From 02e429ec96b9f91bf3e910ff50403b5c164914e1 Mon Sep 17 00:00:00 2001 From: pmaytak <34331512+pmaytak@users.noreply.github.com> Date: Mon, 13 Jul 2020 19:43:41 -0700 Subject: [PATCH 1/3] Add user secrets config. --- .../1-1-MyOrg/Properties/serviceDependencies.json | 7 +++++++ .../1-1-MyOrg/Properties/serviceDependencies.local.json | 7 +++++++ .../1-2-AnyOrg/Properties/serviceDependencies.json | 7 +++++++ .../1-2-AnyOrg/Properties/serviceDependencies.local.json | 7 +++++++ .../Properties/serviceDependencies.json | 7 +++++++ .../Properties/serviceDependencies.local.json | 7 +++++++ 1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.json | 7 +++++++ .../1-5-B2C/Properties/serviceDependencies.local.json | 7 +++++++ .../2-1-Call-MSGraph/Properties/serviceDependencies.json | 7 +++++++ .../Properties/serviceDependencies.local.json | 7 +++++++ 3-WebApp-multi-APIs/Properties/serviceDependencies.json | 7 +++++++ .../Properties/serviceDependencies.local.json | 7 +++++++ .../4-1-MyOrg/Client/Properties/serviceDependencies.json | 7 +++++++ .../Client/Properties/serviceDependencies.local.json | 7 +++++++ .../TodoListService/Properties/serviceDependencies.json | 7 +++++++ .../Properties/serviceDependencies.local.json | 7 +++++++ .../4-2-B2C/Client/Properties/serviceDependencies.json | 7 +++++++ .../Client/Properties/serviceDependencies.local.json | 7 +++++++ .../TodoListService/Properties/serviceDependencies.json | 7 +++++++ .../Properties/serviceDependencies.local.json | 7 +++++++ .../5-1-Roles/Properties/serviceDependencies.json | 7 +++++++ .../5-1-Roles/Properties/serviceDependencies.local.json | 7 +++++++ .../5-2-Groups/Properties/serviceDependencies.json | 7 +++++++ .../5-2-Groups/Properties/serviceDependencies.local.json | 7 +++++++ 24 files changed, 168 insertions(+) create mode 100644 1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.json create mode 100644 1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.local.json create mode 100644 1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.json create mode 100644 1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.local.json create mode 100644 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.json create mode 100644 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.local.json create mode 100644 1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.json create mode 100644 1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.local.json create mode 100644 2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.json create mode 100644 2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.local.json create mode 100644 3-WebApp-multi-APIs/Properties/serviceDependencies.json create mode 100644 3-WebApp-multi-APIs/Properties/serviceDependencies.local.json create mode 100644 4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.json create mode 100644 4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.local.json create mode 100644 4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.json create mode 100644 4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.local.json create mode 100644 4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.json create mode 100644 4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.local.json create mode 100644 4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.json create mode 100644 4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.local.json create mode 100644 5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.json create mode 100644 5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.local.json create mode 100644 5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.json create mode 100644 5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.local.json diff --git a/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.json b/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.local.json b/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.json b/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.local.json b/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.json b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.local.json b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.json b/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.local.json b/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.json b/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.local.json b/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/3-WebApp-multi-APIs/Properties/serviceDependencies.json b/3-WebApp-multi-APIs/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/3-WebApp-multi-APIs/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/3-WebApp-multi-APIs/Properties/serviceDependencies.local.json b/3-WebApp-multi-APIs/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/3-WebApp-multi-APIs/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.json b/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.local.json b/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.json b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.local.json b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.json b/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.local.json b/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.json b/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.local.json b/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.json b/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.local.json b/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file diff --git a/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.json b/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.json new file mode 100644 index 00000000..a4e7aa3d --- /dev/null +++ b/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets" + } + } +} \ No newline at end of file diff --git a/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.local.json b/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.local.json new file mode 100644 index 00000000..09b109bc --- /dev/null +++ b/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.local.json @@ -0,0 +1,7 @@ +{ + "dependencies": { + "secrets1": { + "type": "secrets.user" + } + } +} \ No newline at end of file From d8216d3c4b81712412d9f6b32a90d95cde99a82d Mon Sep 17 00:00:00 2001 From: pmaytak <34331512+pmaytak@users.noreply.github.com> Date: Mon, 13 Jul 2020 23:01:06 -0700 Subject: [PATCH 2/3] Fix Startup.cs in 5-2. --- 5-WebApp-AuthZ/5-2-Groups/Startup.cs | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/5-WebApp-AuthZ/5-2-Groups/Startup.cs b/5-WebApp-AuthZ/5-2-Groups/Startup.cs index 85107a21..dc704597 100644 --- a/5-WebApp-AuthZ/5-2-Groups/Startup.cs +++ b/5-WebApp-AuthZ/5-2-Groups/Startup.cs @@ -38,24 +38,13 @@ public void ConfigureServices(IServiceCollection services) // Sign-in users with the Microsoft identity platform services.AddMicrosoftWebAppAuthentication(Configuration) .