Enhancing multi tenant sample

[TiagoBrenck]

Purpose

A multi-tenant app goes beyond setting organizations as tenant. There are more topics that are essential for a developer to know when developing a simple multi-tenant app.

With help @kalyankrishna1 's help, we enhanced the multi-tenant sample to cover the topics:

• /common endpoint
• Service principle provision on other tenants
• Data Partition
• Graph token issued by signed user's tenant

This new sample is not a level 100 anymore, since it brings more complex topics. In order to provide a better experience, it uses a SQL DB, but there is the option of running it using in memory DB (thanks to EntityFramework).

Does this introduce a breaking change?

[ ] Yes
[x] No

Pull Request Type

What kind of change does this Pull Request introduce?

[ ] Bugfix
[x] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

• Get the code

• Test the code
  The DB will be created automatically. If you want to run it using InMemory DB, read the line 48 on Startup.cs

Ideally you will want to have 2 tenants to test it.

What to Check

Verify that the following are valid

• You can onboard different tenants and sign-in users (common endpoint and SP provisioning)
• You can CRUD todo items but cannot see items from other tenants (Data partition)
• When editing your todo item, a list of active users from your tenant is shown (Graph AT by tenant)

Other Information

⚠️ If you had created this sample in the past already: Delete its enterprise app from the other tenants before re-creating this application.

[jennyf19]

using Microsoft.AspNetCore;

do you need license info for samples? #Resolved

---

Refers to: 2-WebApp-graph-user/2-3-Multi-Tenant/Program.cs:1 in ca3aa52. [](commit_id = ca3aa52, deletion_comment = False)

[jmprieur]

This looks really good @TiagoBrenck
however, I was not able to have the sample work after running the app creation scripts when going through the emboarding process. I got the following:

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: 'f4378b43-1d37-404f-82c1-704914b95f18'.

It's not registering https://localhost:44321/Onboarding/ProcessCode as a redirect URI

I wonder if we don't want to plan an enhancement to use the Graph SDK (instead of hand crafting classes for the Graph response). What do you think @kalyankrishna1 ?

In the other samples we use the reduced license header, not the full one.

[jmprieur]

The chapter 1 is about signing-in to a web app? not calling graph?

[TiagoBrenck]

@jmprieur are you sure you have the latest version? I reverted this change already.

[jmprieur]

Maybe we want to mention why it calls the graph? and also that it calls ARM?

[TiagoBrenck]

@jmprieur I am using the Graph SDK. It is on MSGraphService.cs

[jmprieur]

my bad, @TiagoBrenck

[jmprieur]

LGTM.
I tested an it works great
the only thing I'd change is the UserSecretsId> value in the csproj because this project is so different from the others that we'd want it to be unique

Keeping the same value for this one could impact negatively users who do several chapters (It did impact me and it took me a while to figure out that it was picking-up secrets and client ID of the other chapters)

[TiagoBrenck]

Ok @jmprieur I will change. Me and Kalyan also discussed a better flow for the onboarding on the navigation menu, so I will update it as well

[jmprieur]

LGTM. Thanks @TiagoBrenck

[kalyankrishna1]

Done with reviews.