From 916e541b2ef4b546057a70043706e7b639a8ed9b Mon Sep 17 00:00:00 2001 From: Jenny Ferries Date: Tue, 23 Jun 2020 21:06:59 -0700 Subject: [PATCH 01/11] initial PR with API updates for 0.2.0-preview --- 1-WebApp-OIDC/1-1-MyOrg/README.md | 2 +- 1-WebApp-OIDC/1-1-MyOrg/Startup.cs | 2 +- 1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md | 4 ++-- 1-WebApp-OIDC/1-2-AnyOrg/README.md | 4 ++-- 1-WebApp-OIDC/1-2-AnyOrg/Startup.cs | 2 +- 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md | 2 +- 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs | 2 +- 1-WebApp-OIDC/1-4-Sovereign/README.md | 2 +- 1-WebApp-OIDC/1-4-Sovereign/Startup.cs | 2 +- 1-WebApp-OIDC/1-5-B2C/README.md | 4 ++-- 1-WebApp-OIDC/1-5-B2C/Startup.cs | 2 +- 1-WebApp-OIDC/1-6-SignOut/README.md | 2 +- 2-WebApp-graph-user/2-1-Call-MSGraph/README.md | 4 ++-- 2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs | 4 ++-- .../README-incremental-instructions.md | 2 +- 2-WebApp-graph-user/2-2-TokenCache/README.md | 4 ++-- 2-WebApp-graph-user/2-2-TokenCache/Startup.cs | 4 ++-- .../2-3-Multi-Tenant/README-National-Cloud.md | 2 +- 2-WebApp-graph-user/2-3-Multi-Tenant/README.md | 4 ++-- 2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs | 4 ++-- .../2-4-Sovereign-Call-MSGraph/README.md | 4 ++-- .../2-4-Sovereign-Call-MSGraph/Startup.cs | 4 ++-- 3-WebApp-multi-APIs/README.md | 6 +++--- 3-WebApp-multi-APIs/Startup.cs | 4 ++-- 4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs | 4 ++-- .../4-1-MyOrg/README-incremental-instructions.md | 8 ++++---- 4-WebApp-your-API/4-1-MyOrg/README.md | 12 ++++++------ .../4-1-MyOrg/TodoListService/Startup.cs | 2 +- 4-WebApp-your-API/4-2-B2C/Client/Startup.cs | 4 ++-- .../4-2-B2C/README-incremental-instructions.md | 8 ++++---- 4-WebApp-your-API/4-2-B2C/README.md | 12 ++++++------ 4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs | 2 +- .../5-1-Roles/README-incremental-instructions.md | 6 +++--- 5-WebApp-AuthZ/5-1-Roles/README.md | 2 +- 5-WebApp-AuthZ/5-1-Roles/Startup.cs | 4 ++-- .../5-2-Groups/README-incremental-instructions.md | 4 ++-- 5-WebApp-AuthZ/5-2-Groups/README.md | 4 ++-- 5-WebApp-AuthZ/5-2-Groups/Startup.cs | 4 ++-- 38 files changed, 76 insertions(+), 76 deletions(-) diff --git a/1-WebApp-OIDC/1-1-MyOrg/README.md b/1-WebApp-OIDC/1-1-MyOrg/README.md index a1a029c7..79a8c3d2 100644 --- a/1-WebApp-OIDC/1-1-MyOrg/README.md +++ b/1-WebApp-OIDC/1-1-MyOrg/README.md @@ -163,7 +163,7 @@ cd "1-WebApp-OIDC\1-1-MyOrg" by this line: ```CSharp - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs index d9810720..4d7b5c89 100644 --- a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs +++ b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs @@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md index 2cdab737..eab4950c 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md +++ b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md @@ -57,14 +57,14 @@ The actual sign-in audience (accounts to sign-in) is the lowest set of what is s In order to restrict users from specific organizations from signing-in to your web app, you'll need to customize your code a bit more to restrict issuers. In Azure AD, the token issuers are the Azure AD tenants which issue tokens to applications. -In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddSignIn(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate. +In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftWebApp(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate. ```CSharp public void ConfigureServices(IServiceCollection services) { ... // Sign-in users with the Microsoft identity platform - services.AddSignIn(Configuration, options => + services.AddMicrosoftWebApp(Configuration, options => { Configuration.Bind("AzureAd", options); // Restrict users to specific belonging to specific tenants diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README.md b/1-WebApp-OIDC/1-2-AnyOrg/README.md index cafa2d0f..11a14a17 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/README.md +++ b/1-WebApp-OIDC/1-2-AnyOrg/README.md @@ -155,7 +155,7 @@ cd "1-WebApp-OIDC\1-2-AnyOrg" by this line: ```CSharp - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. @@ -228,7 +228,7 @@ In the `Startup.cs` file, in the `ConfigureServices` method, after `services.Add { ... // Sign-in users with the Microsoft identity platform - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // Restrict users to specific belonging to specific tenants services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => diff --git a/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs b/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs index f2537676..d102b364 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs +++ b/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs @@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md index 9e6c30f6..8bd903ca 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md @@ -150,7 +150,7 @@ In the **appsettings.json** file: by this line: ```CSharp - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs index 2e63693a..2efd05d8 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs @@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-4-Sovereign/README.md b/1-WebApp-OIDC/1-4-Sovereign/README.md index 400a002b..3eaa1b9f 100644 --- a/1-WebApp-OIDC/1-4-Sovereign/README.md +++ b/1-WebApp-OIDC/1-4-Sovereign/README.md @@ -121,7 +121,7 @@ cd "1-WebApp-OIDC\1-4-Sovereign" by this line: ```CSharp - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-4-Sovereign/Startup.cs b/1-WebApp-OIDC/1-4-Sovereign/Startup.cs index 2e63693a..2efd05d8 100644 --- a/1-WebApp-OIDC/1-4-Sovereign/Startup.cs +++ b/1-WebApp-OIDC/1-4-Sovereign/Startup.cs @@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-5-B2C/README.md b/1-WebApp-OIDC/1-5-B2C/README.md index 6779940e..dc93ec9c 100644 --- a/1-WebApp-OIDC/1-5-B2C/README.md +++ b/1-WebApp-OIDC/1-5-B2C/README.md @@ -125,12 +125,12 @@ You can trigger the middleware to send an OpenID Connect sign-in request by deco Here is the middleware example: ```csharp - services.AddSignIn(Configuration, "AzureAdB2C"); + services.AddMicrosoftWebApp(Configuration, "AzureAdB2C"); ``` Important things to notice: -- The method `AddSignIn` will configure the authentication based on the `MicrosoftIdentityOptions.cs` options. Feel free to bind more properties on `AzureAdB2C` section on `appsettings.json` if you need to set more options. +- The method `AddMicrosoftWebApp` will configure the authentication based on the `MicrosoftIdentityOptions.cs` options. Feel free to bind more properties on `AzureAdB2C` section on `appsettings.json` if you need to set more options. - The urls you set for `CallbackPath` and `SignedOutCallbackPath` should be registered on the **Reply Urls** of your application, in [Azure Portal](https://portal.azure.com). ## Next steps diff --git a/1-WebApp-OIDC/1-5-B2C/Startup.cs b/1-WebApp-OIDC/1-5-B2C/Startup.cs index 222e421b..0da704b2 100644 --- a/1-WebApp-OIDC/1-5-B2C/Startup.cs +++ b/1-WebApp-OIDC/1-5-B2C/Startup.cs @@ -35,7 +35,7 @@ public void ConfigureServices(IServiceCollection services) }); // Configuration to sign-in users with Azure AD B2C - services.AddSignIn(Configuration, "AzureAdB2C"); + services.AddMicrosoftWebApp(Configuration, "AzureAdB2C"); services.AddControllersWithViews() .AddMicrosoftIdentityUI(); diff --git a/1-WebApp-OIDC/1-6-SignOut/README.md b/1-WebApp-OIDC/1-6-SignOut/README.md index c461eb1f..b7a0e378 100644 --- a/1-WebApp-OIDC/1-6-SignOut/README.md +++ b/1-WebApp-OIDC/1-6-SignOut/README.md @@ -66,7 +66,7 @@ services.Configure(OpenIdConnectDefaults.AuthenticationSch ### Clearing the token cache -Your application can also intercept the logout event, for instance to clear the entry of the token cache associated with the account that signed out. We'll see in the second part of this tutorial (about the Web app calling a Web API), that the web app will store access tokens for the user in a cache. Intercepting the logout callback enables your web application to remove the user from the token cache. This is illustrated in the `AddWebAppCallsProtectedWebApi()` method of [WebAppServiceCollectionExtensions.cs](https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs#L202-L208) +Your application can also intercept the logout event, for instance to clear the entry of the token cache associated with the account that signed out. We'll see in the second part of this tutorial (about the Web app calling a Web API), that the web app will store access tokens for the user in a cache. Intercepting the logout callback enables your web application to remove the user from the token cache. This is illustrated in the `AddMicrosoftWebAppCallsWebApi()` method of [WebAppServiceCollectionExtensions.cs](https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs#L202-L208) ### Single Sign-Out diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/README.md b/2-WebApp-graph-user/2-1-Call-MSGraph/README.md index b70e956a..3c1048b6 100644 --- a/2-WebApp-graph-user/2-1-Call-MSGraph/README.md +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/README.md @@ -100,10 +100,10 @@ After the following lines in the ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services) { . . . - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) .AddInMemoryTokenCache(); ``` diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs index b8c160ec..46f8ab38 100644 --- a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs @@ -40,11 +40,11 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) .AddInMemoryTokenCaches(); /* diff --git a/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md b/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md index fc2289d1..a2dd9b23 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md +++ b/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md @@ -97,7 +97,7 @@ public void ConfigureServices(IServiceCollection services) // Token acquisition service based on MSAL.NET // and the Sql server based token cache implementation services.AddMicrosoftIdentityPlatformAuthentication(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Constants.ScopeUserRead }) + .AddMicrosoftWebAppCallsWebApi(new string[] { Constants.ScopeUserRead }) .AddSqlAppTokenCache(Configuration) .AddSqlPerUserTokenCache(Configuration); ``` diff --git a/2-WebApp-graph-user/2-2-TokenCache/README.md b/2-WebApp-graph-user/2-2-TokenCache/README.md index 94de5609..dd8db496 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/README.md +++ b/2-WebApp-graph-user/2-2-TokenCache/README.md @@ -187,8 +187,8 @@ public void ConfigureServices(IServiceCollection services) . . . // Token acquisition service based on MSAL.NET // and the Sql server based token cache implementation - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) .AddDistributedTokenCaches(); services.AddDistributedSqlServerCache(options => diff --git a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs index ecae4669..f4eaa057 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs +++ b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs @@ -51,11 +51,11 @@ dotnet tool install --global dotnet-sql-cache dotnet sql-cache create "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=MsalTokenCacheDatabase;Integrated Security=True;" dbo TokenCache */ - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) .AddDistributedTokenCaches(); services.AddDistributedSqlServerCache(options => diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md index b62218b0..9744623d 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md @@ -273,7 +273,7 @@ The `https://graph.microsoft.com/.default` is a static scope that allows the ten ### Custom token validation allowing only registered tenants -On the `Startup.cs` we are calling `AddSignIn` to configure the authentication, and within that method, we validates that the token issuer is from AAD. +On the `Startup.cs` we are calling `AddMicrosoftWebApp` to configure the authentication, and within that method, we validates that the token issuer is from AAD. ```csharp options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate; diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md index 465888c8..45ae0e07 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md @@ -212,7 +212,7 @@ These steps are encapsulated in the [Microsoft.Identity.Web](..\..