Minor fixes

Author: Tiago Brenck

5-WebApp-AuthZ/5-2-Groups/Controllers/UserProfileController.cs

@@ -9,7 +9,8 @@
 
 namespace WebApp_OpenIDConnect_DotNet.Controllers
 {
-    // [Authorize(Roles = "8873daa2-17af-4e72-973e-930c94ef7549")] // Using groups ids in the Authorize attribute
+    // This is how groups ids/names are used in the Authorize attribute
+    //[Authorize(Roles = "8873daa2-17af-4e72-973e-930c94ef7549")] 
     public class UserProfileController : Controller
     {
         private readonly ITokenAcquisition tokenAcquisition;
@@ -24,7 +25,7 @@ public UserProfileController(ITokenAcquisition tokenAcquisition, IMSGraphService
         [AuthorizeForScopes(Scopes = new[] { Constants.ScopeUserRead, Constants.ScopeDirectoryReadAll })]        
         public async Task<IActionResult> Index()
         {
-            // Using group ids/names in the IsInRole method
+            // This is how group ids/names are used in the IsInRole method
             // var isinrole = User.IsInRole("8873daa2-17af-4e72-973e-930c94ef7549");
 
             string accessToken = await tokenAcquisition.GetAccessTokenForUserAsync(new[] { Constants.ScopeUserRead, Constants.ScopeDirectoryReadAll });

5-WebApp-AuthZ/5-2-Groups/README.md

@@ -316,8 +316,7 @@ This project was created using the following command.
     > Note: Replace *`Enter_the_Application_Id_here`* with the *Application Id* from the application Id you just registered in the Application Registration Portal and *`<yourTenantId>`* with the *Directory (tenant) ID* where you created your application.
 
 1. Open the generated project (.csproj) in Visual Studio, and save the solution.
-1. Add the `Microsoft.Identity.Web.csproj` project which is located at the root of this sample repo, to your solution (**Add Existing Project ...**). It's used to simplify signing-in and, in the next tutorial phases, to get a token
-1. Add a reference from your newly generated project to `Microsoft.Identity.Web` (right click on the **Dependencies** node under your new project, and choose **Add Reference ...**, and then in the projects tab find the `Microsoft.Identity.Web` project)
+1. Add the `Microsoft.Identity.Web` NuGet package. It's used to simplify signing-in and, in the next tutorial phases, to get a token.
 1. Open the **Startup.cs** file and:
 
    - at the top of the file, add the following using directive:

5-WebApp-AuthZ/5-2-Groups/Startup.cs

@@ -35,21 +35,18 @@ public void ConfigureServices(IServiceCollection services)
                 options.HandleSameSiteCookieCompatibility();
             });
 
-            // TODO: Tiago, please investigate
-            //// Sign-in users with the Microsoft identity platform
-            //services.AddSignIn(options =>
-            //    {
-            //        // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole()
-            //        // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info.
-            //        //    // Use the groups claim for populating roles
-            //        //    options.TokenValidationParameters.RoleClaimType = "groups";
-            //    }, options => 
-            //    {
-            //        Configuration.Bind("AzureAd", options);
-            //    });
-
+            // Sign-in users with the Microsoft identity platform
             services.AddSignIn(Configuration);
 
+            // If you want to use group ids/names in the Authorize attribute then uncomment the following lines:
+            //services.Configure<OpenIdConnectOptions>(options => 
+            //{
+            //    // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole()
+            //    // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info.
+            //    // Use the groups claim for populating roles
+            //    options.TokenValidationParameters.RoleClaimType = "groups";
+            //});
+
             services.AddWebAppCallsProtectedWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" })
                 .AddInMemoryTokenCaches();
 

5-WebApp-AuthZ/5-2-Groups/Views/Shared/_Layout.cshtml

@@ -26,11 +26,12 @@
                     <span class="icon-bar"></span>
                     <span class="icon-bar"></span>
                 </button>
-                <a asp-area="" asp-controller="Home" asp-action="Index" class="navbar-brand">@ViewData["Title"]</a>
+                <a asp-area="" asp-controller="Home" asp-action="Index" class="navbar-brand">AuthZ-Groups</a>
             </div>
             <div class="navbar-collapse collapse">
                 <ul class="nav navbar-nav">
                     <li><a asp-area="" asp-controller="Home" asp-action="Index">Home</a></li>
+                    <li><a asp-area="" asp-controller="UserProfile" asp-action="Index">Profile and Groups</a></li>
                 </ul>
                 <partial name="_LoginPartial" />
             </div>