Ready for review

Author: Kalyan Krishna

4-WebApp-your-API/4-1-Your-API/AppCreationScripts/Cleanup.ps1

@@ -49,25 +49,25 @@ This function removes the Azure AD applications for the sample. These applicatio
     # Removes the applications
     Write-Host "Cleaning-up applications from tenant '$tenantName'"
 
-    Write-Host "Removing 'service' (TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)) if needed"
-    Get-AzureADApplication -Filter "DisplayName eq 'TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
-    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)'"
+    Write-Host "Removing 'service' (TodoListService-aspnetcore-webapi) if needed"
+    Get-AzureADApplication -Filter "DisplayName eq 'TodoListService-aspnetcore-webapi'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
+    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListService-aspnetcore-webapi'"
     if ($apps)
     {
         Remove-AzureADApplication -ObjectId $apps.ObjectId
     }
-    Get-AzureRmADServicePrincipal -SearchString "TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)" | ForEach-Object {Remove-AzureRmADServicePrincipal -ObjectId $_.Id -Confirm:$false}
-    Write-Host "Removed TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)."
+    # Get-AzureRmADServicePrincipal -SearchString "TodoListService-aspnetcore-webapi" | ForEach-Object {Remove-AzureRmADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    Write-Host "Removed TodoListService-aspnetcore-webapi."
 
-    Write-Host "Removing 'client' (TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2)) if needed"
-    Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2)'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
-    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2)'"
+    Write-Host "Removing 'client' (TodoListClient-aspnetcore-webapi) if needed"
+    Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient-aspnetcore-webapi'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
+    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient-aspnetcore-webapi'"
     if ($apps)
     {
         Remove-AzureADApplication -ObjectId $apps.ObjectId
     }
-    Get-AzureRmADServicePrincipal -SearchString "TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2)" | ForEach-Object {Remove-AzureRmADServicePrincipal -ObjectId $_.Id -Confirm:$false}
-    Write-Host "Removed TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2)."
+    # Get-AzureRmADServicePrincipal -SearchString "TodoListClient-aspnetcore-webapi" | ForEach-Object {Remove-AzureRmADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    Write-Host "Removed TodoListClient-aspnetcore-webapi."
 
 }
 

4-WebApp-your-API/4-1-Your-API/AppCreationScripts/Configure.ps1

@@ -145,8 +145,6 @@ Function ConfigureApplications
    so that they are consistent with the Applications parameters
 #> 
 
-    $commonendpoint = "common"
-
     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
 
@@ -180,8 +178,8 @@ Function ConfigureApplications
     $user = Get-AzureADUser -ObjectId $creds.Account.Id
 
    # Create the service AAD application
-   Write-Host "Creating the AAD application (TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2))"
-   $serviceAadApplication = New-AzureADApplication -DisplayName "TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)" `
+   Write-Host "Creating the AAD application (TodoListService-aspnetcore-webapi)"
+   $serviceAadApplication = New-AzureADApplication -DisplayName "TodoListService-aspnetcore-webapi" `
                                                    -HomePage "https://localhost:44351/" `
                                                    -PublicClient $False
    $serviceIdentifierUri = 'api://'+$serviceAadApplication.AppId
@@ -194,29 +192,29 @@ Function ConfigureApplications
    $owner = Get-AzureADApplicationOwner -ObjectId $serviceAadApplication.ObjectId
    if ($owner -eq $null)
    { 
-        Add-AzureADApplicationOwner -ObjectId $serviceAadApplication.ObjectId -RefObjectId $user.ObjectId
-        Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($serviceServicePrincipal.DisplayName)'"
+    Add-AzureADApplicationOwner -ObjectId $serviceAadApplication.ObjectId -RefObjectId $user.ObjectId
+    Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($serviceServicePrincipal.DisplayName)'"
    }
 
-   Write-Host "Done creating the service application (TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2))"
+   Write-Host "Done creating the service application (TodoListService-aspnetcore-webapi)"
 