\Microsoft.Ide In order to be able to sign-in users from multiple tenants, the [/common endpoint](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-your-code-to-send-requests-to-common) must be used. In the sample, this endpoint is used as a result of setting the value for `TenantId` as `organizations` on the `appsettings.json` file, and configuring the middleware to read the values from it. ```csharp -services.AddSignIn(Configuration); +services.AddMicrosoftWebApp(Configuration); ``` You can read about the various endpoints of the Microsoft Identity Platform [here](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols#endpoints). @@ -248,7 +248,7 @@ The `https://graph.microsoft.com/.default` is a static scope that allows the ten ### Custom token validation allowing only registered tenants -On the `Startup.cs` we are calling `AddSignIn` to configure the authentication, and within that method, we validates that the token issuer is from AAD. +On the `Startup.cs` we are calling `AddMicrosoftWebApp` to configure the authentication, and within that method, we validates that the token issuer is from AAD. ```csharp options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate; diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs index 6d17d94b..5b19150e 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs @@ -56,7 +56,7 @@ public void ConfigureServices(IServiceCollection services) services.AddScoped(); // Sign-in users with the Microsoft identity platform - services.AddSignIn(options => + services.AddMicrosoftWebApp(options => { Configuration.Bind("AzureAd", options); options.Events.OnTokenValidated = async context => @@ -88,7 +88,7 @@ public void ConfigureServices(IServiceCollection services) Configuration.Bind("AzureAD", options); }); - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { GraphScope.UserReadAll }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { GraphScope.UserReadAll }) .AddInMemoryTokenCaches(); services.AddControllersWithViews(options => diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md index d34cc0f7..e8a0cceb 100644 --- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md +++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md @@ -93,8 +93,8 @@ After the following lines in the ConfigureServices(IServiceCollection services) . . . // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Constants.ScopeUserRead }) .AddInMemoryTokenCache(); ``` diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs index 467c0c69..fa8c3f42 100644 --- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs +++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs @@ -41,11 +41,11 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) .AddInMemoryTokenCaches(); // Add Graph diff --git a/3-WebApp-multi-APIs/README.md b/3-WebApp-multi-APIs/README.md index f126195f..58967644 100644 --- a/3-WebApp-multi-APIs/README.md +++ b/3-WebApp-multi-APIs/README.md @@ -76,7 +76,7 @@ Starting from the [previous phase of the tutorial](../../2-WebApp-graph-user/2-1 ### Update the `Startup.cs` file to enable TokenAcquisition by a MSAL.NET based service -After the following lines in the ConfigureServices(IServiceCollection services) method, after `services.AddSignIn(Configuration);`, add `services.AddHttpClient();`: +After the following lines in the ConfigureServices(IServiceCollection services) method, after `services.AddMicrosoftWebApp(Configuration);`, add `services.AddHttpClient();`: ```CSharp public void ConfigureServices(IServiceCollection services) @@ -84,8 +84,8 @@ After the following lines in the ConfigureServices(IServiceCollection services) . . . // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Constants.ScopeUserRead }) .AddInMemoryTokenCache(); services.AddHttpClient(); ``` diff --git a/3-WebApp-multi-APIs/Startup.cs b/3-WebApp-multi-APIs/Startup.cs index 05fd7819..3750ad5a 100644 --- a/3-WebApp-multi-APIs/Startup.cs +++ b/3-WebApp-multi-APIs/Startup.cs @@ -42,11 +42,11 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) .AddInMemoryTokenCaches(); // Add APIs diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs b/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs index e899b0fc..e3916bd6 100644 --- a/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs +++ b/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs @@ -43,7 +43,7 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // This is required to be instantiated before the OpenIdConnectOptions starts getting configured. // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications. @@ -53,7 +53,7 @@ public void ConfigureServices(IServiceCollection services) // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }) .AddInMemoryTokenCaches(); // Add APIs diff --git a/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md b/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md index f2f070e5..86b55e48 100644 --- a/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md +++ b/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md @@ -208,8 +208,8 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present. 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) .AddInMemoryTokenCaches(); ``` @@ -250,7 +250,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders; with ```Csharp - services.AddProtectedWebApi(Configuration) + services.AddMicrosoftWebApi(Configuration) .AddInMemoryTokenCaches(); ``` @@ -260,7 +260,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders; app.UseAuthentication(); app.UseMvc(); ``` - `AddProtectedWebApi` does the following: + `AddMicrosoftWebApi` does the following: - add the **Jwt**BearerAuthenticationScheme (Note the replacement of **BearerAuthenticationScheme** by **Jwt**BearerAuthenticationScheme) - set the authority to be the Microsoft identity platform - sets the audiences to validate diff --git a/4-WebApp-your-API/4-1-MyOrg/README.md b/4-WebApp-your-API/4-1-MyOrg/README.md index fd154098..4f175fd8 100644 --- a/4-WebApp-your-API/4-1-MyOrg/README.md +++ b/4-WebApp-your-API/4-1-MyOrg/README.md @@ -249,8 +249,8 @@ Explore the sample by signing in into the TodoList client, adding items to the T by this line: ```CSharp - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) .AddInMemoryTokenCaches(); ``` @@ -280,8 +280,8 @@ Explore the sample by signing in into the TodoList client, adding items to the T 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) .AddInMemoryTokenCaches(); ``` 1. Update the `Configure` method to include **app.UseAuthentication();** before **app.UseMvc();** @@ -332,7 +332,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders; with ```Csharp - services.AddProtectedWebApi(Configuration) + services.AddMicrosoftWebApi(Configuration) .AddInMemoryTokenCaches(); ``` - Add the method **app.UseAuthentication()** before **app.UseMvc()** in the `Configure` method @@ -342,7 +342,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders; app.UseMvc(); ``` - `AddProtectedWebApi` does the following: + `AddMicrosoftWebApi` does the following: - add the **Jwt**BearerAuthenticationScheme (Note the replacement of **BearerAuthenticationScheme** by **Jwt**BearerAuthenticationScheme) - set the authority to be the Microsoft identity platform identity - sets the audiences to validate diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs index 89b9723d..70011649 100644 --- a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs +++ b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs @@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services) // JwtSecurityTokenHandler.DefaultMapInboundClaims = false; // Adds Microsoft Identity platform (AAD v2.0) support to protect this Api - services.AddProtectedWebApi(Configuration); + services.AddMicrosoftWebApi(Configuration); services.AddControllers(); } diff --git a/4-WebApp-your-API/4-2-B2C/Client/Startup.cs b/4-WebApp-your-API/4-2-B2C/Client/Startup.cs index 162bf4d8..037230f3 100644 --- a/4-WebApp-your-API/4-2-B2C/Client/Startup.cs +++ b/4-WebApp-your-API/4-2-B2C/Client/Startup.cs @@ -42,7 +42,7 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddSignIn(Configuration, "AzureAdB2C"); + services.AddMicrosoftWebApp(Configuration, "AzureAdB2C"); // This is required to be instantiated before the OpenIdConnectOptions starts getting configured. // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications. @@ -52,7 +52,7 @@ public void ConfigureServices(IServiceCollection services) // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C") + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C") .AddInMemoryTokenCaches(); // Add APIs diff --git a/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md b/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md index 8b10cbe5..05529eb6 100644 --- a/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md +++ b/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md @@ -205,8 +205,8 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present. 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) .AddInMemoryTokenCaches(); ``` @@ -248,7 +248,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer; ```Csharp services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) - .AddProtectedWebApi("AzureAdB2C", Configuration, options => + .AddMicrosoftWebApi("AzureAdB2C", Configuration, options => { Configuration.Bind("AzureAdB2C", options); @@ -262,7 +262,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer; app.UseAuthentication(); app.UseMvc(); ``` - `AddProtectedWebApi` does the following: + `AddMicrosoftWebApi` does the following: - add the **Jwt**BearerAuthenticationScheme (Note the replacement of **BearerAuthenticationScheme** by **Jwt**BearerAuthenticationScheme) - set the authority to be the Microsoft identity platform - sets the audiences to validate diff --git a/4-WebApp-your-API/4-2-B2C/README.md b/4-WebApp-your-API/4-2-B2C/README.md index 3e6cea66..58c740ac 100644 --- a/4-WebApp-your-API/4-2-B2C/README.md +++ b/4-WebApp-your-API/4-2-B2C/README.md @@ -183,8 +183,8 @@ NOTE: Remember, the To-Do list is stored in memory in this `TodoListService` app by this line: ```CSharp - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) .AddInMemoryTokenCaches(); ``` @@ -214,8 +214,8 @@ NOTE: Remember, the To-Do list is stored in memory in this `TodoListService` app 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) .AddInMemoryTokenCaches(); ``` 1. Update the `Configure` method to include **app.UseAuthentication();** before **app.UseMvc();** @@ -266,7 +266,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders; with ```Csharp - services.AddProtectedWebApi(options => + services.AddMicrosoftWebApi(options => { Configuration.Bind("AzureAdB2C", options); @@ -281,7 +281,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders; app.UseMvc(); ``` - `AddProtectedWebApi` does the following: + `AddMicrosoftWebApi` does the following: - add the **Jwt**BearerAuthenticationScheme (Note the replacement of **BearerAuthenticationScheme** by **Jwt**BearerAuthenticationScheme) - set the authority to be the Microsoft identity platform identity - sets the audiences to validate diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs b/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs index a5d7e8f9..7d438de4 100644 --- a/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs +++ b/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs @@ -34,7 +34,7 @@ public void ConfigureServices(IServiceCollection services) // JwtSecurityTokenHandler.DefaultMapInboundClaims = false; // Adds Microsoft Identity platform (AAD v2.0) support to protect this Api - services.AddProtectedWebApi(options => + services.AddMicrosoftWebApi(options => { Configuration.Bind("AzureAdB2C", options); diff --git a/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md b/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md index ab713285..dd5461d6 100644 --- a/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md +++ b/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md @@ -159,7 +159,7 @@ The asp.net middleware supports roles populated from claims by specifying the cl ```CSharp // Startup.cs -public static IServiceCollection AddSignIn(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null) +public static IServiceCollection AddMicrosoftWebApp(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null) { // [removed for brevity] @@ -212,8 +212,8 @@ The following files have the code that would be of interest to you. .AddAzureAD(options => Configuration.Bind("AzureAd", options)); //This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. - services.AddSignIn(Configuration) - .AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) // Adds support for the MSAL library with the permissions necessary to retrieve the signed-in user's group info in case of a token overage + services.AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) // Adds support for the MSAL library with the permissions necessary to retrieve the signed-in user's group info in case of a token overage .AddInMemoryTokenCaches(); // Adds aspnetcore MemoryCache as Token cache provider for MSAL. services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app. diff --git a/5-WebApp-AuthZ/5-1-Roles/README.md b/5-WebApp-AuthZ/5-1-Roles/README.md index 4e2a36e7..dd0c5ae9 100644 --- a/5-WebApp-AuthZ/5-1-Roles/README.md +++ b/5-WebApp-AuthZ/5-1-Roles/README.md @@ -234,7 +234,7 @@ The asp.net middleware supports roles populated from claims by specifying the cl ```CSharp // Startup.cs -public static IServiceCollection AddSignIn(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null) +public static IServiceCollection AddMicrosoftWebApp(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null) { // [removed for] brevity diff --git a/5-WebApp-AuthZ/5-1-Roles/Startup.cs b/5-WebApp-AuthZ/5-1-Roles/Startup.cs index 549e98be..566acbb3 100644 --- a/5-WebApp-AuthZ/5-1-Roles/Startup.cs +++ b/5-WebApp-AuthZ/5-1-Roles/Startup.cs @@ -48,11 +48,11 @@ public void ConfigureServices(IServiceCollection services) // Sign-in users with the Microsoft identity platform - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) .AddInMemoryTokenCaches(); // Add Graph diff --git a/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md b/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md index 2d860a10..efddc49f 100644 --- a/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md +++ b/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md @@ -242,9 +242,9 @@ The following files have the code that would be of interest to you: - by these lines: ```CSharp - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) .AddInMemoryTokenCaches(); services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app. diff --git a/5-WebApp-AuthZ/5-2-Groups/README.md b/5-WebApp-AuthZ/5-2-Groups/README.md index 52b330a9..8c82bea7 100644 --- a/5-WebApp-AuthZ/5-2-Groups/README.md +++ b/5-WebApp-AuthZ/5-2-Groups/README.md @@ -352,9 +352,9 @@ The following files have the code that would be of interest to you: - by these lines: ```CSharp - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) .AddInMemoryTokenCaches(); services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app. diff --git a/5-WebApp-AuthZ/5-2-Groups/Startup.cs b/5-WebApp-AuthZ/5-2-Groups/Startup.cs index 6fe36bbe..1321a0b9 100644 --- a/5-WebApp-AuthZ/5-2-Groups/Startup.cs +++ b/5-WebApp-AuthZ/5-2-Groups/Startup.cs @@ -36,7 +36,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddSignIn(Configuration); + services.AddMicrosoftWebApp(Configuration); // If you want to use group ids/names in the Authorize attribute then uncomment the following lines: //services.Configure(options => @@ -47,7 +47,7 @@ public void ConfigureServices(IServiceCollection services) // options.TokenValidationParameters.RoleClaimType = "groups"; //}); - services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) + services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) .AddInMemoryTokenCaches(); services.AddMSGraphService(Configuration); From 0da310d75d7a954c8d4d80a0d44d0025f4b8e9ba Mon Sep 17 00:00:00 2001 From: Jenny Ferries Date: Mon, 6 Jul 2020 12:23:39 -0700 Subject: [PATCH 02/11] Start update of API --- 1-WebApp-OIDC/1-1-MyOrg/README.md | 5 +++-- 1-WebApp-OIDC/1-1-MyOrg/Startup.cs | 3 ++- .../1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md | 3 ++- 1-WebApp-OIDC/1-2-AnyOrg/README.md | 5 +++-- 1-WebApp-OIDC/1-2-AnyOrg/Startup.cs | 3 ++- .../1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md | 7 +++++-- 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs | 3 ++- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 1-WebApp-OIDC/1-4-Sovereign/README.md | 5 +++-- 1-WebApp-OIDC/1-4-Sovereign/Startup.cs | 3 ++- .../1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 1-WebApp-OIDC/1-5-B2C/README.md | 3 ++- 1-WebApp-OIDC/1-5-B2C/Startup.cs | 3 ++- .../1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 2-WebApp-graph-user/2-1-Call-MSGraph/README.md | 12 +++++++----- 2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs | 9 +++++---- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 2-WebApp-graph-user/2-2-TokenCache/README.md | 11 ++++++----- 2-WebApp-graph-user/2-2-TokenCache/Startup.cs | 7 ++++--- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs | 11 +++++++---- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../2-4-Sovereign-Call-MSGraph/README.md | 12 +++++++----- .../2-4-Sovereign-Call-MSGraph/Startup.cs | 7 ++++--- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 3-WebApp-multi-APIs/README.md | 12 +++++++----- 3-WebApp-multi-APIs/Startup.cs | 7 ++++--- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../4-1-MyOrg/Client/TodoListClient.csproj | 4 ++-- .../4-1-MyOrg/TodoListService/TodoListService.csproj | 2 +- .../4-2-B2C/Client/TodoListClient.csproj | 4 ++-- .../4-2-B2C/TodoListService/TodoListService.csproj | 2 +- .../5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 36 files changed, 109 insertions(+), 82 deletions(-) diff --git a/1-WebApp-OIDC/1-1-MyOrg/README.md b/1-WebApp-OIDC/1-1-MyOrg/README.md index 79a8c3d2..d1cc96bf 100644 --- a/1-WebApp-OIDC/1-1-MyOrg/README.md +++ b/1-WebApp-OIDC/1-1-MyOrg/README.md @@ -160,10 +160,11 @@ cd "1-WebApp-OIDC\1-1-MyOrg" .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - by this line: + with these two: ```CSharp - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs index 4d7b5c89..c7e79ab2 100644 --- a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs +++ b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs @@ -34,7 +34,8 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj index 82c72450..71233d55 100644 --- a/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj @@ -25,8 +25,8 @@ runtime; build; native; contentfiles; analyzers; buildtransitive - - + + diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md index eab4950c..79d6e0b7 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md +++ b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md @@ -64,7 +64,8 @@ In the `Startup.cs` file, in the `ConfigureServices` method, after `services.Add { ... // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(Configuration, options => + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration, options => { Configuration.Bind("AzureAd", options); // Restrict users to specific belonging to specific tenants diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README.md b/1-WebApp-OIDC/1-2-AnyOrg/README.md index 11a14a17..b2857d2c 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/README.md +++ b/1-WebApp-OIDC/1-2-AnyOrg/README.md @@ -152,10 +152,11 @@ cd "1-WebApp-OIDC\1-2-AnyOrg" .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - by this line: + with these lines: ```CSharp - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs b/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs index d102b364..4b7aec0c 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs +++ b/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs @@ -34,7 +34,8 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj index bc67eed0..7b6c5a67 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md index 8bd903ca..8d7f4a82 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md @@ -147,10 +147,13 @@ In the **appsettings.json** file: .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - by this line: + with these lines: ```CSharp - services.AddMicrosoftWebApp(Configuration); + + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration); + ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs index 2efd05d8..b8c29099 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs @@ -34,7 +34,8 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj index bc67eed0..7b6c5a67 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/1-WebApp-OIDC/1-4-Sovereign/README.md b/1-WebApp-OIDC/1-4-Sovereign/README.md index 3eaa1b9f..154dd099 100644 --- a/1-WebApp-OIDC/1-4-Sovereign/README.md +++ b/1-WebApp-OIDC/1-4-Sovereign/README.md @@ -118,10 +118,11 @@ cd "1-WebApp-OIDC\1-4-Sovereign" .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - by this line: + by these lines: ```CSharp - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-4-Sovereign/Startup.cs b/1-WebApp-OIDC/1-4-Sovereign/Startup.cs index 2efd05d8..b8c29099 100644 --- a/1-WebApp-OIDC/1-4-Sovereign/Startup.cs +++ b/1-WebApp-OIDC/1-4-Sovereign/Startup.cs @@ -34,7 +34,8 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj index bc67eed0..7b6c5a67 100644 --- a/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/1-WebApp-OIDC/1-5-B2C/README.md b/1-WebApp-OIDC/1-5-B2C/README.md index dc93ec9c..17e28865 100644 --- a/1-WebApp-OIDC/1-5-B2C/README.md +++ b/1-WebApp-OIDC/1-5-B2C/README.md @@ -125,7 +125,8 @@ You can trigger the middleware to send an OpenID Connect sign-in request by deco Here is the middleware example: ```csharp - services.AddMicrosoftWebApp(Configuration, "AzureAdB2C"); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration, "AzureAdB2C"); ``` Important things to notice: diff --git a/1-WebApp-OIDC/1-5-B2C/Startup.cs b/1-WebApp-OIDC/1-5-B2C/Startup.cs index 0da704b2..ac9ebd4e 100644 --- a/1-WebApp-OIDC/1-5-B2C/Startup.cs +++ b/1-WebApp-OIDC/1-5-B2C/Startup.cs @@ -35,7 +35,8 @@ public void ConfigureServices(IServiceCollection services) }); // Configuration to sign-in users with Azure AD B2C - services.AddMicrosoftWebApp(Configuration, "AzureAdB2C"); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration, "AzureAdB2C"); services.AddControllersWithViews() .AddMicrosoftIdentityUI(); diff --git a/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj index bc67eed0..7b6c5a67 100644 --- a/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/README.md b/2-WebApp-graph-user/2-1-Call-MSGraph/README.md index 3c1048b6..8a3cf53c 100644 --- a/2-WebApp-graph-user/2-1-Call-MSGraph/README.md +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/README.md @@ -100,11 +100,13 @@ After the following lines in the ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services) { . . . - services.AddMicrosoftWebApp(Configuration); - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) - .AddInMemoryTokenCache(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) + + // Token acquisition service based on MSAL.NET + // and chosen token cache implementation + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); + services.AddInMemoryTokenCaches(); ``` The two new lines of code: diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs index 46f8ab38..bd1be276 100644 --- a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs @@ -39,13 +39,14 @@ public void ConfigureServices(IServiceCollection services) }); services.AddOptions(); - - services.AddMicrosoftWebApp(Configuration); + + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) - .AddInMemoryTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); + services.AddInMemoryTokenCaches(); /* // or use a distributed Token Cache by adding diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj index 6723dd91..0ef4ac31 100644 --- a/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj @@ -19,8 +19,8 @@ - - + + diff --git a/2-WebApp-graph-user/2-2-TokenCache/README.md b/2-WebApp-graph-user/2-2-TokenCache/README.md index dd8db496..1f86196b 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/README.md +++ b/2-WebApp-graph-user/2-2-TokenCache/README.md @@ -185,11 +185,12 @@ This sample proposes a distributed SQL token cache. To use it, you'll need to ad public void ConfigureServices(IServiceCollection services) { . . . - // Token acquisition service based on MSAL.NET - // and the Sql server based token cache implementation - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) - .AddDistributedTokenCaches(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) + // Token acquisition service based on MSAL.NET + // and chosen token cache implementation + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); + services.AddDistributedTokenCaches(); services.AddDistributedSqlServerCache(options => { diff --git a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs index f4eaa057..d96a7af8 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs +++ b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs @@ -51,12 +51,13 @@ dotnet tool install --global dotnet-sql-cache dotnet sql-cache create "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=MsalTokenCacheDatabase;Integrated Security=True;" dbo TokenCache */ - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) - .AddDistributedTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); + services.AddDistributedTokenCaches(); services.AddDistributedSqlServerCache(options => { diff --git a/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj index 7395927e..e61949bf 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj +++ b/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj @@ -20,8 +20,8 @@ - - + + diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs index 5b19150e..09173ce0 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs @@ -56,7 +56,8 @@ public void ConfigureServices(IServiceCollection services) services.AddScoped(); // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(options => + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(options => { Configuration.Bind("AzureAd", options); options.Events.OnTokenValidated = async context => @@ -86,10 +87,12 @@ public void ConfigureServices(IServiceCollection