.net middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`.
+The ASP.NET middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`.
```CSharp
// Startup.cs
-public static IServiceCollection AddSignIn(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null)
+public void ConfigureServices(IServiceCollection services)
{
// [removed for] brevity
@@ -246,7 +246,7 @@ public static IServiceCollection AddSignIn(this IServiceCollection services, ICo
// The following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the Authorize attribute and User.IsInrole()
// See https://docs.microsoft.com/aspnet/core/security/authorization/roles?view=aspnetcore-2.2 for more info.
- services.Configure(AzureADDefaults.OpenIdScheme, options =>
+ services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// Use the groups claim for populating roles
options.TokenValidationParameters.RoleClaimType = "roles";
@@ -258,7 +258,8 @@ public static IServiceCollection AddSignIn(this IServiceCollection services, ICo
options.AddPolicy(AuthorizationPolicies.AssignmentToUserReaderRoleRequired, policy => policy.RequireRole(AppRole.UserReaders));
options.AddPolicy(AuthorizationPolicies.AssignmentToDirectoryViewerRoleRequired, policy => policy.RequireRole(AppRole.DirectoryViewers));
});
- // [removed for] brevity
+
+ // [removed for] brevity
}
// In code..(Controllers & elsewhere)
@@ -286,23 +287,23 @@ This project was created using the following command.
1. Add a reference from your newly generated project to `Microsoft.Identity.Web` (right click on the **Dependencies** node under your new project, and choose **Add Reference ...**, and then in the projects tab find the `Microsoft.Identity.Web` project)
1. Open the **Startup.cs** file and:
- - in the `ConfigureServices` method, the following lines have been replaced :
+ - in the `ConfigureServices` method, the following lines:
```CSharp
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
-
- // by these lines:
-
+ ```
+ have been replaced by these lines:
+ ```CSharp
//This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
- services.AddMicrosoftIdentityPlatformAuthentication(Configuration)
- .AddMsal(Configuration, new string[] { "User.Read" })
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
.AddInMemoryTokenCaches(); // Adds aspnetcore MemoryCache as Token cache provider for MSAL.
services.AddGraphService(Configuration); // Adds the IMSGraphService as an available service for this app.
```
-1. In the `ConfigureServices` method of `Startup.cs', add the following line:
+1. In the `ConfigureServices` method of `Startup.cs', add the following lines:
```CSharp
// This is required to be instantiated before the OpenIdConnectOptions starts getting configured.
@@ -319,11 +320,15 @@ This project was created using the following command.
});
```
-1. In the `ConfigureServices` method of `Startup.cs', the following line instructs the asp.net security middleware to use the **roles** claim to fetch roles for authorization:
+1. In the `ConfigureServices` method of `Startup.cs', the following lines instruct the ASP.NET security middleware to use the **roles** claim to fetch roles for authorization.
```CSharp
- // The claim in the Jwt token where App roles are available.
- options.TokenValidationParameters.RoleClaimType = "roles";
+ // Add this configuration after the call to `AddMicrosoftWebAppAuthentication`.
+ services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options =>
+ {
+ // The claim in the JWT token where App roles are available.
+ options.TokenValidationParameters.RoleClaimType = "roles";
+ });
```
1. In the `HomeController.cs`, the following method is added with the `Authorize` attribute with the name of the policy that enforces that the signed-in user is present in the app role **UserReaders**, that permits listing of users in the tenant.
diff --git a/5-WebApp-AuthZ/5-1-Roles/Startup.cs b/5-WebApp-AuthZ/5-1-Roles/Startup.cs
index 549e98be..832f8bbd 100644
--- a/5-WebApp-AuthZ/5-1-Roles/Startup.cs
+++ b/5-WebApp-AuthZ/5-1-Roles/Startup.cs
@@ -48,12 +48,9 @@ public void ConfigureServices(IServiceCollection services)
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(Configuration);
-
- // Token acquisition service based on MSAL.NET
- // and chosen token cache implementation
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead })
- .AddInMemoryTokenCaches();
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead })
+ .AddInMemoryTokenCaches();
// Add Graph
services.AddGraphService(Configuration);
diff --git a/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj b/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj
index 6723dd91..f3cb6d91 100644
--- a/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj
+++ b/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj
@@ -19,8 +19,8 @@
-
-
+
+
diff --git a/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md b/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md
index 2d860a10..cfda58dd 100644
--- a/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md
+++ b/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md
@@ -218,7 +218,7 @@ The following files have the code that would be of interest to you:
1. Passes the **HttpContext.User** (the signed-in user) to the view.
1. UserProfileController.cs
1. Uses the **IMSGraphService** methods to fetch the signed-in user's group memberships.
-1 IMSGraphService.cs, MSGraphService.cs and UserGroupsAndDirectoryRoles.cs
+1. IMSGraphService.cs, MSGraphService.cs and UserGroupsAndDirectoryRoles.cs
1. Uses the [Microsoft Graph SDK](https://github.com/microsoftgraph/msgraph-sdk-dotnet) to carry out various operations with [Microsoft Graph](https://graph.microsoft.com).
