reverting certificates CsharpConfigurations support, Automated Deply function

Author: aremo-ms

4-WebApp-your-API/4-1-MyOrg/AppCreationScripts-withCert/Cleanup.ps1

@@ -1,4 +1,4 @@
-
+
 [CmdletBinding()]
 param(    
     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
@@ -103,7 +103,7 @@ Function Cleanup
     }
      # remove self-signed certificate
      Write-Host "Removing CN=TodoListClient-aspnetcore-webapi certificate from Cert:/CurrentUser/My"
-     Get-ChildItem -Path Cert:/CurrentUser/My | where { $_.subject -eq "CN=TodoListClient-aspnetcore-webapi" } | Remove-Item
+     Get-ChildItem -Path Cert:\CurrentUser\My | where { $_.subject -eq "CN=TodoListClient-aspnetcore-webapi" } | Remove-Item
 }
 
 if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Applications")) { 
@@ -117,4 +117,3 @@ Cleanup -tenantId $tenantId -environment $azureEnvironmentName
 
 Write-Host "Disconnecting from tenant"
 Disconnect-MgGraph
-

4-WebApp-your-API/4-1-MyOrg/AppCreationScripts-withCert/Configure.ps1

@@ -1,4 +1,4 @@
-
+
 [CmdletBinding()]
 param(
     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
@@ -170,8 +170,6 @@ Function CreateOptionalClaim([string] $name)
 
 Function ConfigureApplications
 {
-    $isOpenSSl = 'N' #temporary disable open certificate creation 
-
     <#.Description
        This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
        configuration files in the client and service project  of the visual studio solution (App.Config and Web.Config)
@@ -199,19 +197,19 @@ Function ConfigureApplications
 
    # create the application 
    $serviceAadApplication = New-MgApplication -DisplayName "TodoListService-aspnetcore-webapi" `
-                                                           -Web `
-                                                           @{ `
+                                                       -Web `
+                                                       @{ `
                                                            HomePageUrl = "https://localhost:44351"; `
-                                                               } `
-                                                           -Api `
-                                                           @{ `
-                                                               RequestedAccessTokenVersion = 2 `
-                                                           } `
-                                                       -SignInAudience AzureADMyOrg `
+                                                         } `
+                                                         -Api `
+                                                         @{ `
+                                                            RequestedAccessTokenVersion = 2 `
+                                                         } `
+                                                        -SignInAudience AzureADMyOrg `
                                                        #end of command
     $serviceIdentifierUri = 'api://'+$serviceAadApplication.AppId
     Update-MgApplication -ApplicationId $serviceAadApplication.Id -IdentifierUris @($serviceIdentifierUri)
-
+    
     # create the service principal of the newly created application 
     $currentAppId = $serviceAadApplication.AppId
     $serviceServicePrincipal = New-MgServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
@@ -224,7 +222,6 @@ Function ConfigureApplications
         Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($serviceServicePrincipal.DisplayName)'"
     }
 
-
     # Add Claims
 
     $optionalClaims = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphOptionalClaims
@@ -254,16 +251,16 @@ Function ConfigureApplications
     $scopes = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphPermissionScope]
     $scope = $serviceAadApplication.Api.Oauth2PermissionScopes | Where-Object { $_.Value -eq "User_impersonation" }
 
-        if($scope -ne $null)
-        {    
-            # disable the scope
-            $scope.IsEnabled = $false
-            $scopes.Add($scope)
-            Update-MgApplication -ApplicationId $serviceAadApplication.Id -Api @{Oauth2PermissionScopes = @($scopes)}
-
-            # clear the scope
-            Update-MgApplication -ApplicationId $serviceAadApplication.Id -Api @{Oauth2PermissionScopes = @()}
-        }
+    if($scope -ne $null)
+    {    
+        # disable the scope
+        $scope.IsEnabled = $false
+        $scopes.Add($scope)
+        Update-MgApplication -ApplicationId $serviceAadApplication.Id -Api @{Oauth2PermissionScopes = @($scopes)}
+
+        # clear the scope
+        Update-MgApplication -ApplicationId $serviceAadApplication.Id -Api @{Oauth2PermissionScopes = @()}
+    }
 
     $scopes = New-Object System.Collections.Generic.List[Microsoft.Graph.PowerShell.Models.MicrosoftGraphPermissionScope]
     $scope = CreateScope -value ToDoList.Read  `
@@ -283,7 +280,6 @@ Function ConfigureApplications
 
     # add/update scopes
     Update-MgApplication -ApplicationId $serviceAadApplication.Id -Api @{Oauth2PermissionScopes = @($scopes)}
-
     Write-Host "Done creating the service application (TodoListService-aspnetcore-webapi)"
 
     # URL of the AAD application in the Azure portal
@@ -293,61 +289,60 @@ Function ConfigureApplications
 
    # Create the client AAD application
    Write-Host "Creating the AAD application (TodoListClient-aspnetcore-webapi)"
-        # Get a 6 months application key for the client Application
-        $fromDate = [DateTime]::Now;
-        $key = CreateAppKey -fromDate $fromDate -durationInMonths 6
+   # Get a 6 months application key for the client Application
+   $fromDate = [DateTime]::Now;
+   $key = CreateAppKey -fromDate $fromDate -durationInMonths 6
+   
 