services) }, options => { Configuration.Bind("AzureAD", options); - }); + }, options => + { + }) - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { GraphScope.UserReadAll }) - .AddInMemoryTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { GraphScope.UserReadAll }); + services.AddInMemoryTokenCaches(); services.AddControllersWithViews(options => { diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj index c03b7e98..5e50af8c 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj @@ -22,8 +22,8 @@ - - + + diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md index e8a0cceb..de038d24 100644 --- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md +++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/README.md @@ -91,11 +91,13 @@ After the following lines in the ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services) { . . . - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Constants.ScopeUserRead }) - .AddInMemoryTokenCache(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) + + // Token acquisition service based on MSAL.NET + // and chosen token cache implementation + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); + services.AddInMemoryTokenCaches(); ``` The two new lines of code: diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs index fa8c3f42..46fe4b81 100644 --- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs +++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/Startup.cs @@ -41,12 +41,13 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) - .AddInMemoryTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); + services.AddInMemoryTokenCaches(); // Add Graph services.AddGraphService(Configuration); diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj index bc67eed0..7b6c5a67 100644 --- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj +++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/3-WebApp-multi-APIs/README.md b/3-WebApp-multi-APIs/README.md index 58967644..df15da4b 100644 --- a/3-WebApp-multi-APIs/README.md +++ b/3-WebApp-multi-APIs/README.md @@ -82,11 +82,13 @@ After the following lines in the ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services) { . . . - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Constants.ScopeUserRead }) - .AddInMemoryTokenCache(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) + + // Token acquisition service based on MSAL.NET + // and chosen token cache implementation + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); + services.AddInMemoryTokenCaches(); services.AddHttpClient(); ``` diff --git a/3-WebApp-multi-APIs/Startup.cs b/3-WebApp-multi-APIs/Startup.cs index 3750ad5a..89c0b94d 100644 --- a/3-WebApp-multi-APIs/Startup.cs +++ b/3-WebApp-multi-APIs/Startup.cs @@ -42,12 +42,13 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) - .AddInMemoryTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); + services.AddInMemoryTokenCaches(); // Add APIs services.AddGraphService(Configuration); diff --git a/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj b/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj index b6938de7..2e5e59da 100644 --- a/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj +++ b/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj @@ -19,8 +19,8 @@ - - + + diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj b/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj index 97b2b3a5..48d8197a 100644 --- a/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj +++ b/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj @@ -24,8 +24,8 @@ - - + + diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj b/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj index a49c0e0f..77f2ae87 100644 --- a/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj +++ b/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj @@ -7,7 +7,7 @@ - + diff --git a/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj b/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj index 0201e89d..f7a36882 100644 --- a/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj +++ b/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj @@ -24,8 +24,8 @@ - - + + diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj b/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj index a49c0e0f..77f2ae87 100644 --- a/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj +++ b/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj @@ -7,7 +7,7 @@ - + diff --git a/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj b/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj index 6723dd91..0ef4ac31 100644 --- a/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj +++ b/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj @@ -19,8 +19,8 @@ - - + + diff --git a/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj b/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj index 684d9403..01e38933 100644 --- a/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj +++ b/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj @@ -19,8 +19,8 @@ - - + + From cd0528f405e75c879891b4f6870fd4e9f8cfb027 Mon Sep 17 00:00:00 2001 From: Jenny Ferries Date: Tue, 7 Jul 2020 20:58:46 -0700 Subject: [PATCH 03/11] update to latest build and api --- 1-WebApp-OIDC/1-1-MyOrg/README.md | 5 ++--- 1-WebApp-OIDC/1-1-MyOrg/Startup.cs | 3 +-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md | 5 ++--- 1-WebApp-OIDC/1-2-AnyOrg/README.md | 5 ++--- 1-WebApp-OIDC/1-2-AnyOrg/Startup.cs | 3 +-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md | 5 ++--- 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs | 3 +-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 1-WebApp-OIDC/1-4-Sovereign/README.md | 5 ++--- 1-WebApp-OIDC/1-4-Sovereign/Startup.cs | 3 +-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 1-WebApp-OIDC/1-5-B2C/README.md | 5 ++--- 1-WebApp-OIDC/1-5-B2C/Startup.cs | 3 +-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../2-3-Multi-Tenant/README.md | 3 ++- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs | 7 ++++--- .../4-1-MyOrg/Client/TodoListClient.csproj | 4 ++-- .../README-incremental-instructions.md | 7 ++++--- 4-WebApp-your-API/4-1-MyOrg/README.md | 19 ++++++++++--------- .../4-1-MyOrg/TodoListService/Startup.cs | 2 +- .../TodoListService/TodoListService.csproj | 2 +- 4-WebApp-your-API/4-2-B2C/Client/Startup.cs | 7 ++++--- .../4-2-B2C/Client/TodoListClient.csproj | 4 ++-- .../README-incremental-instructions.md | 9 +++++---- 4-WebApp-your-API/4-2-B2C/README.md | 17 ++++++++++------- .../4-2-B2C/TodoListService/Startup.cs | 3 ++- .../TodoListService/TodoListService.csproj | 2 +- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- .../WebApp-OpenIDConnect-DotNet.csproj | 4 ++-- 36 files changed, 89 insertions(+), 90 deletions(-) diff --git a/1-WebApp-OIDC/1-1-MyOrg/README.md b/1-WebApp-OIDC/1-1-MyOrg/README.md index d1cc96bf..6bbfffc4 100644 --- a/1-WebApp-OIDC/1-1-MyOrg/README.md +++ b/1-WebApp-OIDC/1-1-MyOrg/README.md @@ -160,11 +160,10 @@ cd "1-WebApp-OIDC\1-1-MyOrg" .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - with these two: + by this line: ```CSharp - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs index c7e79ab2..e3a4aac0 100644 --- a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs +++ b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs @@ -34,8 +34,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj index 71233d55..dc681a7b 100644 --- a/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-1-MyOrg/WebApp-OpenIDConnect-DotNet.csproj @@ -25,8 +25,8 @@ runtime; build; native; contentfiles; analyzers; buildtransitive - - + + diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md index 79d6e0b7..87d30543 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md +++ b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md @@ -57,15 +57,14 @@ The actual sign-in audience (accounts to sign-in) is the lowest set of what is s In order to restrict users from specific organizations from signing-in to your web app, you'll need to customize your code a bit more to restrict issuers. In Azure AD, the token issuers are the Azure AD tenants which issue tokens to applications. -In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftWebApp(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate. +In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftWebAppAuthentication(Configuration)` add some code to validate specific issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate. ```CSharp public void ConfigureServices(IServiceCollection services) { ... // Sign-in users with the Microsoft identity platform - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration, options => + services.AddMicrosoftWebAppAuthentication(Configuration, options => { Configuration.Bind("AzureAd", options); // Restrict users to specific belonging to specific tenants diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README.md b/1-WebApp-OIDC/1-2-AnyOrg/README.md index b2857d2c..947bd155 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/README.md +++ b/1-WebApp-OIDC/1-2-AnyOrg/README.md @@ -152,11 +152,10 @@ cd "1-WebApp-OIDC\1-2-AnyOrg" .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - with these lines: + by this line: ```CSharp - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs b/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs index 4b7aec0c..c4a3bacf 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs +++ b/1-WebApp-OIDC/1-2-AnyOrg/Startup.cs @@ -34,8 +34,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj index 7b6c5a67..1cfea74e 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-2-AnyOrg/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md index 8d7f4a82..51c891ff 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md @@ -147,12 +147,11 @@ In the **appsettings.json** file: .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - with these lines: + by this line: ```CSharp - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); ``` diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs index b8c29099..c2335032 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Startup.cs @@ -34,8 +34,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj index 7b6c5a67..1cfea74e 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/1-WebApp-OIDC/1-4-Sovereign/README.md b/1-WebApp-OIDC/1-4-Sovereign/README.md index 154dd099..8a127c36 100644 --- a/1-WebApp-OIDC/1-4-Sovereign/README.md +++ b/1-WebApp-OIDC/1-4-Sovereign/README.md @@ -118,11 +118,10 @@ cd "1-WebApp-OIDC\1-4-Sovereign" .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - by these lines: + by this line: ```CSharp - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/1-WebApp-OIDC/1-4-Sovereign/Startup.cs b/1-WebApp-OIDC/1-4-Sovereign/Startup.cs index b8c29099..c2335032 100644 --- a/1-WebApp-OIDC/1-4-Sovereign/Startup.cs +++ b/1-WebApp-OIDC/1-4-Sovereign/Startup.cs @@ -34,8 +34,7 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); services.AddControllersWithViews(options => { diff --git a/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj index 7b6c5a67..1cfea74e 100644 --- a/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-4-Sovereign/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/1-WebApp-OIDC/1-5-B2C/README.md b/1-WebApp-OIDC/1-5-B2C/README.md index 17e28865..03ff5ee4 100644 --- a/1-WebApp-OIDC/1-5-B2C/README.md +++ b/1-WebApp-OIDC/1-5-B2C/README.md @@ -125,13 +125,12 @@ You can trigger the middleware to send an OpenID Connect sign-in request by deco Here is the middleware example: ```csharp - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration, "AzureAdB2C"); + services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAdB2C"); ``` Important things to notice: -- The method `AddMicrosoftWebApp` will configure the authentication based on the `MicrosoftIdentityOptions.cs` options. Feel free to bind more properties on `AzureAdB2C` section on `appsettings.json` if you need to set more options. +- The method `AddMicrosoftWebAppAuthenticatio` will configure the authentication based on the `MicrosoftIdentityOptions.cs` options. Feel free to bind more properties on `AzureAdB2C` section on `appsettings.json` if you need to set more options. - The urls you set for `CallbackPath` and `SignedOutCallbackPath` should be registered on the **Reply Urls** of your application, in [Azure Portal](https://portal.azure.com). ## Next steps diff --git a/1-WebApp-OIDC/1-5-B2C/Startup.cs b/1-WebApp-OIDC/1-5-B2C/Startup.cs index ac9ebd4e..d72b81c7 100644 --- a/1-WebApp-OIDC/1-5-B2C/Startup.cs +++ b/1-WebApp-OIDC/1-5-B2C/Startup.cs @@ -35,8 +35,7 @@ public void ConfigureServices(IServiceCollection services) }); // Configuration to sign-in users with Azure AD B2C - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration, "AzureAdB2C"); + services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAdB2C"); services.AddControllersWithViews() .AddMicrosoftIdentityUI(); diff --git a/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj index 7b6c5a67..1cfea74e 100644 --- a/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj +++ b/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj index 0ef4ac31..f3cb6d91 100644 --- a/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj @@ -19,8 +19,8 @@ - - + + diff --git a/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj index e61949bf..dc97aa70 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj +++ b/2-WebApp-graph-user/2-2-TokenCache/WebApp-OpenIDConnect-DotNet.csproj @@ -20,8 +20,8 @@ - - + + diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md index 45ae0e07..fb68fbc2 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md @@ -212,7 +212,8 @@ These steps are encapsulated in the [Microsoft.Identity.Web](..