1. Home\Index.cshtml
1. This has some code to print the current user's claims
@@ -232,20 +232,19 @@ The following files have the code that would be of interest to you:
using Microsoft.Identity.Web;
```
- - in the `ConfigureServices` method, the following lines have been replaced :
+ - in the `ConfigureServices` method, the following lines:
```CSharp
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
```
- - by these lines:
+ - have been replaced by these lines::
```CSharp
- services.AddSignIn(Configuration);
-
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" })
- .AddInMemoryTokenCaches();
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" })
+ .AddInMemoryTokenCaches();
services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app.
```
diff --git a/5-WebApp-AuthZ/5-2-Groups/README.md b/5-WebApp-AuthZ/5-2-Groups/README.md
index 52b330a9..ffa864ad 100644
--- a/5-WebApp-AuthZ/5-2-Groups/README.md
+++ b/5-WebApp-AuthZ/5-2-Groups/README.md
@@ -232,8 +232,8 @@ The object id of the security groups the signed in user is member of is returned
### Support in ASP.NET Core middleware libraries
-The asp.net middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`.
-Since the `groups` claim contains the object ids of the security groups than actual names by default, you'd use the group id's instead of group names. See [Role-based authorization in ASP.NET Core](https://docs.microsoft.com/aspnet/core/security/authorization/roles) for more info.
+The ASP.NET middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`.
+Since the `groups` claim contains the object IDs of the security groups than actual names by default, you'd use the group ID's instead of group names. See [Role-based authorization in ASP.NET Core](https://docs.microsoft.com/aspnet/core/security/authorization/roles) for more info.
```CSharp
// Startup.cs
@@ -328,7 +328,7 @@ The following files have the code that would be of interest to you:
1. Passes the **HttpContext.User** (the signed-in user) to the view.
1. UserProfileController.cs
1. Uses the **IMSGraphService** methods to fetch the signed-in user's group memberships.
-1 IMSGraphService.cs, MSGraphService.cs and UserGroupsAndDirectoryRoles.cs
+1. IMSGraphService.cs, MSGraphService.cs and UserGroupsAndDirectoryRoles.cs
1. Uses the [Microsoft Graph SDK](https://github.com/microsoftgraph/msgraph-sdk-dotnet) to carry out various operations with [Microsoft Graph](https://graph.microsoft.com).
1. Home\Index.cshtml
1. This has some code to print the current user's claims
@@ -342,20 +342,19 @@ The following files have the code that would be of interest to you:
using Microsoft.Identity.Web;
```
- - in the `ConfigureServices` method, the following lines have been replaced :
+ - in the `ConfigureServices` method, the following lines:
```CSharp
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
```
- - by these lines:
-
- ```CSharp
- services.AddSignIn(Configuration);
-
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" })
- .AddInMemoryTokenCaches();
+ - have been replaced by these lines:
+ -
+ ```CSharp
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" })
+ .AddInMemoryTokenCaches();
services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app.
```
diff --git a/5-WebApp-AuthZ/5-2-Groups/Startup.cs b/5-WebApp-AuthZ/5-2-Groups/Startup.cs
index 6fe36bbe..85107a21 100644
--- a/5-WebApp-AuthZ/5-2-Groups/Startup.cs
+++ b/5-WebApp-AuthZ/5-2-Groups/Startup.cs
@@ -36,22 +36,29 @@ public void ConfigureServices(IServiceCollection services)
});
// Sign-in users with the Microsoft identity platform
- services.AddSignIn(Configuration);
+ services.AddMicrosoftWebAppAuthentication(Configuration)
+ .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" })
// If you want to use group ids/names in the Authorize attribute then uncomment the following lines:
- //services.Configure(options =>
- //{
- // // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole()
- // // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info.
- // // Use the groups claim for populating roles
- // options.TokenValidationParameters.RoleClaimType = "groups";
- //});
+ //services.Configure(options =>
+ // {
+ // // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole()
+ // // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info.
+ // // Use the groups claim for populating roles
+ // options.TokenValidationParameters.RoleClaimType = "groups";
+ // })
- services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" })
- .AddInMemoryTokenCaches();
+ .AddInMemoryTokenCaches();
services.AddMSGraphService(Configuration);
+ services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => {
+ // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole()
+ // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info.
+ // Use the groups claim for populating roles
+ options.TokenValidationParameters.RoleClaimType = "groups";
+ });
+
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
diff --git a/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj b/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj
index 684d9403..a8b9a382 100644
--- a/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj
+++ b/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj
@@ -19,8 +19,8 @@
-
-
+
+