    # URL of the AAD application in the Azure portal
    # Future? $servicePortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$serviceAadApplication.AppId+"/objectId/"+$serviceAadApplication.ObjectId+"/isMSAApp/"
    $servicePortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$serviceAadApplication.AppId+"/objectId/"+$serviceAadApplication.ObjectId+"/isMSAApp/"
-   Add-Content -Value "<tr><td>service</td><td>$currentAppId</td><td><a href='$servicePortalUrl'>TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)</a></td></tr>" -Path createdApps.html
+   Add-Content -Value "<tr><td>service</td><td>$currentAppId</td><td><a href='$servicePortalUrl'>TodoListService-aspnetcore-webapi</a></td></tr>" -Path createdApps.html
 
    # Create the client AAD application
-   Write-Host "Creating the AAD application (TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2))"
+   Write-Host "Creating the AAD application (TodoListClient-aspnetcore-webapi)"
    # Get a 2 years application key for the client Application
    $pw = ComputePassword
    $fromDate = [DateTime]::Now;
    $key = CreateAppKey -fromDate $fromDate -durationInYears 2 -pw $pw
    $clientAppKey = $pw
-   $clientAadApplication = New-AzureADApplication -DisplayName "TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2)" `
+   $clientAadApplication = New-AzureADApplication -DisplayName "TodoListClient-aspnetcore-webapi" `
                                                   -HomePage "https://localhost:44321/" `
                                                   -LogoutUrl "https://localhost:44321/signout-oidc" `
                                                   -ReplyUrls "https://localhost:44321/", "https://localhost:44321/signin-oidc" `
-                                                  -IdentifierUris "https://$tenantName/TodoListClient(active-directory-aspnetcore-webapp-openidconnect-v2)" `
+                                                  -IdentifierUris "https://$tenantName/TodoListClient-aspnetcore-webapi" `
                                                   -PasswordCredentials $key `
                                                   -Oauth2AllowImplicitFlow $true `
                                                   -PublicClient $False
@@ -228,22 +226,22 @@ Function ConfigureApplications
    $owner = Get-AzureADApplicationOwner -ObjectId $clientAadApplication.ObjectId
    if ($owner -eq $null)
    { 
-        Add-AzureADApplicationOwner -ObjectId $clientAadApplication.ObjectId -RefObjectId $user.ObjectId
-        Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($clientServicePrincipal.DisplayName)'"
+    Add-AzureADApplicationOwner -ObjectId $clientAadApplication.ObjectId -RefObjectId $user.ObjectId
+    Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($clientServicePrincipal.DisplayName)'"
    }
 
-   Write-Host "Done creating the client application (TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2))"
+   Write-Host "Done creating the client application (TodoListClient-aspnetcore-webapi)"
 
    # URL of the AAD application in the Azure portal
    # Future? $clientPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId+"/isMSAApp/"
    $clientPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId+"/isMSAApp/"
-   Add-Content -Value "<tr><td>client</td><td>$currentAppId</td><td><a href='$clientPortalUrl'>TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2)</a></td></tr>" -Path createdApps.html
+   Add-Content -Value "<tr><td>client</td><td>$currentAppId</td><td><a href='$clientPortalUrl'>TodoListClient-aspnetcore-webapi</a></td></tr>" -Path createdApps.html
 
    $requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
 
    # Add Required Resources Access (from 'client' to 'service')
    Write-Host "Getting access from 'client' to 'service'"
-   $requiredPermissions = GetRequiredPermissions -applicationDisplayName "TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)" `
+   $requiredPermissions = GetRequiredPermissions -applicationDisplayName "TodoListService-aspnetcore-webapi" `
                                                 -requiredDelegatedPermissions "user_impersonation" `
 