    # create the application 
    $clientAadApplication = New-MgApplication -DisplayName "TodoListClient-aspnetcore-webapi" `
-                                                          -Web `
-                                                          @{ `
+                                                      -Web `
+                                                      @{ `
                                                           RedirectUris = "https://localhost:44321/signin-oidc"; `
                                                           HomePageUrl = "https://localhost:44321/"; `
                                                           LogoutUrl = "https://localhost:44321/signout-oidc"; `
-                                                              } `
-                                                      -SignInAudience AzureADMyOrg `
+                                                        } `
+                                                       -SignInAudience AzureADMyOrg `
                                                       #end of command
     #add a secret to the application
     $pwdCredential = Add-MgApplicationPassword -ApplicationId $clientAadApplication.Id -PasswordCredential $key
     $clientAppKey = $pwdCredential.SecretText
 
     $tenantName = (Get-MgApplication -ApplicationId $clientAadApplication.Id).PublisherDomain
     Update-MgApplication -ApplicationId $clientAadApplication.Id -IdentifierUris @("https://$tenantName/TodoListClient-aspnetcore-webapi")
-    # generate required certificates for the App registration
-        
-    Write-Host "Creating the CN=TodoListClient-aspnetcore-webapi certificate for application (TodoListClient-aspnetcore-webapi)"
+        # Generate a certificate
+        Write-Host "Creating the client application (TodoListClient-aspnetcore-webapi)"
 
-    $certificateName = 'CN=TodoListClient-aspnetcore-webapi' #name of format CN=<Cert Name> as specified in sample.json
-    $certificateName = $certificateName.Split("=")[1]; #take the name only
-
-    # temporarily disable the option and procees to certificate creation
-    #$isOpenSSL = Read-Host ' By default certificate is generated using New-SelfSignedCertificate. Do you want to generate cert using OpenSSL(Y/N)?'
-    if($isOpenSSL -eq 'Y')
-    {
-        $certificate=openssl req -x509 -newkey rsa:2048 -days 365 -keyout "$certificateName.key" -out "$certificateName.cer" -subj "/CN=$certificateName.com" -nodes
-        openssl pkcs12 -export -out "$certificateName.pfx" -inkey $certificateName.key -in "$certificateName.cer"
-    }
-    else
-    {
-        $certificate=New-SelfSignedCertificate -Subject $certificateName `
-                                                -CertStoreLocation "Cert:/CurrentUser/My" `
-                                                -KeyExportPolicy Exportable `
-                                                -KeySpec Signature
-
-        $thumbprint = $certificate.Thumbprint
-        $certificatePassword = Read-Host -Prompt "Enter password for your certificate (Please remember the password, you will need it when uploading to KeyVault): " -AsSecureString
-        Write-Host "Exporting certificate as a PFX file"
-        Export-PfxCertificate -Cert "Cert:/CurrentUser/My/$thumbprint" -FilePath "$pwd\$certificateName.pfx" -ChainOption EndEntityCertOnly -NoProperties -Password $certificatePassword
-        Write-Host "PFX written to:"
-        Write-Host "$pwd\$certificateName.pfx"
-
-        # Add a Azure Key Credentials from the certificate for the application
-        $clientKeyCredentials = Update-MgApplication -ApplicationId $clientAadApplication.Id `
-            -KeyCredentials @(@{Type = "AsymmetricX509Cert"; Usage = "Verify"; Key= $certificate.RawData; StartDateTime = $certificate.NotBefore; EndDateTime = $certificate.NotAfter;})       
-    }
+        $certificateName = 'TodoListClient-aspnetcore-webapi'
 
+        # temporarily disable the option and procees to certificate creation
+        #$isOpenSSL = Read-Host ' By default certificate is generated using New-SelfSignedCertificate. Do you want to generate cert using OpenSSL(Y/N)?'
+        $isOpenSSl = 'N'
+        if($isOpenSSL -eq 'Y')
+        {
+            $certificate=openssl req -x509 -newkey rsa:2048 -days 365 -keyout "$certificateName.key" -out "$certificateName.cer" -subj "/CN=$certificateName.com" -nodes
+            openssl pkcs12 -export -out "$certificateName.pfx" -inkey $certificateName.key -in "$certificateName.cer"
+        }
+        else
+        {
+            $certificate=New-SelfSignedCertificate -Subject $certificateName `
+                                                    -CertStoreLocation "Cert:\CurrentUser\My" `
+                                                    -KeyExportPolicy Exportable `
+                                                    -KeySpec Signature
+
+            $thumbprint = $certificate.Thumbprint
+            $certificatePassword = Read-Host -Prompt "Enter password for your certificate (Please remember the password, you will need it when uploading to KeyVault): " -AsSecureString
+            Write-Host "Exporting certificate as a PFX file"
+            Export-PfxCertificate -Cert "Cert:\Currentuser\My\$thumbprint" -FilePath "$pwd\$certificateName.pfx" -ChainOption EndEntityCertOnly -NoProperties -Password $certificatePassword
+            Write-Host "PFX written to:"
+            Write-Host "$pwd\$certificateName.pfx"
+
+            # Add a Azure Key Credentials from the certificate for the application
+            $clientKeyCredentials = Update-MgApplication -ApplicationId $clientAadApplication.Id `
+                -KeyCredentials @(@{Type = "AsymmetricX509Cert"; Usage = "Verify"; Key= $certificate.RawData; StartDateTime = $certificate.NotBefore; EndDateTime = $certificate.NotAfter;})       
+       
+        }  
 