\..\Microsoft.Ide In order to be able to sign-in users from multiple tenants, the [/common endpoint](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-your-code-to-send-requests-to-common) must be used. In the sample, this endpoint is used as a result of setting the value for `TenantId` as `organizations` on the `appsettings.json` file, and configuring the middleware to read the values from it. ```csharp -services.AddMicrosoftWebApp(Configuration); +services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) ``` You can read about the various endpoints of the Microsoft Identity Platform [here](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols#endpoints). diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj index 5e50af8c..85014e12 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj @@ -22,8 +22,8 @@ - - + + diff --git a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj index 7b6c5a67..1cfea74e 100644 --- a/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj +++ b/2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/WebApp-OpenIDConnect-DotNet.csproj @@ -18,8 +18,8 @@ - - + + diff --git a/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj b/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj index 2e5e59da..ec205b96 100644 --- a/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj +++ b/3-WebApp-multi-APIs/WebApp-OpenIDConnect-DotNet.csproj @@ -19,8 +19,8 @@ - - + + diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs b/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs index e3916bd6..2bca975a 100644 --- a/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs +++ b/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs @@ -43,7 +43,8 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddMicrosoftWebApp(Configuration); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) // This is required to be instantiated before the OpenIdConnectOptions starts getting configured. // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications. @@ -53,8 +54,8 @@ public void ConfigureServices(IServiceCollection services) // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }) - .AddInMemoryTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }); + services.AddInMemoryTokenCaches(); // Add APIs services.AddTodoListService(Configuration); diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj b/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj index 48d8197a..8ebaba32 100644 --- a/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj +++ b/4-WebApp-your-API/4-1-MyOrg/Client/TodoListClient.csproj @@ -24,8 +24,8 @@ - - + + diff --git a/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md b/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md index 86b55e48..144fb1b1 100644 --- a/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md +++ b/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md @@ -208,9 +208,10 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present. 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) - .AddInMemoryTokenCaches(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddInMemoryTokenCaches(); ``` ### Creating the Web API project (TodoListService) diff --git a/4-WebApp-your-API/4-1-MyOrg/README.md b/4-WebApp-your-API/4-1-MyOrg/README.md index 4f175fd8..cd9144bc 100644 --- a/4-WebApp-your-API/4-1-MyOrg/README.md +++ b/4-WebApp-your-API/4-1-MyOrg/README.md @@ -246,12 +246,13 @@ Explore the sample by signing in into the TodoList client, adding items to the T .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - by this line: + with these lines: ```CSharp - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) - .AddInMemoryTokenCaches(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddInMemoryTokenCaches(); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. @@ -280,9 +281,10 @@ Explore the sample by signing in into the TodoList client, adding items to the T 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) - .AddInMemoryTokenCaches(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) + .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) + services.AddInMemoryTokenCaches(); ``` 1. Update the `Configure` method to include **app.UseAuthentication();** before **app.UseMvc();** @@ -332,8 +334,7 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders; with ```Csharp - services.AddMicrosoftWebApi(Configuration) - .AddInMemoryTokenCaches(); + services.AddMicrosoftWebApiAuthentication(Configuration); ``` - Add the method **app.UseAuthentication()** before **app.UseMvc()** in the `Configure` method diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs index 70011649..a227d66d 100644 --- a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs +++ b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Startup.cs @@ -31,7 +31,7 @@ public void ConfigureServices(IServiceCollection services) // JwtSecurityTokenHandler.DefaultMapInboundClaims = false; // Adds Microsoft Identity platform (AAD v2.0) support to protect this Api - services.AddMicrosoftWebApi(Configuration); + services.AddMicrosoftWebApiAuthentication(Configuration); services.AddControllers(); } diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj b/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj index 77f2ae87..88490568 100644 --- a/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj +++ b/4-WebApp-your-API/4-1-MyOrg/TodoListService/TodoListService.csproj @@ -7,7 +7,7 @@ - + diff --git a/4-WebApp-your-API/4-2-B2C/Client/Startup.cs b/4-WebApp-your-API/4-2-B2C/Client/Startup.cs index 037230f3..fe4d8fc8 100644 --- a/4-WebApp-your-API/4-2-B2C/Client/Startup.cs +++ b/4-WebApp-your-API/4-2-B2C/Client/Startup.cs @@ -42,7 +42,8 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddMicrosoftWebApp(Configuration, "AzureAdB2C"); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration, "AzureAdB2C") // This is required to be instantiated before the OpenIdConnectOptions starts getting configured. // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications. @@ -52,8 +53,8 @@ public void ConfigureServices(IServiceCollection services) // Token acquisition service based on MSAL.NET // and chosen token cache implementation - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C") - .AddInMemoryTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C"); + services.AddInMemoryTokenCaches(); // Add APIs services.AddTodoListService(Configuration); diff --git a/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj b/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj index f7a36882..0390beb6 100644 --- a/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj +++ b/4-WebApp-your-API/4-2-B2C/Client/TodoListClient.csproj @@ -24,8 +24,8 @@ - - + + diff --git a/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md b/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md index 05529eb6..e8f34f04 100644 --- a/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md +++ b/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md @@ -205,9 +205,10 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present. 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) - .AddInMemoryTokenCaches(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration, "AzureAdB2C") + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C"); + services.AddInMemoryTokenCaches(); ``` ### Creating the Web API project (TodoListService) @@ -248,7 +249,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer; ```Csharp services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) - .AddMicrosoftWebApi("AzureAdB2C", Configuration, options => + .AddMicrosoftWebApi("AzureAdB2C", Configuration, options => { Configuration.Bind("AzureAdB2C", options); diff --git a/4-WebApp-your-API/4-2-B2C/README.md b/4-WebApp-your-API/4-2-B2C/README.md index 58c740ac..e2b5ca2a 100644 --- a/4-WebApp-your-API/4-2-B2C/README.md +++ b/4-WebApp-your-API/4-2-B2C/README.md @@ -183,9 +183,10 @@ NOTE: Remember, the To-Do list is stored in memory in this `TodoListService` app by this line: ```CSharp - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) - .AddInMemoryTokenCaches(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration, "AzureAdB2C") + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C"); + services.AddInMemoryTokenCaches(); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. @@ -214,9 +215,10 @@ NOTE: Remember, the To-Do list is stored in memory in this `TodoListService` app 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) - .AddInMemoryTokenCaches(); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration, "AzureAdB2C") + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C"); + services.AddInMemoryTokenCaches(); ``` 1. Update the `Configure` method to include **app.UseAuthentication();** before **app.UseMvc();** @@ -266,7 +268,8 @@ using Microsoft.Identity.Web.Client.TokenCacheProviders; with ```Csharp - services.AddMicrosoftWebApi(options => + services.AddAuthentication() + .AddMicrosoftWebApi(options => { Configuration.Bind("AzureAdB2C", options); diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs b/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs index 7d438de4..7d0453dc 100644 --- a/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs +++ b/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs @@ -34,7 +34,8 @@ public void ConfigureServices(IServiceCollection services) // JwtSecurityTokenHandler.DefaultMapInboundClaims = false; // Adds Microsoft Identity platform (AAD v2.0) support to protect this Api - services.AddMicrosoftWebApi(options => + services.AddAuthentication() + .AddMicrosoftWebApi(options => { Configuration.Bind("AzureAdB2C", options); diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj b/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj index 77f2ae87..88490568 100644 --- a/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj +++ b/4-WebApp-your-API/4-2-B2C/TodoListService/TodoListService.csproj @@ -7,7 +7,7 @@ - + diff --git a/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj b/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj index 0ef4ac31..f3cb6d91 100644 --- a/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj +++ b/5-WebApp-AuthZ/5-1-Roles/WebApp-OpenIDConnect-DotNet.csproj @@ -19,8 +19,8 @@ - - + + diff --git a/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj b/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj index 01e38933..a8b9a382 100644 --- a/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj +++ b/5-WebApp-AuthZ/5-2-Groups/WebApp-OpenIDConnect-DotNet.csproj @@ -19,8 +19,8 @@ - - + + From d35646ef0af9f68d5227bc704c0d103b02cd47d6 Mon Sep 17 00:00:00 2001 From: Jenny Ferries Date: Wed, 8 Jul 2020 11:58:19 -0700 Subject: [PATCH 04/11] more API updates w/latest build --- 1-WebApp-OIDC/1-2-AnyOrg/README.md | 4 ++-- 1-WebApp-OIDC/1-5-B2C/README.md | 2 +- .../2-1-Call-MSGraph/README.md | 10 +++----- .../2-1-Call-MSGraph/Startup.cs | 23 ++++++++----------- 2-WebApp-graph-user/2-2-TokenCache/README.md | 6 ++--- 2-WebApp-graph-user/2-2-TokenCache/Startup.cs | 7 ++---- .../2-3-Multi-Tenant/README-National-Cloud.md | 2 +- .../2-3-Multi-Tenant/README.md | 2 +- .../2-3-Multi-Tenant/Startup.cs | 8 ++----- 3-WebApp-multi-APIs/README.md | 12 ++++------ 3-WebApp-multi-APIs/Startup.cs | 10 +++----- 4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs | 16 +++---------- .../README-incremental-instructions.md | 7 +++--- 4-WebApp-your-API/4-1-MyOrg/README.md | 7 +++--- 4-WebApp-your-API/4-2-B2C/Client/Startup.cs | 16 +++---------- .../README-incremental-instructions.md | 7 +++--- .../README-incremental-instructions.md | 6 ++--- 5-WebApp-AuthZ/5-1-Roles/README.md | 4 ++-- 5-WebApp-AuthZ/5-1-Roles/Startup.cs | 9 +++----- .../README-incremental-instructions.md | 7 +++--- 5-WebApp-AuthZ/5-2-Groups/README.md | 7 +++--- 5-WebApp-AuthZ/5-2-Groups/Startup.cs | 16 +++---------- 22 files changed, 62 insertions(+), 126 deletions(-) diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README.md b/1-WebApp-OIDC/1-2-AnyOrg/README.md index 947bd155..0c6149aa 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/README.md +++ b/1-WebApp-OIDC/1-2-AnyOrg/README.md @@ -221,14 +221,14 @@ These steps are encapsulated in the [Microsoft.Identity.Web](..