You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: 4-WebApp-your-API/4-1-MyOrg/README.md
+16-3Lines changed: 16 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -144,12 +144,24 @@ Follow the steps below for manually register and configure your apps
144
144
- For **User consent description** type `Allow the application to [ex, Read ToDo list items] as the signed-in user on your behalf.`
145
145
* Keep **State** as **Enabled**.
146
146
* Select the **Add scope** button on the bottom to save this scope.
147
-
> Repeat the steps above for scope **ToDoList.Write**
147
+
> Repeat the steps above for scope **ToDoList.ReadWrite**
148
148
149
149
1. Select the `Manifest` blade on the left.
150
150
* Set `accessTokenAcceptedVersion` property to **2**.
151
151
* Click on **Save**.
152
152
153
+
##### Define Application Permissions
154
+
155
+
1. Still on the same app registration, select the **App roles** blade to the left.
156
+
1. Select **Create app role**:
157
+
* For **Display name**, enter a suitable name, for instance **ToDoList.Read.All**.
158
+
* For **Allowed member types**, choose **Application**.
159
+
* For **Value**, enter **ToDoList.Read.All**.
160
+
* For **Description**, enter **Application can only read ToDo list**.
161
+
> Repeat the steps above for permission **ToDoList.ReadWrite.All**
162
+
163
+
1. Select **Apply** to save your changes.
164
+
153
165
##### Configure the service app (TodoListService-aspnetcore-webapi) to use your app registration
154
166
155
167
Open the project in your IDE (like Visual Studio or Visual Studio Code) to configure the code.
@@ -177,6 +189,7 @@ Follow the steps below for manually register and configure your apps
177
189
1. `https://localhost:44321/signin-oidc`
178
190
179
191
1. In the **Front-channel logout URL** section, set it to `https://localhost:44321/signout-oidc`.
192
+
1. In the **Implicit grant and hybrid flows** section, check the **Access tokens (used for implicit flows)** option.
180
193
1. Click **Save** to save your changes.
181
194
1. In the app's registration screen, select the **Certificates & secrets** blade in the left to open the page where you can generate secrets and upload certificates.
182
195
1. In the **Client secrets** section, select **New client secret**:
@@ -191,7 +204,7 @@ Follow the steps below for manually register and configure your apps
191
204
* Select the **Add a permission** button and then,
192
205
* Ensure that the **My APIs** tab is selected.
193
206
* In the list of APIs, select the API `TodoListService-aspnetcore-webapi`.
194
-
* In the **Delegated permissions** section, select the **ToDoList.Read**, **ToDoList.Write** in the list. Use the search box if necessary.
207
+
* In the **Delegated permissions** section, select the **ToDoList.Read**, **ToDoList.ReadWrite** in the list. Use the search box if necessary.
195
208
* Select the **Add permissions** button at the bottom.
196
209
197
210
##### Configure the client app (TodoListClient-aspnetcore-webapi) to use your app registration
@@ -205,7 +218,7 @@ Follow the steps below for manually register and configure your apps
205
218
1. Find the key `TenantId` and replace the existing value with your Azure AD tenant ID.
206
219
1. Find the key `ClientId` and replace the existing value with the application ID (clientId) of `TodoListClient-aspnetcore-webapi` app copied from the Azure portal.
207
220
1. Find the key `ClientSecret` and replace the existing value with the key you saved during the creation of `TodoListClient-aspnetcore-webapi` copied from the Azure portal.
208
-
1. Find the key `TodoListScopes` and replace the existing value with **"api://<your_service_api_client_id>/ToDoList.Read api://<your_service_api_client_id>/ToDoList.Write"**.
221
+
1. Find the key `TodoListScopes` and replace the existing value with **"api://<your_service_api_client_id>/ToDoList.Read api://<your_service_api_client_id>/ToDoList.ReadWrite"**.
209
222
1. Find the key `TodoListBaseAddress` and replace the existing value with the base address of `TodoListService-aspnetcore-webapi` (by default `https://localhost:44351`).
0 commit comments