Skip to content

Task 1924572 Sample 4-1 basher update #602

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 69 commits into from
Aug 26, 2022

Conversation

aremo-ms
Copy link
Contributor

Added App Permissions and enhanced new attribute that combines Roles and Scopes altogether.
ToDoList Service Api was refactored for best practices
Readme file was updated as well.

@aremo-ms aremo-ms changed the title Task 1924572 4 1 basher update Task 1924572 Sample 4-1 basher update Jun 14, 2022
@kalyankrishna1
Copy link
Contributor

kalyankrishna1 commented Jun 15, 2022

  1. The client ASP.NET Core Web App uses the Microsoft.Identity.Web to sign-in and obtain a JWT Access Tokens from Azure AD.

to sign-in a user


In reply to: 1156836710


In reply to: 1156836710


In reply to: 1156836710


In reply to: 1156836710


Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:37 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

@kalyankrishna1
Copy link
Contributor

kalyankrishna1 commented Jun 15, 2022

  1. All APIs have to publish a minimum of two scopes, also called Delegated Permissions, for the client's to obtain an access token successfully. To publish a scope, follow these steps:

minimum is one, so change to one here, but the steps below will remain the same


In reply to: 1156839720


In reply to: 1156839720


In reply to: 1156839720


Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:137 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

@kalyankrishna1
Copy link
Contributor

kalyankrishna1 commented Jun 15, 2022

  1. In the TodoListService project, first the package Microsoft.Identity.Webis added from NuGet.

find the package Microsoft.Identity.Weband add it from NuGet.


In reply to: 1156847059


In reply to: 1156847059


In reply to: 1156847059


Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:281 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

@kalyankrishna1
Copy link
Contributor

kalyankrishna1 commented Jun 15, 2022

* at the top of the file, the following two using directives were added:

one :)


In reply to: 1156847267


In reply to: 1156847267


In reply to: 1156847267


Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:285 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

@kalyankrishna1
Copy link
Contributor

kalyankrishna1 commented Jun 15, 2022

* `AddMicrosoftIdentityWebApiAuthentication()` protects the Web API by validating Access tokens sent tho this API. Check out [Protected web API: Code configuration](https://docs.microsoft.com/azure/active-directory/develop/scenario-protected-web-api-app-configuration) which explains the inner workings of this method in more detail.

link to "https://docs.microsoft.com/azure/active-directory/develop/access-tokens#validating-tokens"


In reply to: 1156847970


In reply to: 1156847970


In reply to: 1156847970


Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:297 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

@kalyankrishna1
Copy link
Contributor

kalyankrishna1 commented Jun 15, 2022

  [RequiredScope(new string[] { "ToDoList.Read", "ToDoList.Write" })
  1. list both delegated and app permissions
  2. Explain here that "while this sample only uses delegated permissions, the attribute [attribute name], protects this API method for both delegated and app permissions

In reply to: 1156850339


In reply to: 1156850339


In reply to: 1156850339


Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:305 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

@kalyankrishna1
Copy link
Contributor

kalyankrishna1 commented Jun 15, 2022

  string owner = User.Identity.Name;

add check here that if there are only delegated permissions , this check is used and so on..


In reply to: 1156850993


In reply to: 1156850993


In reply to: 1156850993


Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:309 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

@kalyankrishna1
Copy link
Contributor

kalyankrishna1 commented Jun 15, 2022

* Then in the controllers `TodoListController.cs`, the `[Authorize]` added on top of the class to protect this route.

Change the ToDoListController such that it works w/o any change for both delegated and app only scenarios.
We DO NOT provide separate advise for app only scenario..


In reply to: 1156851866


In reply to: 1156851866


In reply to: 1156851866


Refers to: 4-WebApp-your-API/4-1-MyOrg/README.md:299 in 55e3a1c. [](commit_id = 55e3a1c, deletion_comment = False)

*/

// TodoListScope is the scope of the Web API you want to call. This is usually in the form of: "api://fc3ef71c-43ab-497d-89f0-332787e09c7c/ToDoList.Read",
// - a list of scopes for a V2 application (for instance "api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Read api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Write")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// - a list of scopes for a V2 application (for instance "api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Read api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Write")
// - a list of scopes for a V2 application (for instance "api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.Read api://b3682cc7-8b30-4bd2-aaba-080c6bf0fd31/ToDoList.ReadWrite")

@kalyankrishna1 kalyankrishna1 merged commit df985c7 into master Aug 26, 2022
@aremo-ms aremo-ms deleted the aremo-ms/Task-1924572-4-1-basher-update branch December 8, 2022 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants