You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: 4-WebApp-your-API/4-1-MyOrg/README.md
+44-11Lines changed: 44 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -281,8 +281,6 @@ To provide a recommendation, visit the following [User Voice page](https://feedb
281
281
<details>
282
282
<summary>Expand the section</summary>
283
283
284
-
1. Consider adding [MSAL.NET Logging](https://docs.microsoft.com/azure/active-directory/develop/msal-logging-dotnet) to you project
285
-
286
284
1. In the `TodoListService` project, which represents the web api, first the package `Microsoft.Identity.Web`is added from NuGet.
287
285
288
286
1. Starting with the **Startup.cs** file :
@@ -301,7 +299,7 @@ To provide a recommendation, visit the following [User Voice page](https://feedb
301
299
302
300
* `AddMicrosoftIdentityWebApiAuthentication()` protectstheWebAPIby [validatingAccesstokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens#validating-tokens) sent tho this API. Check out [Protected web API: Code configuration](https://docs.microsoft.com/azure/active-directory/develop/scenario-protected-web-api-app-configuration) which explains the inner workings of this method in more detail.
*checkiftheclientapp's appid (azp) is in some sort of an allowed list via the 'azp' claim, in case you wanted to restrict the API to a list of client apps.
306
304
*checkifthecaller's account is homed or guest via the 'acct' optional claim
@@ -367,7 +365,7 @@ To provide a recommendation, visit the following [User Voice page](https://feedb
367
365
*Themethod*IsAppOnlyToken()*isusedbycontrollermethodtodetectpresenceofanapponlytoken, i.eatokenthatwasissuedtoanappusingthe [Clientcredentials](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow) flow, i.e no users were signed-in by this client app.
368
366
369
367
```csharp
370
-
privateboolIsAppOnlyToken()
368
+
privateboolIsAppOnlyToken()
371
369
{
372
370
// Add in the optional 'idtyp' claim to check if the access token is coming from an application or user.
373
371
//
@@ -376,17 +374,51 @@ To provide a recommendation, visit the following [User Voice page](https://feedb
TheToDoListClient's *appsettings.json* file contains `ToDoListScopes` key that is used in *startup.cs* to specify which initial scopes (delegated permissions) should be requested for the Access Token when a user is being signed-in:
Copy file name to clipboardExpand all lines: 4-WebApp-your-API/4-1-MyOrg/ReadmeFiles/ReadmeAboutTheCode.md
+42-10Lines changed: 42 additions & 10 deletions
Original file line number
Diff line number
Diff line change
@@ -3,8 +3,6 @@
3
3
<details>
4
4
<summary>Expand the section</summary>
5
5
6
-
1. Consider adding [MSAL.NET Logging](https://docs.microsoft.com/azure/active-directory/develop/msal-logging-dotnet) to you project
7
-
8
6
1. In the `TodoListService` project, which represents the web api, first the package `Microsoft.Identity.Web`is added from NuGet.
9
7
10
8
1. Starting with the **Startup.cs** file :
@@ -23,7 +21,7 @@
23
21
24
22
* `AddMicrosoftIdentityWebApiAuthentication()` protectstheWebAPIby [validatingAccesstokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens#validating-tokens) sent tho this API. Check out [Protected web API: Code configuration](https://docs.microsoft.com/azure/active-directory/develop/scenario-protected-web-api-app-configuration) which explains the inner workings of this method in more detail.
*checkiftheclientapp's appid (azp) is in some sort of an allowed list via the 'azp' claim, in case you wanted to restrict the API to a list of client apps.
28
26
*checkifthecaller's account is homed or guest via the 'acct' optional claim
*Themethod*IsAppOnlyToken()*isusedbycontrollermethodtodetectpresenceofanapponlytoken, i.eatokenthatwasissuedtoanappusingthe [Clientcredentials](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow) flow, i.e no users were signed-in by this client app.
90
88
91
89
```csharp
92
-
privateboolIsAppOnlyToken()
90
+
privateboolIsAppOnlyToken()
93
91
{
94
92
// Add in the optional 'idtyp' claim to check if the access token is coming from an application or user.
TheToDoListClient's *appsettings.json* file contains `ToDoListScopes` key that is used in *startup.cs* to specify which initial scopes (delegated permissions) should be requested for the Access Token when a user is being signed-in:
0 commit comments