Changed user-flow so the home page allows anonymous access.

Tiago Brenck · Tiago Brenck · commit 535087d6d5e4 · 2019-11-20T17:10:46.000-08:00
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Controllers/HomeController.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Controllers/HomeController.cs
@@ -23,16 +23,18 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  */
 
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Identity.Web;
 using System.Diagnostics;
 using System.Linq;
+using System.Threading.Tasks;
 using WebApp_OpenIDConnect_DotNet.DAL;
 using WebApp_OpenIDConnect_DotNet.Models;
 
 namespace WebApp_OpenIDConnect_DotNet.Controllers
 {
-    [Authorize]
+    [AllowAnonymous]
     public class HomeController : Controller
     {
         private readonly SampleDbContext dbContext;
@@ -62,14 +64,12 @@ public IActionResult DeleteTenant(string id)
                 return RedirectToAction("Index");
         }
 
-        [AllowAnonymous]
         [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
         public IActionResult UnauthorizedTenant()
         {
             return View();
         }
 
-        [AllowAnonymous]
         [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
         public IActionResult Error()
         {
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Controllers/OnboardingController.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Controllers/OnboardingController.cs
@@ -22,15 +22,15 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  */
 
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.AzureAD.UI;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using System;
+using System.Linq;
+using System.Threading.Tasks;
 using WebApp_OpenIDConnect_DotNet.DAL;
 using WebApp_OpenIDConnect_DotNet.Models;
 
@@ -97,10 +97,14 @@ public async Task<IActionResult> ProcessCode(string tenant, string error, string
                 return RedirectToAction("Error", "Home");
             }
 
+            var authenticationProperties = new AuthenticationProperties { RedirectUri = "Home/Index" };
+
             // Check if tenant is already authorized
-            if(dbContext.AuthorizedTenants.FirstOrDefault(x => x.TenantId == tenant) != null)
+            if (dbContext.AuthorizedTenants.FirstOrDefault(x => x.TenantId == tenant) != null)
             {
-                return RedirectToAction("Index", "Home");
+                // Challenge an authentication so dotnet can set the user identity claims. 
+                // Since the user will have a session on AAD already, they wont need to select an account again.
+                return Challenge(authenticationProperties, AzureADDefaults.OpenIdScheme);
             }
 
             // Find a tenant carrying a TempAuthorizationCode that we previously saved
@@ -120,7 +124,9 @@ public async Task<IActionResult> ProcessCode(string tenant, string error, string
 
                 await dbContext.SaveChangesAsync();
 
-                return RedirectToAction("Index", "Home");
+                // Challenge an authentication so dotnet can set the user identity claims. 
+                // Since the user will have a session on AAD already, they wont need to select an account again.
+                return Challenge(authenticationProperties, AzureADDefaults.OpenIdScheme);
             }
         }
     }
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Controllers/TodoListController.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Controllers/TodoListController.cs
@@ -30,7 +30,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Rendering;
 using Microsoft.Identity.Web;
-using WebApp_OpenIDConnect_DotNet.BLL;
+using WebApp_OpenIDConnect_DotNet.Services;
 using WebApp_OpenIDConnect_DotNet.Models;
 using WebApp_OpenIDConnect_DotNet.Utils;
 
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README.md
@@ -43,14 +43,15 @@ For more information about apps and tenancy, see [Tenancy in Azure Active Direct
 
 This sample shows how to build a .NET Core MVC web application that uses the [OpenID Connect](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc) protocol to sign in users from multiple Azure AD tenants and acquire token for [Microsoft Graph](https://graph.microsoft.com) using the [Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview). It leverages the ASP.NET Core OpenID Connect middleware.
 
-The application puts forward a scenario where a SaaS application invites the administrators of Azure AD tenants to `enrol` their tenants into this app. This process is analogous to a customer `buying` a SaaS product.  
+The application puts forward a scenario where a SaaS application invites the administrators of Azure AD tenants to `enroll` their tenants into this app. This process is analogous to a customer `buying` a SaaS product.  
 
- 1. Once you start the application, it will ask you to sign-in as an administrator. If its your first time signing-in, you'd land on a page with a heading **Unauthorized Tenant**. Click on the **Take me to the onboarding process** button to onboard your tenant to this application.
- 1. Once you have **Registered your tenant** 
+ 1. Once you start the application, you will land in the homepage where you can sign-in or onboard your tenant.
+ 1. If you sign-in before onboarding your tenant, you'd land on a page with a heading **Unauthorized Tenant**. Click on the **Take me to the onboarding process** button to onboard your tenant to this application.
+ 1. On the onboarding page, you will be asked to sign-in as an **administrator** and accept an **admin consent** for the application.
+ 1. Once you have **registered your tenant**, all users from that tenant will be able to sign-in and explore the todo list.
 
 > Looking for previous versions of this code sample? Check out the tags on the [releases](../../releases) GitHub page.
 
-
 ## How to run this sample
 
 To run this sample:
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/ReadmeFiles/topology.png b/2-WebApp-graph-user/2-3-Multi-Tenant/ReadmeFiles/topology.png
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Services/IMSGraphService.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Services/IMSGraphService.cs
@@ -26,7 +26,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 using System.Collections.Generic;
 using System.Threading.Tasks;
 
-namespace WebApp_OpenIDConnect_DotNet.BLL
+namespace WebApp_OpenIDConnect_DotNet.Services
 {
     public interface IMSGraphService
     {
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Services/ITodoItemService.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Services/ITodoItemService.cs
@@ -27,7 +27,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 using System.Threading.Tasks;
 using WebApp_OpenIDConnect_DotNet.Models;
 
-namespace WebApp_OpenIDConnect_DotNet.BLL
+namespace WebApp_OpenIDConnect_DotNet.Services
 {
     public interface ITodoItemService
     {
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Services/MSGraphService.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Services/MSGraphService.cs
@@ -31,7 +31,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 using System.Net.Http.Headers;
 using System.Threading.Tasks;
 
-namespace WebApp_OpenIDConnect_DotNet.BLL
+namespace WebApp_OpenIDConnect_DotNet.Services
 {
     public class MSGraphService : IMSGraphService
     {
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Services/TodoItemService.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Services/TodoItemService.cs
@@ -32,7 +32,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 using WebApp_OpenIDConnect_DotNet.DAL;
 using WebApp_OpenIDConnect_DotNet.Models;
 
-namespace WebApp_OpenIDConnect_DotNet.BLL
+namespace WebApp_OpenIDConnect_DotNet.Services
 {
     public class TodoItemService : ITodoItemService
     {
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs b/2-WebApp-graph-user/2-3-Multi-Tenant/Startup.cs
@@ -38,7 +38,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 using System;
 using System.Linq;
 using System.Threading.Tasks;
-using WebApp_OpenIDConnect_DotNet.BLL;
+using WebApp_OpenIDConnect_DotNet.Services;
 using WebApp_OpenIDConnect_DotNet.DAL;
 using WebApp_OpenIDConnect_DotNet.Utils;
 
@@ -79,7 +79,7 @@ public void ConfigureServices(IServiceCollection services)
 
             services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
             {
-                options.Events.OnTokenValidated = async context => 
+                options.Events.OnTokenValidated = async context =>
                 {
                     string tenantId = context.SecurityToken.Claims.FirstOrDefault(x => x.Type == "tid" || x.Type == "http://schemas.microsoft.com/identity/claims/tenantid")?.Value;
 
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Views/Home/Index.cshtml b/2-WebApp-graph-user/2-3-Multi-Tenant/Views/Home/Index.cshtml
@@ -12,36 +12,39 @@
     This sample shows how to build a .NET Core MVC Web app that uses OpenID Connect to sign in users. Users can use work and school accounts from any company or organization that has integrated with Azure Active Directory. It leverages the ASP.NET Core OpenID Connect middleware.
 </p>
 <img src="https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/raw/master/1-WebApp-OIDC/1-2-AnyOrg/ReadmeFiles/sign-in.png" />
-<hr />
 
-<h2>Authorized Tenants</h2>
-<p>
-    These are the authorized tenants on the database. If you want to repeat the onboarding process, offboard the desired tenant from this list.
-</p>
-<p>
-    Offboarding the signed user's tenant, will trigger a <b>sign-out.</b>
-</p>
+@if (User.Identity.IsAuthenticated)
+{
+    <hr />
+    <h2>Authorized Tenants</h2>
+    <p>
+        These are the authorized tenants on the database. If you want to repeat the onboarding process, offboard the desired tenant from this list.
+    </p>
+    <p>
+        Offboarding the signed user's tenant, will trigger a <b>sign-out.</b>
+    </p>
 
-<table class="table">
-    <thead>
-        <tr>
-            <th>Tenant Id</th>
-            <th></th>
-        </tr>
-    </thead>
-    <tbody>
-        @foreach (var tenant in Model)
-        {
+    <table class="table">
+        <thead>
             <tr>
-                <td>
-                    <span>@tenant.TenantId</span>
-                    @if (tenant.TenantId == User.GetTenantId())
-                    {
-                        <span class="label label-primary">your tenant</span>
-                    }
-                </td>
-                <td><a asp-controller="Home" asp-action="DeleteTenant" asp-route-id=@tenant.TenantId class="btn btn-danger">Offboard</a></td>
+                <th>Tenant Id</th>
+                <th></th>
             </tr>
-        }
-    </tbody>
-</table>
+        </thead>
+        <tbody>
+            @foreach (var tenant in Model)
+            {
+                <tr>
+                    <td>
+                        <span>@tenant.TenantId</span>
+                        @if (tenant.TenantId == User.GetTenantId())
+                        {
+                            <span class="label label-primary">your tenant</span>
+                        }
+                    </td>
+                    <td><a asp-controller="Home" asp-action="DeleteTenant" asp-route-id=@tenant.TenantId class="btn btn-danger">Offboard</a></td>
+                </tr>
+            }
+        </tbody>
+    </table>
+}
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Views/Shared/_Layout.cshtml b/2-WebApp-graph-user/2-3-Multi-Tenant/Views/Shared/_Layout.cshtml
@@ -3,7 +3,7 @@
 <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>@ViewData["Title"] -  WebApp_OpenIDConnect_DotNet</title>
+    <title>@ViewData["Title"] -  WebApp Multi-Tenant SaaS</title>
 
     <environment include="Development">
         <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.css" />
@@ -26,7 +26,7 @@
                     <span class="icon-bar"></span>
                     <span class="icon-bar"></span>
                 </button>
-                <a asp-area="" asp-controller="Home" asp-action="Index" class="navbar-brand">WebApp_OpenIDConnect_DotNet</a>
+                <a asp-area="" asp-controller="Home" asp-action="Index" class="navbar-brand">WebApp Multi-Tenant SaaS</a>
             </div>
             <div class="navbar-collapse collapse">
                 <ul class="nav navbar-nav">
@@ -44,7 +44,7 @@
         @RenderBody()
         <hr />
         <footer>
-            <p>&copy; 2018 -  WebApp_OpenIDConnect_DotNet</p>
+            <p>&copy; 2019 -  WebApp Multi-Tenant SaaS</p>
         </footer>
     </div>
 
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/Views/Shared/_LoginPartial.cshtml b/2-WebApp-graph-user/2-3-Multi-Tenant/Views/Shared/_LoginPartial.cshtml
@@ -9,7 +9,8 @@
 }
 else
 {
-    <ul class="nav navbar-nav navbar-right">
-        <li><a asp-area="AzureAD" asp-controller="Account" asp-action="SignIn">Sign in</a></li>
-    </ul>
+<ul class="nav navbar-nav navbar-right">
+    <li><a asp-area="" asp-controller="Onboarding" asp-action="Signup">Onboard</a></li>
+    <li><a asp-area="AzureAD" asp-controller="Account" asp-action="SignIn">Sign in</a></li>
+</ul>
 }
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj b/2-WebApp-graph-user/2-3-Multi-Tenant/WebApp-OpenIDConnect-DotNet.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <TargetFramework>netcoreapp2.2</TargetFramework>
-    <UserSecretsId>aspnet-WebApp_OpenIDConnect_DotNet-81EA87AD-E64D-4755-A1CC-5EA47F49B5D8</UserSecretsId>
+    <UserSecretsId>aspnet-WebApp_OpenIDConnect_DotNet-99C23405-82C0-4B27-8A15-F3B0744E06BE</UserSecretsId>
     <WebProject_DirectoryAccessLevelKey>0</WebProject_DirectoryAccessLevelKey>
     <RootNamespace>WebApp_OpenIDConnect_DotNet</RootNamespace>
   </PropertyGroup>