\..\Microsoft.Ide In order to restrict users from specific organizations from signing-in to your web app, you'll need to customize your code a bit more to restrict issuers. In Azure AD, the token issuers are the Azure AD tenants which issue tokens to applications. -In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftIdentityPlatformAuthentication(Configuration)` add some code to filter issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate. +In the `Startup.cs` file, in the `ConfigureServices` method, after `services.AddMicrosoftWebAppAuthentication(Configuration)` add some code to filter issuers by overriding the `TokenValidationParameters.IssuerValidator` delegate. ```CSharp public void ConfigureServices(IServiceCollection services) { ... // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(Configuration); + services.AddMicrosoftWebAppAuthentication(Configuration); // Restrict users to specific belonging to specific tenants services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => diff --git a/1-WebApp-OIDC/1-5-B2C/README.md b/1-WebApp-OIDC/1-5-B2C/README.md index 03ff5ee4..0d59dd13 100644 --- a/1-WebApp-OIDC/1-5-B2C/README.md +++ b/1-WebApp-OIDC/1-5-B2C/README.md @@ -130,7 +130,7 @@ Here is the middleware example: Important things to notice: -- The method `AddMicrosoftWebAppAuthenticatio` will configure the authentication based on the `MicrosoftIdentityOptions.cs` options. Feel free to bind more properties on `AzureAdB2C` section on `appsettings.json` if you need to set more options. +- The method `AddMicrosoftWebAppAuthentication` will configure the authentication based on the `MicrosoftIdentityOptions.cs` options. Feel free to bind more properties on `AzureAdB2C` section on `appsettings.json` if you need to set more options. - The urls you set for `CallbackPath` and `SignedOutCallbackPath` should be registered on the **Reply Urls** of your application, in [Azure Portal](https://portal.azure.com). ## Next steps diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/README.md b/2-WebApp-graph-user/2-1-Call-MSGraph/README.md index 8a3cf53c..036085e5 100644 --- a/2-WebApp-graph-user/2-1-Call-MSGraph/README.md +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/README.md @@ -100,13 +100,9 @@ After the following lines in the ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services) { . . . - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration) - - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); - services.AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + .AddInMemoryTokenCaches(); ``` The two new lines of code: diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs index bd1be276..e914fc61 100644 --- a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs @@ -40,17 +40,12 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration) - - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); - services.AddInMemoryTokenCaches(); - + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + .AddInMemoryTokenCaches(); /* // or use a distributed Token Cache by adding - .AddDistributedTokenCaches(); + .AddDistributedTokenCaches(); // and then choose your implementation. // See https://docs.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-2.2#distributed-memory-cache @@ -112,11 +107,11 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) app.UseEndpoints(endpoints => { - endpoints.MapControllerRoute( - name: "default", - pattern: "{controller=Home}/{action=Index}/{id?}"); - endpoints.MapRazorPages(); - }); + endpoints.MapControllerRoute( + name: "default", + pattern: "{controller=Home}/{action=Index}/{id?}"); + endpoints.MapRazorPages(); + }); } } } diff --git a/2-WebApp-graph-user/2-2-TokenCache/README.md b/2-WebApp-graph-user/2-2-TokenCache/README.md index 1f86196b..0b719e10 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/README.md +++ b/2-WebApp-graph-user/2-2-TokenCache/README.md @@ -187,10 +187,8 @@ public void ConfigureServices(IServiceCollection services) . . . services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftWebApp(Configuration) - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); - services.AddDistributedTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + .AddDistributedTokenCaches(); services.AddDistributedSqlServerCache(options => { diff --git a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs index d96a7af8..d8e660fb 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs +++ b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs @@ -53,11 +53,8 @@ dotnet tool install --global dotnet-sql-cache services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftWebApp(Configuration) - - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); - services.AddDistributedTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + .AddDistributedTokenCaches(); services.AddDistributedSqlServerCache(options => { diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md index 9744623d..00e2fde1 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md @@ -273,7 +273,7 @@ The `https://graph.microsoft.com/.default` is a static scope that allows the ten ### Custom token validation allowing only registered tenants -On the `Startup.cs` we are calling `AddMicrosoftWebApp` to configure the authentication, and within that method, we validates that the token issuer is from AAD. +On the `Startup.cs` we are calling `AddMicrosoftWebAppAuthentication` to configure the authentication, and within that method, we validates that the token issuer is from AAD. ```csharp options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate; diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md index fb68fbc2..d890d3f2 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md @@ -249,7 +249,7 @@ The `https://graph.microsoft.com/.default` is a static scope that allows the ten ### Custom token validation allowing only registered tenants -On the `Startup.cs` we are calling `AddMicrosoftWebApp` to configure the authentication, and within that method, we validates that the token issuer is from AAD. +On the `Startup.cs` we are calling `AddMicrosoftWebAppAuthentication` to configure the authentication, and within that method, we validates that the token issuer is from AAD. ```csharp options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate; diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs index 09173ce0..9ed2a324 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs @@ -85,14 +85,10 @@ public void ConfigureServices(IServiceCollection services) return Task.FromResult(0); }; }, options => - { - Configuration.Bind("AzureAD", options); - }, options => { }) - - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { GraphScope.UserReadAll }); - services.AddInMemoryTokenCaches(); + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { GraphScope.UserReadAll }) + .AddInMemoryTokenCaches(); services.AddControllersWithViews(options => { diff --git a/3-WebApp-multi-APIs/README.md b/3-WebApp-multi-APIs/README.md index df15da4b..74f271a7 100644 --- a/3-WebApp-multi-APIs/README.md +++ b/3-WebApp-multi-APIs/README.md @@ -76,19 +76,15 @@ Starting from the [previous phase of the tutorial](../../2-WebApp-graph-user/2-1 ### Update the `Startup.cs` file to enable TokenAcquisition by a MSAL.NET based service -After the following lines in the ConfigureServices(IServiceCollection services) method, after `services.AddMicrosoftWebApp(Configuration);`, add `services.AddHttpClient();`: +After the following lines in the ConfigureServices(IServiceCollection services) method, after `services.AddMicrosoftWebAppAuthentication(Configuration);`, add `services.AddHttpClient();`: ```CSharp public void ConfigureServices(IServiceCollection services) { . . . - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration) - - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); - services.AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + .AddInMemoryTokenCaches(); services.AddHttpClient(); ``` diff --git a/3-WebApp-multi-APIs/Startup.cs b/3-WebApp-multi-APIs/Startup.cs index 89c0b94d..a095557d 100644 --- a/3-WebApp-multi-APIs/Startup.cs +++ b/3-WebApp-multi-APIs/Startup.cs @@ -42,13 +42,9 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration) - - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }); - services.AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + .AddInMemoryTokenCaches(); // Add APIs services.AddGraphService(Configuration); diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs b/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs index 2bca975a..22b48d7f 100644 --- a/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs +++ b/4-WebApp-your-API/4-1-MyOrg/Client/Startup.cs @@ -43,19 +43,9 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration) - - // This is required to be instantiated before the OpenIdConnectOptions starts getting configured. - // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications. - // 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles' - // This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token - // JwtSecurityTokenHandler.DefaultMapInboundClaims = false; - - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }); - services.AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }) + .AddInMemoryTokenCaches(); // Add APIs services.AddTodoListService(Configuration); diff --git a/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md b/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md index 144fb1b1..15a1acdf 100644 --- a/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md +++ b/4-WebApp-your-API/4-1-MyOrg/README-incremental-instructions.md @@ -208,10 +208,9 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present. 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) - services.AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }) + .AddInMemoryTokenCaches(); ``` ### Creating the Web API project (TodoListService) diff --git a/4-WebApp-your-API/4-1-MyOrg/README.md b/4-WebApp-your-API/4-1-MyOrg/README.md index cd9144bc..a353555d 100644 --- a/4-WebApp-your-API/4-1-MyOrg/README.md +++ b/4-WebApp-your-API/4-1-MyOrg/README.md @@ -249,10 +249,9 @@ Explore the sample by signing in into the TodoList client, adding items to the T with these lines: ```CSharp - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(new string[] { Configuration["TodoList:TodoListScope"] }) - services.AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }) + .AddInMemoryTokenCaches(); ``` This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. diff --git a/4-WebApp-your-API/4-2-B2C/Client/Startup.cs b/4-WebApp-your-API/4-2-B2C/Client/Startup.cs index fe4d8fc8..3a4bd3bd 100644 --- a/4-WebApp-your-API/4-2-B2C/Client/Startup.cs +++ b/4-WebApp-your-API/4-2-B2C/Client/Startup.cs @@ -42,19 +42,9 @@ public void ConfigureServices(IServiceCollection services) services.AddOptions(); - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration, "AzureAdB2C") - - // This is required to be instantiated before the OpenIdConnectOptions starts getting configured. - // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications. - // 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles' - // This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token - // JwtSecurityTokenHandler.DefaultMapInboundClaims = false; - - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C"); - services.AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAdB2C") + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C") + .AddInMemoryTokenCaches(); // Add APIs services.AddTodoListService(Configuration); diff --git a/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md b/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md index e8f34f04..d9265b86 100644 --- a/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md +++ b/4-WebApp-your-API/4-2-B2C/README-incremental-instructions.md @@ -205,10 +205,9 @@ Add a reference to the `Microsoft.Identity.Web` library if not already present. 1. Update the `configureServices` method in `startup.cs` to add the MSAL library and a token cache. ```CSharp - services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) - .AddMicrosoftWebApp(Configuration, "AzureAdB2C") - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C"); - services.AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAdB2C") + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Configuration["TodoList:TodoListScope"] }, configSectionName: "AzureAdB2C") + .AddInMemoryTokenCaches(); ``` ### Creating the Web API project (TodoListService) diff --git a/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md b/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md index dd5461d6..7a5b64b5 100644 --- a/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md +++ b/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md @@ -212,9 +212,9 @@ The following files have the code that would be of interest to you. .AddAzureAD(options => Configuration.Bind("AzureAd", options)); //This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. - services.AddMicrosoftWebApp(Configuration) - .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) // Adds support for the MSAL library with the permissions necessary to retrieve the signed-in user's group info in case of a token overage - .AddInMemoryTokenCaches(); // Adds aspnetcore MemoryCache as Token cache provider for MSAL. + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + .AddInMemoryTokenCaches(); // Adds aspnetcore MemoryCache as Token cache provider for MSAL. services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app. diff --git a/5-WebApp-AuthZ/5-1-Roles/README.md b/5-WebApp-AuthZ/5-1-Roles/README.md index dd0c5ae9..d9bef5e3 100644 --- a/5-WebApp-AuthZ/5-1-Roles/README.md +++ b/5-WebApp-AuthZ/5-1-Roles/README.md @@ -295,8 +295,8 @@ This project was created using the following command. // by these lines: //This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. - services.AddMicrosoftIdentityPlatformAuthentication(Configuration) - .AddMsal(Configuration, new string[] { "User.Read" }) + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) .AddInMemoryTokenCaches(); // Adds aspnetcore MemoryCache as Token cache provider for MSAL. services.AddGraphService(Configuration); // Adds the IMSGraphService as an available service for this app. diff --git a/5-WebApp-AuthZ/5-1-Roles/Startup.cs b/5-WebApp-AuthZ/5-1-Roles/Startup.cs index 566acbb3..832f8bbd 100644 --- a/5-WebApp-AuthZ/5-1-Roles/Startup.cs +++ b/5-WebApp-AuthZ/5-1-Roles/Startup.cs @@ -48,12 +48,9 @@ public void ConfigureServices(IServiceCollection services) // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(Configuration); - - // Token acquisition service based on MSAL.NET - // and chosen token cache implementation - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) - .AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) + .AddInMemoryTokenCaches(); // Add Graph services.AddGraphService(Configuration); diff --git a/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md b/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md index efddc49f..3b763a6a 100644 --- a/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md +++ b/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md @@ -242,10 +242,9 @@ The following files have the code that would be of interest to you: - by these lines: ```CSharp - services.AddMicrosoftWebApp(Configuration); - - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) - .AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) + .AddInMemoryTokenCaches(); services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app. ``` diff --git a/5-WebApp-AuthZ/5-2-Groups/README.md b/5-WebApp-AuthZ/5-2-Groups/README.md index 8c82bea7..4dd737f6 100644 --- a/5-WebApp-AuthZ/5-2-Groups/README.md +++ b/5-WebApp-AuthZ/5-2-Groups/README.md @@ -352,10 +352,9 @@ The following files have the code that would be of interest to you: - by these lines: ```CSharp - services.AddMicrosoftWebApp(Configuration); - - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) - .AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) + .AddInMemoryTokenCaches(); services.AddMSGraphService(Configuration); // Adds the IMSGraphService as an available service for this app. ``` diff --git a/5-WebApp-AuthZ/5-2-Groups/Startup.cs b/5-WebApp-AuthZ/5-2-Groups/Startup.cs index 1321a0b9..b161e6d5 100644 --- a/5-WebApp-AuthZ/5-2-Groups/Startup.cs +++ b/5-WebApp-AuthZ/5-2-Groups/Startup.cs @@ -36,19 +36,9 @@ public void ConfigureServices(IServiceCollection services) }); // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebApp(Configuration); - - // If you want to use group ids/names in the Authorize attribute then uncomment the following lines: - //services.Configure(options => - //{ - // // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole() - // // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info. - // // Use the groups claim for populating roles - // options.TokenValidationParameters.RoleClaimType = "groups"; - //}); - - services.AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) - .AddInMemoryTokenCaches(); + services.AddMicrosoftWebAppAuthentication(Configuration) + .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) + .AddInMemoryTokenCaches(); services.AddMSGraphService(Configuration); From 475475f8341dd5fbeeb6c81c92363852509624b1 Mon Sep 17 00:00:00 2001 From: jennyf19 Date: Thu, 9 Jul 2020 08:55:28 -0700 Subject: [PATCH 05/11] Update 2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md Co-authored-by: Jean-Marc Prieur --- .../2-2-TokenCache/README-incremental-instructions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md b/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md index a2dd9b23..7061a119 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md +++ b/2-WebApp-graph-user/2-2-TokenCache/README-incremental-instructions.md @@ -96,7 +96,7 @@ public void ConfigureServices(IServiceCollection services) . . . // Token acquisition service based on MSAL.NET // and the Sql server based token cache implementation - services.AddMicrosoftIdentityPlatformAuthentication(Configuration) + services.AddMicrosoftWebAppAuthentication(Configuration) .AddMicrosoftWebAppCallsWebApi(new string[] { Constants.ScopeUserRead }) .AddSqlAppTokenCache(Configuration) .AddSqlPerUserTokenCache(Configuration); From 651618cdddb7a5302ef6f0c59c622c394c01d39a Mon Sep 17 00:00:00 2001 From: Jenny Ferries Date: Sun, 12 Jul 2020 20:23:11 -0700 Subject: [PATCH 06/11] re-add removed comment --- 5-WebApp-AuthZ/5-2-Groups/Startup.cs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/5-WebApp-AuthZ/5-2-Groups/Startup.cs b/5-WebApp-AuthZ/5-2-Groups/Startup.cs index b161e6d5..f24900de 100644 --- a/5-WebApp-AuthZ/5-2-Groups/Startup.cs +++ b/5-WebApp-AuthZ/5-2-Groups/Startup.cs @@ -38,6 +38,16 @@ public void ConfigureServices(IServiceCollection services) // Sign-in users with the Microsoft identity platform services.AddMicrosoftWebAppAuthentication(Configuration) .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) + + // If you want to use group ids/names in the Authorize attribute then uncomment the following lines: + //services.Configure(options => + // { + // // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole() + // // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info. + // // Use the groups claim for populating roles + // options.TokenValidationParameters.RoleClaimType = "groups"; + // }) + .AddInMemoryTokenCaches(); services.AddMSGraphService(Configuration); From 328366eb0f8d8f6f278c575fe1d6a8c7a5610f49 Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Mon, 13 Jul 2020 14:30:42 +0200 Subject: [PATCH 07/11] Updating the instructions to create the token cache database (as the appsettings.json and the Startup.cs were inconsistent) --- .../2-2-TokenCache/Properties/serviceDependencies.json | 7 +++++++ .../Properties/serviceDependencies.local.json | 7 +++++++ 2-WebApp-graph-user/2-2-TokenCache/Startup.cs | 7 +++++-- 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.json create mode 100644 2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.local.json diff --git a/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.json b/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.local.json b/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/2-WebApp-graph-user/2-2-TokenCache/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs index d8e660fb..bd5ab73a 100644 --- a/2-WebApp-graph-user/2-2-TokenCache/Startup.cs +++ b/2-WebApp-graph-user/2-2-TokenCache/Startup.cs @@ -47,8 +47,11 @@ public void ConfigureServices(IServiceCollection services) // NOTE : This is a one time use method. We advise using it in development environments to create the tables required to enable token caching. // For production deployments, preferably, generate the schema from the tables generated in dev environments and use it to create the necessary tables in production. /* - dotnet tool install --global dotnet-sql-cache - dotnet sql-cache create "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=MsalTokenCacheDatabase;Integrated Security=True;" dbo TokenCache + * 1. For instance in Visual Studio, open the SQL Server Object explorer, then (localdb)\MSSQLLocalDB, then databases + * 2. Right click on Databases and select "Add New database", and then choose the name of the database: 'MsalTokenCacheDatabase' + * 3. In the console application run the 2 following commands: + dotnet tool install --global dotnet-sql-cache + dotnet sql-cache create "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=MsalTokenCacheDatabase;Integrated Security=True;" dbo TokenCache */ services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) From f2416374335f0e725d0dd7a40ac0238b1a693ba1 Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Mon, 13 Jul 2020 16:01:32 +0200 Subject: [PATCH 08/11] Adding the authentication scheme for the Web API otherwise by default this will be OpenIdConnect --- 4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs b/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs index 7d0453dc..03ca6f21 100644 --- a/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs +++ b/4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs @@ -34,14 +34,14 @@ public void ConfigureServices(IServiceCollection services) // JwtSecurityTokenHandler.DefaultMapInboundClaims = false; // Adds Microsoft Identity platform (AAD v2.0) support to protect this Api - services.AddAuthentication() + services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddMicrosoftWebApi(options => { Configuration.Bind("AzureAdB2C", options); options.TokenValidationParameters.NameClaimType = "name"; }, - options => { Configuration.Bind("AzureAdB2C", options); }); + options => { Configuration.Bind("AzureAdB2C", options); }); services.AddControllers(); services.AddAuthorization(options => From 66ee9746b1c359a19df6292b4272867cc9cf7ad9 Mon Sep 17 00:00:00 2001 From: pmaytak <34331512+pmaytak@users.noreply.github.com> Date: Sun, 12 Jul 2020 23:49:35 -0700 Subject: [PATCH 09/11] Doc updates. --- .../README-incremental-instructions.md | 42 +++++++++---------- 5-WebApp-AuthZ/5-1-Roles/README.md | 29 +++++++------ .../README-incremental-instructions.md | 6 +-- 5-WebApp-AuthZ/5-2-Groups/README.md | 14 +++---- 5-WebApp-AuthZ/5-2-Groups/Startup.cs | 7 ++++ 5 files changed, 55 insertions(+), 43 deletions(-) diff --git a/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md b/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md index 7a5b64b5..c48004ce 100644 --- a/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md +++ b/5-WebApp-AuthZ/5-1-Roles/README-incremental-instructions.md @@ -154,12 +154,12 @@ When you click on the page that fetches the signed-in user's roles and group ass ### Support in ASP.NET Core middleware libraries -The asp.net middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`. +The ASP.NET middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`. ```CSharp // Startup.cs -public static IServiceCollection AddMicrosoftWebApp(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null) +public void ConfigureServices(IServiceCollection services) { // [removed for brevity] @@ -171,7 +171,7 @@ public static IServiceCollection AddMicrosoftWebApp(this IServiceCollection serv // The following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the Authorize attribute and User.IsInrole() // See https://docs.microsoft.com/aspnet/core/security/authorization/roles?view=aspnetcore-2.2 for more info. - services.Configure(AzureADDefaults.OpenIdScheme, options => + services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => { // Use the groups claim for populating roles options.TokenValidationParameters.RoleClaimType = "roles"; @@ -183,7 +183,8 @@ public static IServiceCollection AddMicrosoftWebApp(this IServiceCollection serv options.AddPolicy(AuthorizationPolicies.AssignmentToUserReaderRoleRequired, policy => policy.RequireRole(AppRole.UserReaders)); options.AddPolicy(AuthorizationPolicies.AssignmentToDirectoryViewerRoleRequired, policy => policy.RequireRole(AppRole.DirectoryViewers)); }); - // [removed for brevity] + + // [removed for brevity] } // In code..(Controllers & elsewhere) @@ -198,19 +199,14 @@ The following files have the code that would be of interest to you. 1. HomeController.cs 1. Passes the **HttpContext.User** (the signed-in user) to the view. -1 Services\GraphServiceClientFactory.cs +1. Services\GraphServiceClientFactory.cs 1. Uses the [Microsoft Graph SDK](https://github.com/microsoftgraph/msgraph-sdk-dotnet) to carry out various operations with [Microsoft Graph](https://graph.microsoft.com). 