    $requiredResourcesAccess.Add($requiredPermissions)
@@ -263,7 +261,7 @@ Function ConfigureApplications
    Write-Host "Updating the sample code ($configFile)"
    $dictionary = @{ "Domain" = $tenantName;"TenantId" = $tenantId;"ClientId" = $clientAadApplication.AppId;"ClientSecret" = $clientAppKey;"TodoListScope" = ("api://"+$serviceAadApplication.AppId+"/user_impersonation");"TodoListBaseAddress" = $serviceAadApplication.HomePage };
    UpdateTextFile -configFilePath $configFile -dictionary $dictionary
-  
+
    Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html  
 }
 

4-WebApp-your-API/4-1-Your-API/AppCreationScripts/sample.json

@@ -1,6 +1,6 @@
 {
   "Sample": {
-    "Title": "How to secure a Web API built using ASP.NET Core using Microsoft identity platform (formerly Azure Active Directory for developers)",
+    "Title": "How to secure a Web API built with ASP.NET Core using the Microsoft identity platform (formerly Azure Active Directory for developers)",
     "Level": 200,
     "Client": "ASP.NET Core Web App",
     "Service": "ASP.NET Core Web API",
@@ -14,15 +14,15 @@
   "AADApps": [
     {
       "Id": "service",
-      "Name": "TodoListService (active-directory-aspnetcore-webapp-openidconnect-v2)",
+      "Name": "TodoListService-aspnetcore-webapi",
       "Kind": "WebApi",
       "Audience": "AzureADMyOrg",
       "HomePage": "https://localhost:44351/"
 
     },
     {
       "Id": "client",
-      "Name": "TodoListClient (active-directory-aspnetcore-webapp-openidconnect-v2)",
+      "Name": "TodoListClient-aspnetcore-webapi",
       "Kind": "WebApp",
       "Audience": "AzureADMyOrg",
       "HomePage": "https://localhost:44321/",

4-WebApp-your-API/4-1-Your-API/Client/Controllers/TodoListController.cs

@@ -1,51 +1,32 @@
-using System;
-using System.Collections;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
-using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Graph;
-using Microsoft.Identity.Web.Client;
+using TodoListClient.Services;
 using TodoListService.Models;
-using TodoListClient.Utils;
 
 namespace TodoListClient.Controllers
 {
     public class TodoListController : Controller
     {
-        ITokenAcquisition _tokenAcquisition;
-        IList<Todo> Model = new List<Todo>();
+        private ITodoListService _todoListService;
+        private IList<Todo> Model = new List<Todo>();
 
-        public TodoListController(ITokenAcquisition tokenAcquisition)
+        public TodoListController(ITodoListService todoListService)
         {
-            _tokenAcquisition = tokenAcquisition;
-
-
+            _todoListService = todoListService;
         }
 
         // GET: TodoList
-        public ActionResult Index()
+        public async Task<ActionResult> Index()
         {
-            if (HttpContext.Session.Get<IList<Todo>>("ToDoList") == null)
-            {
-                Model.Add(new Todo() { Id = 1, Owner = "[email protected]", Title = "do something" });
-                Model.Add(new Todo() { Id = 2, Owner = "[email protected]", Title = "do something else" });
-
-                HttpContext.Session.Set<IList<Todo>>("ToDoList", Model);
-            }
-
-            Model = HttpContext.Session.Get<IList<Todo>>("ToDoList");
-
-            return View(Model);
+            return View(await _todoListService.GetAsync());
         }
 
         // GET: TodoList/Details/5
-        public ActionResult Details(int id)
+        public async Task<ActionResult> Details(int id)
         {
-            Model = HttpContext.Session.Get<IList<Todo>>("ToDoList");
-
-            return View(Model.FirstOrDefault(x => x.Id == id));
+            return View(await _todoListService.GetAsync(id));
         }
 
         // GET: TodoList/Create
@@ -58,31 +39,16 @@ public ActionResult Create()
         // POST: TodoList/Create
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public ActionResult Create([Bind("Title,Owner")] Todo todo)
+        public async Task<ActionResult> Create([Bind("Title,Owner")] Todo todo)
         {
-            try
-            {
-                Model = HttpContext.Session.Get<IList<Todo>>("ToDoList");
-
-                int id = Model.OrderByDescending(x => x.Id).FirstOrDefault().Id + 1;
-
-                Model.Add(new Todo() { Id = id, Owner = HttpContext.User.Identity.Name, Title = todo.Title });
-                HttpContext.Session.Set<IList<Todo>>("ToDoList", Model);
-
-                return RedirectToAction(nameof(Index));
-            }
-            catch
-            {
-                return View();
-            }
+            await _todoListService.AddAsync(todo);
+            return RedirectToAction("Index");
         }
 