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" }) - - // If you want to use group ids/names in the Authorize attribute then uncomment the following lines: - //services.Configure(options => - // { - // // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole() - // // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info. - // // Use the groups claim for populating roles - // options.TokenValidationParameters.RoleClaimType = "groups"; - // }) - .AddInMemoryTokenCaches(); services.AddMSGraphService(Configuration); services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => { - // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole() + // The following code instructs the ASP.NET Core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInRole() // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info. - // Use the groups claim for populating roles options.TokenValidationParameters.RoleClaimType = "groups"; }); From 4290b59e4afff5ba82660f5abea4e4039f65ae86 Mon Sep 17 00:00:00 2001 From: pmaytak <34331512+pmaytak@users.noreply.github.com> Date: Mon, 13 Jul 2020 23:48:25 -0700 Subject: [PATCH 3/3] ReadMe updates. --- 1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md | 13 +++++++------ 1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md | 10 ++++------ .../2-3-Multi-Tenant/README-National-Cloud.md | 6 +++--- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md index 87d30543..e02b642e 100644 --- a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md +++ b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md @@ -64,12 +64,13 @@ In the `Startup.cs` file, in the `ConfigureServices` method, after `services.Add { ... // Sign-in users with the Microsoft identity platform - services.AddMicrosoftWebAppAuthentication(Configuration, options => - { - Configuration.Bind("AzureAd", options); - // Restrict users to specific belonging to specific tenants - options.TokenValidationParameters.IssuerValidator = ValidateSpecificIssuers; - }, options => Configuration.Bind("AzureAd", options)); + services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(options => + { + Configuration.Bind("AzureAd", options); + // Restrict users to specific belonging to specific tenants + options.TokenValidationParameters.IssuerValidator = ValidateSpecificIssuers; + }); ... ``` diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md index 51c891ff..589bbdc2 100644 --- a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md +++ b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md @@ -147,17 +147,15 @@ In the **appsettings.json** file: .AddAzureAD(options => Configuration.Bind("AzureAd", options)); ``` - by this line: + - by this line: ```CSharp - - services.AddMicrosoftWebAppAuthentication(Configuration); - + services.AddMicrosoftWebAppAuthentication(Configuration); ``` - This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. + This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts. - 1. Change the `Properties\launchSettings.json` file to ensure that you start your web app from as registered. For this: +1. Change the `Properties\launchSettings.json` file to ensure that you start your web app from as registered. For this: - update the `sslPort` of the `iisSettings` section to be `44321` - in the `applicationUrl` property of use `https://localhost:44321` diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md index 00e2fde1..aea3a22e 100644 --- a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md +++ b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md @@ -236,8 +236,8 @@ These steps are encapsulated in the [Microsoft.Identity.Web](..\..\Microsoft.Ide In order to be able to sign-in users from multiple tenants, the [/common endpoint](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-your-code-to-send-requests-to-common) must be used. In the sample, this endpoint is used as a result of setting the value for `TenantId` as `organizations` on the `appsettings.json` file, and configuring the middleware to read the values from it. ```csharp -services.AddAuthentication(AzureADDefaults.AuthenticationScheme) - .AddAzureAD(options => configuration.Bind(configSectionName, options)); +services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) + .AddMicrosoftWebApp(Configuration) ``` You can read about the various endpoints of the Microsoft Identity Platform [here](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols#endpoints). @@ -282,7 +282,7 @@ options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuer To extend this validation to only Azure AD tenants registered in the application database, the event handler `OnTokenValidated` was configured to grab the `tenantId` from the token claims and check if it has an entry on the database. If it doesn't, a custom exception `UnauthorizedTenantException` is thrown, canceling the authentication, and the user is redirected to the `UnauthorizedTenant` view. At this stage, the user is not authenticated in the application. ```csharp -services.Configure(AzureADDefaults.OpenIdScheme, options => +services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options => { options.Events.OnTokenValidated = async context => {