Task 1924572 Sample 4-1 basher update #602

aremo-ms · 2022-06-14T00:04:11Z

Added App Permissions and enhanced new attribute that combines Roles and Scopes altogether.
ToDoList Service Api was refactored for best practices
Readme file was updated as well.

4-WebApp-your-API/4-1-MyOrg/AppCreationScripts/sample.json

kalyankrishna1 · 2022-06-15T19:19:31Z

The client ASP.NET Core Web App uses the Microsoft.Identity.Web to sign-in and obtain a JWT Access Tokens from Azure AD.

to sign-in a user

In reply to: 1156836710

Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:37 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

4-WebApp-your-API/4-1-MyOrg/README.md

kalyankrishna1 · 2022-06-15T19:23:10Z

All APIs have to publish a minimum of two scopes, also called Delegated Permissions, for the client's to obtain an access token successfully. To publish a scope, follow these steps:

minimum is one, so change to one here, but the steps below will remain the same

In reply to: 1156839720

Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:137 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

4-WebApp-your-API/4-1-MyOrg/README.md

kalyankrishna1 · 2022-06-15T19:32:12Z

In the TodoListService project, first the package Microsoft.Identity.Webis added from NuGet.

find the package Microsoft.Identity.Weband add it from NuGet.

In reply to: 1156847059

Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:281 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

kalyankrishna1 · 2022-06-15T19:32:27Z

* at the top of the file, the following two using directives were added:

one :)

In reply to: 1156847267

Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:285 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

4-WebApp-your-API/4-1-MyOrg/README.md

kalyankrishna1 · 2022-06-15T19:33:18Z

* `AddMicrosoftIdentityWebApiAuthentication()` protects the Web API by validating Access tokens sent tho this API. Check out [Protected web API: Code configuration](https://docs.microsoft.com/azure/active-directory/develop/scenario-protected-web-api-app-configuration) which explains the inner workings of this method in more detail.

link to "https://docs.microsoft.com/azure/active-directory/develop/access-tokens#validating-tokens"

In reply to: 1156847970

Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:297 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

kalyankrishna1 · 2022-06-15T19:36:24Z

  [RequiredScope(new string[] { "ToDoList.Read", "ToDoList.Write" })

list both delegated and app permissions
Explain here that "while this sample only uses delegated permissions, the attribute [attribute name], protects this API method for both delegated and app permissions

In reply to: 1156850339

Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:305 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

kalyankrishna1 · 2022-06-15T19:37:10Z

  string owner = User.Identity.Name;

add check here that if there are only delegated permissions , this check is used and so on..

In reply to: 1156850993

Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:309 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

kalyankrishna1 · 2022-06-15T19:38:13Z

* Then in the controllers `TodoListController.cs`, the `[Authorize]` added on top of the class to protect this route.

Change the ToDoListController such that it works w/o any change for both delegated and app only scenarios.
We DO NOT provide separate advise for app only scenario..

In reply to: 1156851866

Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:299 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

4-WebApp-your-API/4-1-MyOrg/TodoListService/Controllers/TodoListController.cs

4-WebApp-your-API/4-1-MyOrg/AppCreationScripts/Configure.ps1

derisen · 2022-08-18T21:18:30Z

4-WebApp-your-API/4-1-MyOrg/Client/appsettings.json

-    */
+
+    //  TodoListScope is the scope of the Web API you want to call. This is usually in the form of: "api://fc3ef71c-43ab-497d-89f0-332787e09c7c/ToDoList.Read",
+    //  - a list of scopes for a V2 application (for instance "api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Read api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Write")


Suggested change

// - a list of scopes for a V2 application (for instance "api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Read api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Write")

// - a list of scopes for a V2 application (for instance "api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Read api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.ReadWrite")

…function

…hub.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2 into aremo-ms/Task-1924572-4-1-basher-update

…reason)

aremo-ms added 5 commits June 3, 2022 13:54

updated readme and ps1 with new wording

2599ef8

Added BASHER logic to Service controller and made some refactoring

7289a0d

update

3b794e6

changed to getting Owner as Object Id

fd8ba1a

fixed bug for readme and added app permissions

55e3a1c

aremo-ms requested review from kalyankrishna1, v-michaelmi, derisen and salman90 June 14, 2022 00:04

aremo-ms changed the title ~~Task 1924572 4 1 basher update~~ Task 1924572 Sample 4-1 basher update Jun 14, 2022

kalyankrishna1 reviewed Jun 14, 2022

View reviewed changes

4-WebApp-your-API/4-1-MyOrg/AppCreationScripts/sample.json Outdated Show resolved Hide resolved