1. Home\Index.cshtml 1. This has some code to print the current user's claims -1. Startup.cs - 1. In the `ConfigureServices` method of `Startup.cs', add the following lines: ```CSharp - services.AddAuthentication(AzureADDefaults.AuthenticationScheme) - .AddAzureAD(options => Configuration.Bind("AzureAd", options)); - //This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. services.AddMicrosoftWebAppAuthentication(Configuration) .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) @@ -225,19 +221,15 @@ The following files have the code that would be of interest to you. JwtSecurityTokenHandler.DefaultMapInboundClaims = false; ``` -1. In the `HomeController.cs`, the following method is added with the `Authorize` attribute with the name of the app role **UserReaders**, that permits listing of users in the tenant. - - ```CSharp - [Authorize(Policy = AuthorizationPolicies.AssignmentToDirectoryViewerRoleRequired)] - public async Task Users() - { - ``` - -1. In the `ConfigureServices` method of `Startup.cs', the following line instructs the asp.net security middleware to use the **roles** claim to fetch roles for authorization: +1. In the `ConfigureServices` method of `Startup.cs', the following lines instruct the ASP.NET security middleware to use the **roles** claim to fetch roles for authorization: ```CSharp - // The claim in the Jwt token where App roles are available. - options.TokenValidationParameters.RoleClaimType = "roles"; + // Add this configuration after the call to `AddMicrosoftWebAppAuthentication`. + services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => + { + // The claim in the JWT token where App roles are available. + options.TokenValidationParameters.RoleClaimType = "roles"; + }); // Adding authorization policies that enforce authorization using Azure AD roles. services.AddAuthorization(options => @@ -247,6 +239,14 @@ The following files have the code that would be of interest to you. }); ``` +1. In the `HomeController.cs`, the following method is added with the `Authorize` attribute with the name of the app role **UserReaders**, that permits listing of users in the tenant. + + ```CSharp + [Authorize(Policy = AuthorizationPolicies.AssignmentToDirectoryViewerRoleRequired)] + public async Task Users() + { + ``` + 1. A new class called `AccountController.cs` is introduced. This contains the code to intercept the default AccessDenied error's route and present the user with an option to sign-out and sign-back in with a different account that has access to the required role. ```CSharp diff --git a/5-WebApp-AuthZ/5-1-Roles/README.md b/5-WebApp-AuthZ/5-1-Roles/README.md index d9bef5e3..434b4b68 100644 --- a/5-WebApp-AuthZ/5-1-Roles/README.md +++ b/5-WebApp-AuthZ/5-1-Roles/README.md @@ -229,12 +229,12 @@ When you click on the page that fetches the signed-in user's roles and group ass ### Support in ASP.NET Core middleware libraries -The asp.net middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`. +The ASP.NET middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`. ```CSharp // Startup.cs -public static IServiceCollection AddMicrosoftWebApp(this IServiceCollection services, IConfiguration configuration, X509Certificate2 tokenDecryptionCertificate = null) +public void ConfigureServices(IServiceCollection services) { // [removed for] brevity @@ -246,7 +246,7 @@ public static IServiceCollection AddMicrosoftWebApp(this IServiceCollection serv // The following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the Authorize attribute and User.IsInrole() // See https://docs.microsoft.com/aspnet/core/security/authorization/roles?view=aspnetcore-2.2 for more info. - services.Configure(AzureADDefaults.OpenIdScheme, options => + services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => { // Use the groups claim for populating roles options.TokenValidationParameters.RoleClaimType = "roles"; @@ -258,7 +258,8 @@ public static IServiceCollection AddMicrosoftWebApp(this IServiceCollection serv options.AddPolicy(AuthorizationPolicies.AssignmentToUserReaderRoleRequired, policy => policy.RequireRole(AppRole.UserReaders)); options.AddPolicy(AuthorizationPolicies.AssignmentToDirectoryViewerRoleRequired, policy => policy.RequireRole(AppRole.DirectoryViewers)); }); - // [removed for] brevity + + // [removed for] brevity } // In code..(Controllers & elsewhere) @@ -286,14 +287,14 @@ This project was created using the following command. 1. Add a reference from your newly generated project to `Microsoft.Identity.Web` (right click on the **Dependencies** node under your new project, and choose **Add Reference ...**, and then in the projects tab find the `Microsoft.Identity.Web` project) 1. Open the **Startup.cs** file and: - - in the `ConfigureServices` method, the following lines have been replaced : + - in the `ConfigureServices` method, the following lines: ```CSharp services.AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureAD(options => Configuration.Bind("AzureAd", options)); - - // by these lines: - + ``` + have been replaced by these lines: + ```CSharp //This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. services.AddMicrosoftWebAppAuthentication(Configuration) .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.ScopeUserRead }) @@ -302,7 +303,7 @@ This project was created using the following command. services.AddGraphService(Configuration); // Adds the IMSGraphService as an available service for this app. ``` -1. In the `ConfigureServices` method of `Startup.cs', add the following line: +1. In the `ConfigureServices` method of `Startup.cs', add the following lines: ```CSharp // This is required to be instantiated before the OpenIdConnectOptions starts getting configured. @@ -319,11 +320,15 @@ This project was created using the following command. }); ``` -1. In the `ConfigureServices` method of `Startup.cs', the following line instructs the asp.net security middleware to use the **roles** claim to fetch roles for authorization: +1. In the `ConfigureServices` method of `Startup.cs', the following lines instruct the ASP.NET security middleware to use the **roles** claim to fetch roles for authorization. ```CSharp - // The claim in the Jwt token where App roles are available. - options.TokenValidationParameters.RoleClaimType = "roles"; + // Add this configuration after the call to `AddMicrosoftWebAppAuthentication`. + services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => + { + // The claim in the JWT token where App roles are available. + options.TokenValidationParameters.RoleClaimType = "roles"; + }); ``` 1. In the `HomeController.cs`, the following method is added with the `Authorize` attribute with the name of the policy that enforces that the signed-in user is present in the app role **UserReaders**, that permits listing of users in the tenant. diff --git a/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md b/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md index 3b763a6a..cfda58dd 100644 --- a/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md +++ b/5-WebApp-AuthZ/5-2-Groups/README-incremental-instructions.md @@ -218,7 +218,7 @@ The following files have the code that would be of interest to you: 1. Passes the **HttpContext.User** (the signed-in user) to the view. 1. UserProfileController.cs 1. Uses the **IMSGraphService** methods to fetch the signed-in user's group memberships. -1 IMSGraphService.cs, MSGraphService.cs and UserGroupsAndDirectoryRoles.cs +1. IMSGraphService.cs, MSGraphService.cs and UserGroupsAndDirectoryRoles.cs 1. Uses the [Microsoft Graph SDK](https://github.com/microsoftgraph/msgraph-sdk-dotnet) to carry out various operations with [Microsoft Graph](https://graph.microsoft.com). 1. Home\Index.cshtml 1. This has some code to print the current user's claims @@ -232,14 +232,14 @@ The following files have the code that would be of interest to you: using Microsoft.Identity.Web; ``` - - in the `ConfigureServices` method, the following lines have been replaced : + - in the `ConfigureServices` method, the following lines: ```CSharp services.AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - - by these lines: + - have been replaced by these lines:: ```CSharp services.AddMicrosoftWebAppAuthentication(Configuration) diff --git a/5-WebApp-AuthZ/5-2-Groups/README.md b/5-WebApp-AuthZ/5-2-Groups/README.md index 4dd737f6..ffa864ad 100644 --- a/5-WebApp-AuthZ/5-2-Groups/README.md +++ b/5-WebApp-AuthZ/5-2-Groups/README.md @@ -232,8 +232,8 @@ The object id of the security groups the signed in user is member of is returned ### Support in ASP.NET Core middleware libraries -The asp.net middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`. -Since the `groups` claim contains the object ids of the security groups than actual names by default, you'd use the group id's instead of group names. See [Role-based authorization in ASP.NET Core](https://docs.microsoft.com/aspnet/core/security/authorization/roles) for more info. +The ASP.NET middleware supports roles populated from claims by specifying the claim in the `RoleClaimType` property of `TokenValidationParameters`. +Since the `groups` claim contains the object IDs of the security groups than actual names by default, you'd use the group ID's instead of group names. See [Role-based authorization in ASP.NET Core](https://docs.microsoft.com/aspnet/core/security/authorization/roles) for more info. ```CSharp // Startup.cs @@ -328,7 +328,7 @@ The following files have the code that would be of interest to you: 1. Passes the **HttpContext.User** (the signed-in user) to the view. 1. UserProfileController.cs 1. Uses the **IMSGraphService** methods to fetch the signed-in user's group memberships. -1 IMSGraphService.cs, MSGraphService.cs and UserGroupsAndDirectoryRoles.cs +1. IMSGraphService.cs, MSGraphService.cs and UserGroupsAndDirectoryRoles.cs 1. Uses the [Microsoft Graph SDK](https://github.com/microsoftgraph/msgraph-sdk-dotnet) to carry out various operations with [Microsoft Graph](https://graph.microsoft.com). 1. Home\Index.cshtml 1. This has some code to print the current user's claims @@ -342,16 +342,16 @@ The following files have the code that would be of interest to you: using Microsoft.Identity.Web; ``` - - in the `ConfigureServices` method, the following lines have been replaced : + - in the `ConfigureServices` method, the following lines: ```CSharp services.AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - - by these lines: - - ```CSharp + - have been replaced by these lines: + - + ```CSharp services.AddMicrosoftWebAppAuthentication(Configuration) .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) .AddInMemoryTokenCaches(); diff --git a/5-WebApp-AuthZ/5-2-Groups/Startup.cs b/5-WebApp-AuthZ/5-2-Groups/Startup.cs index b161e6d5..d58295bc 100644 --- a/5-WebApp-AuthZ/5-2-Groups/Startup.cs +++ b/5-WebApp-AuthZ/5-2-Groups/Startup.cs @@ -42,6 +42,13 @@ public void ConfigureServices(IServiceCollection services) services.AddMSGraphService(Configuration); + services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => { + // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole() + // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info. + // Use the groups claim for populating roles + options.TokenValidationParameters.RoleClaimType = "groups"; + }); + services.AddControllersWithViews(options => { var policy = new AuthorizationPolicyBuilder() From aab6942ca18a83fadf374339fbeb7a6366bf01be Mon Sep 17 00:00:00 2001 From: Jennyf19 Date: Mon, 13 Jul 2020 12:51:31 -0700 Subject: [PATCH 10/11] remove options --- 2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs | 2 -- 1 file changed, 2 deletions(-) diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs index 9ed2a324..c29fc071 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs @@ -84,8 +84,6 @@ public void ConfigureServices(IServiceCollection services) return Task.FromResult(0); }; - }, options => - { }) .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { GraphScope.UserReadAll }) .AddInMemoryTokenCaches(); From 3a45878280c28692a360b680cdcceba9aae04ca1 Mon Sep 17 00:00:00 2001 From: Jennyf19 Date: Mon, 13 Jul 2020 13:43:51 -0700 Subject: [PATCH 11/11] re-add comment that got lost in changes --- 5-WebApp-AuthZ/5-2-Groups/Startup.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/5-WebApp-AuthZ/5-2-Groups/Startup.cs b/5-WebApp-AuthZ/5-2-Groups/Startup.cs index b4f99296..85107a21 100644 --- a/5-WebApp-AuthZ/5-2-Groups/Startup.cs +++ b/5-WebApp-AuthZ/5-2-Groups/Startup.cs @@ -39,7 +39,7 @@ public void ConfigureServices(IServiceCollection services) services.AddMicrosoftWebAppAuthentication(Configuration) .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) - // If you want to use group ids/names in the Authorize attribute then uncomment the following lines: + // If you want to use group ids/names in the Authorize attribute then uncomment the following lines: //services.Configure(options => // { // // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole()