Merge pull request #166 from Azure-Samples/tibre/fix158

Tiago Brenck · web-flow · commit 6fafa7edc42d · 2019-08-27T13:35:29.000-07:00
Fix issue 158 - Share SQL token cache between different apps
diff --git a/2-WebApp-graph-user/2-2-TokenCache/README.md b/2-WebApp-graph-user/2-2-TokenCache/README.md
@@ -102,10 +102,19 @@ public void ConfigureServices(IServiceCollection services)
 The aforementioned four lines of code are explained below.
 
 1. The first two lines enable MSAL.NET to hook-up to the OpenID Connect events to redeem the authorization code obtained by the ASP.NET Core middleware. After obtaining a token for Microsoft Graph, it saves it into the token cache, for use by the Controllers.
-1. The last two lines hook up the Sql server database based token caching solution to MSAL.NET. The Sql based token cache requires a **Connection string** named `TokenCacheDbConnStr` available in the **ConnectionStrings** collections of the **appsettings.json** configuration file. 
+1. The last two lines hook up the Sql server database based token caching solution to MSAL.NET. The Sql based token cache requires a **Connection string** named `TokenCacheDbConnStr` available in the **ConnectionStrings** collections of the **appsettings.json** configuration file.
 
 The files `MSALAppSqlTokenCacheProvider.cs` and `MSALPerUserSqlTokenCacheProvider` of the `Microsoft.Identity.Web` project contains the app and per-user token cache implementations that use Sql server as the token cache.
 
+### Sharing the same Token Cache database between apps
+
+Since we are using `IDataProtector` to protect the token being persisted on the database, in order to enable it to be used between different apps, `SetApplicationName()` must be configured with the same value for all apps. You can read [more details about IDataProtector here.](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-2.2#setapplicationname)
+
+```csharp
+services.AddDataProtection()
+        .SetApplicationName("WebApp_Tutorial");
+```
+
 ## Next steps
 
 - Learn how to enable distributed caches in [token cache serialization](../2.2.%20token%20cache%20serialization)
diff --git a/4-WebApp-your-API/Client/Controllers/TodoListController.cs b/4-WebApp-your-API/Client/Controllers/TodoListController.cs
@@ -1,6 +1,5 @@
 ﻿using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Identity.Client;
 using Microsoft.Identity.Web.Client;
 using System.Threading.Tasks;
 using TodoListClient.Services;
diff --git a/Microsoft.Identity.Web/Client/TokenCacheProviders/Sql/MSALAppSqlTokenCacheProviderExtension.cs b/Microsoft.Identity.Web/Client/TokenCacheProviders/Sql/MSALAppSqlTokenCacheProviderExtension.cs
@@ -52,13 +52,13 @@ public static IServiceCollection AddSqlAppTokenCache(this IServiceCollection ser
         {
             // Uncomment the following lines to create the database. In production scenarios, the database
             // will most probably be already present.
-/*
+            /*
             var tokenCacheDbContextBuilder = new DbContextOptionsBuilder<TokenCacheDbContext>();
             tokenCacheDbContextBuilder.UseSqlServer(sqlTokenCacheOptions.SqlConnectionString);
 
             var tokenCacheDbContextForCreation = new TokenCacheDbContext(tokenCacheDbContextBuilder.Options);
             tokenCacheDbContextForCreation.Database.EnsureCreated();
-*/
+            */
             services.AddDataProtection();
 
             services.AddDbContext<TokenCacheDbContext>(options =>
@@ -84,13 +84,18 @@ public static IServiceCollection AddSqlPerUserTokenCache(this IServiceCollection
         {
             // Uncomment the following lines to create the database. In production scenarios, the database
             // will most probably be already present.
-            //var tokenCacheDbContextBuilder = new DbContextOptionsBuilder<TokenCacheDbContext>();
-            //tokenCacheDbContextBuilder.UseSqlServer(sqlTokenCacheOptions.SqlConnectionString);
+            /*
+            var tokenCacheDbContextBuilder = new DbContextOptionsBuilder<TokenCacheDbContext>();
+            tokenCacheDbContextBuilder.UseSqlServer(sqlTokenCacheOptions.SqlConnectionString);
 
-            //var tokenCacheDbContextForCreation = new TokenCacheDbContext(tokenCacheDbContextBuilder.Options);
-            //tokenCacheDbContextForCreation.Database.EnsureCreated();
+            var tokenCacheDbContextForCreation = new TokenCacheDbContext(tokenCacheDbContextBuilder.Options);
+            tokenCacheDbContextForCreation.Database.EnsureCreated();
+            */
 
-            services.AddDataProtection();
+            // To share protected payloads among apps, configure SetApplicationName in each app with the same value. 
+            // https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-2.2#setapplicationname
+            services.AddDataProtection()
+                .SetApplicationName("WebApp_Tutorial");
 
             services.AddDbContext<TokenCacheDbContext>(options =>
                 options.UseSqlServer(sqlTokenCacheOptions.SqlConnectionString));