         // GET: TodoList/Edit/5
-        public ActionResult Edit(int id)
+        public async Task<ActionResult> Edit(int id)
         {
-            Model = HttpContext.Session.Get<IList<Todo>>("ToDoList");
-
-            Todo todo = Model.FirstOrDefault(x => x.Id == id);
+            Todo todo = await this._todoListService.GetAsync(id);
 
             if (todo == null)
             {
@@ -95,40 +61,16 @@ public ActionResult Edit(int id)
         // POST: TodoList/Edit/5
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public ActionResult Edit(int id, [Bind("Id,Title,Owner")] Todo todo)
+        public async Task<ActionResult> Edit(int id, [Bind("Id,Title,Owner")] Todo todo)
         {
-            try
-            {
-                if (id != todo.Id)
-                {
-                    return NotFound();
-                }
-
-                Model = HttpContext.Session.Get<IList<Todo>>("ToDoList");
-
-                if (Model.FirstOrDefault(x => x.Id == id) == null)
-                {
-                    return NotFound();
-                }
-
-                Model.Remove(Model.FirstOrDefault(x => x.Id == id));
-                Model.Add(todo);
-
-                HttpContext.Session.Set<IList<Todo>>("ToDoList", Model);
-                return RedirectToAction(nameof(Index));
-            }
-            catch
-            {
-                return View();
-            }
+            await _todoListService.EditAsync(todo);
+            return RedirectToAction("Index");
         }
 
         // GET: TodoList/Delete/5
-        public ActionResult Delete(int id)
+        public async Task<ActionResult> Delete(int id)
         {
-            Model = HttpContext.Session.Get<IList<Todo>>("ToDoList");
-
-            Todo todo = Model.FirstOrDefault(x => x.Id == id);
+            Todo todo = await this._todoListService.GetAsync(id);
 
             if (todo == null)
             {
@@ -141,31 +83,10 @@ public ActionResult Delete(int id)
         // POST: TodoList/Delete/5
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public ActionResult Delete(int id, [Bind("Id,Title,Owner")] Todo todo)
+        public async Task<ActionResult> Delete(int id, [Bind("Id,Title,Owner")] Todo todo)
         {
-            try
-            {
-                if (id != todo.Id)
-                {
-                    return NotFound();
-                }
-
-                Model = HttpContext.Session.Get<IList<Todo>>("ToDoList");
-
-                if (Model.FirstOrDefault(x => x.Id == id) == null)
-                {
-                    return NotFound();
-                }
-
-                Model.Remove(Model.FirstOrDefault(x => x.Id == id));
-                HttpContext.Session.Set<IList<Todo>>("ToDoList", Model);
-
-                return RedirectToAction(nameof(Index));
-            }
-            catch
-            {
-                return View();
-            }
+            await _todoListService.DeleteAsync(id);
+            return RedirectToAction("Index");
         }
     }
 }

4-WebApp-your-API/4-1-Your-API/Client/Services/ITodoListService.cs

@@ -0,0 +1,45 @@
+/*
+ The MIT License (MIT)
+
+Copyright (c) 2018 Microsoft Corporation
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ */
+
+ using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using TodoListService.Models;
+
+namespace TodoListClient.Services
+{
+    public interface ITodoListService
+    {
+        Task<IEnumerable<Todo>> GetAsync();
+
+        Task<Todo> GetAsync(int id);
+
+        Task DeleteAsync(int id);
+
+        Task<Todo> AddAsync(Todo todo);
+
+        Task<Todo> EditAsync(Todo todo);
+    }
+}