Fixed bugs with guest account

Kalyan Krishna · Kalyan Krishna · commit 5340ec68f46a · 2019-07-03T02:49:14.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -85,3 +85,8 @@
 /4-WebApp-your-API/4-1-Your-API/Client/bin/Debug/netcoreapp2.2
 /4-WebApp-your-API/4-1-Your-API/Client/obj
 /4-WebApp-your-API/4-1-Your-API/.vs/WebApp-OpenIDConnect-DotNet
+/4-WebApp-your-API/Client/bin/Debug/netcoreapp2.2
+/4-WebApp-your-API/Client/obj
+/4-WebApp-your-API/packages
+/4-WebApp-your-API/TodoListService/bin/Debug/netcoreapp2.2
+/4-WebApp-your-API/TodoListService/obj
diff --git a/4-WebApp-your-API/AppCreationScripts/Cleanup.ps1 b/4-WebApp-your-API/AppCreationScripts/Cleanup.ps1
@@ -5,7 +5,7 @@ param(
     [string] $tenantId
 )
 
-if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) { 
+if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) { 
     Install-Module "AzureAD" -Scope CurrentUser 
 } 
 Import-Module AzureAD
@@ -44,7 +44,7 @@ This function removes the Azure AD applications for the sample. These applicatio
         $tenantId = $creds.Tenant.Id
     }
     $tenant = Get-AzureADTenantDetail
-    $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
+    $tenantName =  ($tenant.VerifiedDomains | Where-Object { $_._Default -eq $True }).Name
     
     # Removes the applications
     Write-Host "Cleaning-up applications from tenant '$tenantName'"
@@ -56,19 +56,31 @@ This function removes the Azure AD applications for the sample. These applicatio
     {
         Remove-AzureADApplication -ObjectId $apps.ObjectId
     }
-    # Get-AzureRmADServicePrincipal -SearchString "TodoListService-aspnetcore-webapi" | ForEach-Object {Remove-AzureRmADServicePrincipal -ObjectId $_.Id -Confirm:$false}
-    Write-Host "Removed TodoListService-aspnetcore-webapi."
 
+    foreach ($app in $apps) 
+    {
+        Remove-AzureADApplication -ObjectId $app.ObjectId
+        Write-Host "Removed TodoListService-aspnetcore-webapi.."
+    }
+    # also remove service principals of this app
+    Get-AzureADServicePrincipal -filter "DisplayName eq 'TodoListService-aspnetcore-webapi'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    
     Write-Host "Removing 'client' (TodoListClient-aspnetcore-webapi) if needed"
     Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient-aspnetcore-webapi'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
     $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient-aspnetcore-webapi'"
     if ($apps)
     {
         Remove-AzureADApplication -ObjectId $apps.ObjectId
     }
-    # Get-AzureRmADServicePrincipal -SearchString "TodoListClient-aspnetcore-webapi" | ForEach-Object {Remove-AzureRmADServicePrincipal -ObjectId $_.Id -Confirm:$false}
-    Write-Host "Removed TodoListClient-aspnetcore-webapi."
 
+    foreach ($app in $apps) 
+    {
+        Remove-AzureADApplication -ObjectId $app.ObjectId
+        Write-Host "Removed TodoListClient-aspnetcore-webapi.."
+    }
+    # also remove service principals of this app
+    Get-AzureADServicePrincipal -filter "DisplayName eq 'TodoListClient-aspnetcore-webapi'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    
 }
 
-Cleanup -Credential $Credential -tenantId $TenantId
+Cleanup -Credential $Credential -tenantId $TenantId
diff --git a/4-WebApp-your-API/Client/TodoListClient.csproj b/4-WebApp-your-API/Client/TodoListClient.csproj
@@ -24,7 +24,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="2.2.0" />
-    <PackageReference Include="Microsoft.Graph" Version="1.12.0" />
+    <PackageReference Include="Microsoft.Graph" Version="1.16.0" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="2.2.3" />
     <PackageReference Include="WindowsAzure.Storage" Version="9.3.3" />
   </ItemGroup>
diff --git a/4-WebApp-your-API/TodoListService/Controllers/TodoListController.cs b/4-WebApp-your-API/TodoListService/Controllers/TodoListController.cs
@@ -25,6 +25,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Identity.Web.Client;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;
diff --git a/Microsoft.Identity.Web/Client/MsalUiRequiredExceptionFilterAttribute.cs b/Microsoft.Identity.Web/Client/MsalUiRequiredExceptionFilterAttribute.cs
@@ -61,7 +61,7 @@ private bool CanBeSolvedByReSignInUser(MsalUiRequiredException ex)
         /// Build Authentication properties needed for an incremental consent.
         /// </summary>
         /// <param name="scopes">Scopes to request</param>
-        /// <param name="ex">ui is present</param>
+        /// <param name="ex">MsalUiRequiredException instance</param>
         /// <param name="context">current http context in the pipeline</param>
         /// <returns>AuthenticationProperties</returns>
         private AuthenticationProperties BuildAuthenticationPropertiesForIncrementalConsent(
diff --git a/Microsoft.Identity.Web/Client/TokenAcquisition.cs b/Microsoft.Identity.Web/Client/TokenAcquisition.cs
@@ -98,7 +98,7 @@ public TokenAcquisition(IConfiguration configuration, IMSALAppTokenCacheProvider
         /// From the configuration of the Authentication of the ASP.NET Core Web API:
         /// <code>OpenIdConnectOptions options;</code>
         ///
-        /// Subscribe to the authorization code recieved event:
+        /// Subscribe to the authorization code received event:
         /// <code>
         ///  options.Events = new OpenIdConnectEvents();
         ///  options.Events.OnAuthorizationCodeReceived = OnAuthorizationCodeReceived;
@@ -128,6 +128,13 @@ public async Task AddAccountToCacheFromAuthorizationCode(AuthorizationCodeReceiv
                 // even if it's not done yet, so that it does not concurrently call the Token endpoint.
                 context.HandleCodeRedemption();
 
+                // The cache will need the claims from the ID token. In the case of guest scenarios
+                // If they are not yet in the HttpContext.User's claims, adding them.
+                if (!context.HttpContext.User.Claims.Any())
+                {
+                    (context.HttpContext.User.Identity as ClaimsIdentity).AddClaims(context.Principal.Claims);
+                }
+
                 var application = BuildConfidentialClientApplication(context.HttpContext, context.Principal);
 
                 // Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
@@ -351,32 +358,19 @@ private async Task<string> GetAccessTokenOnBehalfOfUser(IConfidentialClientAppli
 
             AuthenticationResult result = null;
 
-            try
+            if (string.IsNullOrWhiteSpace(tenant))
             {
-                if (string.IsNullOrWhiteSpace(tenant))
-                {
-                    result = await application.AcquireTokenSilent(scopes.Except(scopesRequestedByMsalNet), account)
-                                               .ExecuteAsync();
-                }
-                else
-                {
-                    string authority = application.Authority.Replace(new Uri(application.Authority).PathAndQuery, $"/{tenant}/");
-                    result = await application.AcquireTokenSilent(scopes.Except(scopesRequestedByMsalNet), account)
-                                              .WithAuthority(authority)
-                                              .ExecuteAsync();
-                }
+                result = await application.AcquireTokenSilent(scopes.Except(scopesRequestedByMsalNet), account)
+                                           .ExecuteAsync();
             }
-            catch (MsalUiRequiredException ex)
+            else
             {
-                // A MsalUiRequiredException happened on AcquireTokenSilent.
-                // This indicates you need to call AcquireTokenInteractive to acquire a token
-                System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
-
-                result = await application.AcquireTokenForClient(scopes)
-                            .ExecuteAsync();
+                string authority = application.Authority.Replace(new Uri(application.Authority).PathAndQuery, $"/{tenant}/");
+                result = await application.AcquireTokenSilent(scopes.Except(scopesRequestedByMsalNet), account)
+                                          .WithAuthority(authority)
+                                          .ExecuteAsync();
             }
 
-
             return result.AccessToken;
         }
 
diff --git a/Microsoft.Identity.Web/Client/TokenCacheProviders/InMemory/MSALPerUserMemoryTokenCacheProvider.cs b/Microsoft.Identity.Web/Client/TokenCacheProviders/InMemory/MSALPerUserMemoryTokenCacheProvider.cs
@@ -94,11 +94,7 @@ private void UserTokenCacheAfterAccessNotification(TokenCacheNotificationArgs ar
             // if the access operation resulted in a cache update
             if (args.HasStateChanged)
             {
-                string cacheKey = args.Account?.HomeAccountId?.Identifier;
-                if (string.IsNullOrEmpty(cacheKey))
-                {
-                    cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
-                }
+                string cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
 
                 if (string.IsNullOrWhiteSpace(cacheKey))
                     return;
@@ -116,17 +112,14 @@ private void UserTokenCacheAfterAccessNotification(TokenCacheNotificationArgs ar
         /// <param name="args">Contains parameters used by the MSAL call accessing the cache.</param>
         private void UserTokenCacheBeforeAccessNotification(TokenCacheNotificationArgs args)
         {
-            string cacheKey = args.Account?.HomeAccountId?.Identifier;
-            if (string.IsNullOrEmpty(cacheKey))
-            {
-                cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
-            }
+
+            string cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
 
             if (string.IsNullOrWhiteSpace(cacheKey))
                 return;
 
             byte[] tokenCacheBytes = (byte[])this.memoryCache.Get(cacheKey);
-            args.TokenCache.DeserializeMsalV3(tokenCacheBytes, shouldClearExistingCache:true);
+            args.TokenCache.DeserializeMsalV3(tokenCacheBytes, shouldClearExistingCache: true);
         }
 
         /// <summary>
diff --git a/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -7,6 +7,6 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="2.2.0" />
-    <PackageReference Include="Microsoft.Identity.Client" Version="4.0.0" />
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.1.0" />
   </ItemGroup>
 </Project>