Original file line number	Diff line number	Diff line change
`@@ -23,16 +23,18 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
`23`	`23`	`*/`
`24`	`24`
`25`	`25`	`using Microsoft.AspNetCore.Authorization;`
	`26`	`+using Microsoft.AspNetCore.Http.Authentication;`
`26`	`27`	`using Microsoft.AspNetCore.Mvc;`
`27`	`28`	`using Microsoft.Identity.Web;`
`28`	`29`	`using System.Diagnostics;`
`29`	`30`	`using System.Linq;`
	`31`	`+using System.Threading.Tasks;`
`30`	`32`	`using WebApp_OpenIDConnect_DotNet.DAL;`
`31`	`33`	`using WebApp_OpenIDConnect_DotNet.Models;`
`32`	`34`
`33`	`35`	`namespace WebApp_OpenIDConnect_DotNet.Controllers`
`34`	`36`	`{`
`35`		`- [Authorize]`
	`37`	`+ [AllowAnonymous]`
`36`	`38`	`public class HomeController : Controller`
`37`	`39`	`{`
`38`	`40`	`private readonly SampleDbContext dbContext;`
`@@ -62,14 +64,12 @@ public IActionResult DeleteTenant(string id)`
`62`	`64`	`return RedirectToAction("Index");`
`63`	`65`	`}`
`64`	`66`
`65`		`- [AllowAnonymous]`
`66`	`67`	`[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]`
`67`	`68`	`public IActionResult UnauthorizedTenant()`
`68`	`69`	`{`
`69`	`70`	`return View();`
`70`	`71`	`}`
`71`	`72`
`72`		`- [AllowAnonymous]`
`73`	`73`	`[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]`
`74`	`74`	`public IActionResult Error()`
`75`	`75`	`{`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
`26`	`26`	`using System.Collections.Generic;`
`27`	`27`	`using System.Threading.Tasks;`
`28`	`28`
`29`		`-namespace WebApp_OpenIDConnect_DotNet.BLL`
	`29`	`+namespace WebApp_OpenIDConnect_DotNet.Services`
`30`	`30`	`{`
`31`	`31`	`public interface IMSGraphService`
`32`	`32`	`{`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
`27`	`27`	`using System.Threading.Tasks;`
`28`	`28`	`using WebApp_OpenIDConnect_DotNet.Models;`
`29`	`29`
`30`		`-namespace WebApp_OpenIDConnect_DotNet.BLL`
	`30`	`+namespace WebApp_OpenIDConnect_DotNet.Services`
`31`	`31`	`{`
`32`	`32`	`public interface ITodoItemService`
`33`	`33`	`{`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
`31`	`31`	`using System.Net.Http.Headers;`
`32`	`32`	`using System.Threading.Tasks;`
`33`	`33`
`34`		`-namespace WebApp_OpenIDConnect_DotNet.BLL`
	`34`	`+namespace WebApp_OpenIDConnect_DotNet.Services`
`35`	`35`	`{`
`36`	`36`	`public class MSGraphService : IMSGraphService`
`37`	`37`	`{`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
`32`	`32`	`using WebApp_OpenIDConnect_DotNet.DAL;`
`33`	`33`	`using WebApp_OpenIDConnect_DotNet.Models;`
`34`	`34`
`35`		`-namespace WebApp_OpenIDConnect_DotNet.BLL`
	`35`	`+namespace WebApp_OpenIDConnect_DotNet.Services`
`36`	`36`	`{`
`37`	`37`	`public class TodoItemService : ITodoItemService`
`38`	`38`	`{`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
`38`	`38`	`using System;`
`39`	`39`	`using System.Linq;`
`40`	`40`	`using System.Threading.Tasks;`
`41`		`-using WebApp_OpenIDConnect_DotNet.BLL;`
	`41`	`+using WebApp_OpenIDConnect_DotNet.Services;`
`42`	`42`	`using WebApp_OpenIDConnect_DotNet.DAL;`
`43`	`43`	`using WebApp_OpenIDConnect_DotNet.Utils;`
`44`	`44`
`@@ -79,7 +79,7 @@ public void ConfigureServices(IServiceCollection services)`
`79`	`79`
`80`	`80`	`services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>`
`81`	`81`	`{`
`82`		`- options.Events.OnTokenValidated = async context =>`
	`82`	`+ options.Events.OnTokenValidated = async context =>`
`83`	`83`	`{`
`84`	`84`	`string tenantId = context.SecurityToken.Claims.FirstOrDefault(x => x.Type == "tid" \|\| x.Type == "http://schemas.microsoft.com/identity/claims/tenantid")?.Value;`
`85`	`85`