-
     # create the service principal of the newly created application 
     $currentAppId = $clientAadApplication.AppId
     $clientServicePrincipal = New-MgServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
@@ -359,8 +354,6 @@ Function ConfigureApplications
         New-MgApplicationOwnerByRef -ApplicationId $clientAadApplication.Id  -BodyParameter = @{"@odata.id" = "htps://graph.microsoft.com/v1.0/directoryObjects/$user.ObjectId"}
         Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($clientServicePrincipal.DisplayName)'"
     }
-
-
     Write-Host "Done creating the client application (TodoListClient-aspnetcore-webapi)"
 
     # URL of the AAD application in the Azure portal
@@ -374,20 +367,23 @@ Function ConfigureApplications
     $requiredPermissions = GetRequiredPermissions -applicationDisplayName "TodoListService-aspnetcore-webapi" `
         -requiredDelegatedPermissions "ToDoList.Read|ToDoList.ReadWrite" `
 
+
     $requiredResourcesAccess.Add($requiredPermissions)
     Update-MgApplication -ApplicationId $clientAadApplication.Id -RequiredResourceAccess $requiredResourcesAccess
     Write-Host "Granted permissions."
 
     # Update config file for 'service'
     $configFile = $pwd.Path + "\..\TodoListService\appsettings.json"
     $dictionary = @{ "Domain" = $tenantName;"TenantId" = $tenantId;"ClientId" = $serviceAadApplication.AppId };
+
     Write-Host "Updating the sample code ($configFile)"
 
     UpdateTextFile -configFilePath $configFile -dictionary $dictionary
 
     # Update config file for 'client'
     $configFile = $pwd.Path + "\..\Client\appsettings.json"
     $dictionary = @{ "Domain" = $tenantName;"TenantId" = $tenantId;"ClientId" = $clientAadApplication.AppId;"KeyVaultCertificateName" = $certificateName;"TodoListScopes" = "api://$($serviceAadApplication.AppId)/ToDoList.Read api://$($serviceAadApplication.AppId)/ToDoList.ReadWrite";"TodoListBaseAddress" = $serviceAadApplication.Web.HomePageUrl };
+
     Write-Host "Updating the sample code ($configFile)"
 
     UpdateTextFile -configFilePath $configFile -dictionary $dictionary
@@ -397,8 +393,7 @@ Function ConfigureApplications
     Write-Host "  - Navigate to $servicePortalUrl"
     Write-Host "  - Application 'service' publishes application permissions. Do remember to navigate to any client app(s) registration in the app portal and consent for those, if required" -ForegroundColor Red 
     Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
-       
-    if($isOpenSSL -eq 'Y')
+       if($isOpenSSL -eq 'Y')
     {
         Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
         Write-Host "You have generated certificate using OpenSSL so follow below steps: "

4-WebApp-your-API/4-1-MyOrg/AppCreationScripts-withCert/sample.json

@@ -65,7 +65,7 @@
 
   /* It either can be a text or link to another readme file */
   "ReadmeAzureDeploy": {
-    "IncludeFilePath": "../ReadmeFiles/ReadmeAzureDeploy.md"
+    "IncludeFilePath": ""
   },
 
   /* It either can be a text or link to another readme file */
@@ -125,23 +125,7 @@
           "DelegatedPermissions": [ "ToDoList.Read", "ToDoList.ReadWrite" ]
         }
       ],
-      "Certificate":"",
-      "CustomersConfigurations": [
-        {
-          "AppSettingsJson": {
-            "AzureAd": {
-              "ClientCertificates": [
-                {
-                  "SourceType": "StoreWithDistinguishedName",
-                  "CertificateStorePath": "CurrentUser/My",
-                  "CertificateDistinguishedName": "CN=TodoListClient-aspnetcore-webapi"
-                }
-              ]
-            }
-          }
-        }
-      ],
-
+      "Certificate":"the name will be assigned automatically by PowerShell script and it will be equal to the Application name",
       "ManualSteps": [],
       "Sample": {
         "SampleSubPath": "4-WebApp-Your-API\\4-1-MyOrg",

4-WebApp-your-API/4-1-MyOrg/AppCreationScripts/Cleanup.ps1

@@ -1,4 +1,4 @@
-
+
 [CmdletBinding()]
 param(    
     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
@@ -114,4 +114,3 @@ Cleanup -tenantId $tenantId -environment $azureEnvironmentName
 
 Write-Host "Disconnecting from tenant"
 Disconnect-MgGraph
-