You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The application can be built using either an automatic or manual configuration.
32
31
33
32
### Automatic configuration
@@ -60,20 +59,16 @@ To register the application and add the registration information to the solution
60
59
61
60
#### Step 2: Download your Visual Studio project
62
61
63
-
64
62
[Download the Visual Studio project](https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/archive/master.zip)
65
63
66
-
This project can be run in either Visual Studio or Visual Studio for Mac and can be downloaded from the [code sample](https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/archive/master.zip).
67
-
64
+
This project can be run in either Visual Studio or Visual Studio for Mac and can be downloaded from the [code sample](https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/archive/master.zip).
1. Extract the *.zip* file to a local folder that's close to the root of the disk to avoid errors caused by path length limitations on Windows. For example, extract to *C:\Azure-Samples*.
75
71
76
-
77
72
1. Open the solution in Visual Studio: *1-Call-MSGraph\daemon-console.sln* (optional).
78
73
1. In *appsettings.json*, replace the values of `Tenant`, `ClientId`, and `ClientSecret`. The value for the application (client) ID and the directory (tenant) ID, can be found in the app's **Overview** page on the Azure portal.
79
74
@@ -89,7 +84,6 @@ This project can be run in either Visual Studio or Visual Studio for Mac and can
89
84
- Replace `Enter_the_Client_Secret_Here` with the client secret that you created in step 1.
90
85
To generate a new key, go to the **Certificates & secrets** page.
91
86
92
-
93
87
#### Step 4: Admin consent
94
88
95
89
Running the application now results in the output `HTTP 403 - Forbidden* error: "Insufficient privileges to complete the operation`. This error occurs because any app-only permission requires a global administrator of the directory to give consent to the application. Select one of the following options, depending on the role.
@@ -98,7 +92,6 @@ Running the application now results in the output `HTTP 403 - Forbidden* error:
98
92
99
93
For a global tenant administrator, go to **Enterprise applications** in the Azure portal. Select the app registration, and select **Permissions** from the **Security** section of the left pane. Then select the large button labeled **Grant admin consent for {Tenant Name}** (where **{Tenant Name}** is the name of the directory).
100
94
101
-
102
95
##### Standard user
103
96
104
97
For a standard user of your tenant, ask a global administrator to grant admin consent to the application. To do this, provide the following URL to the administrator:
* Replace `Enter_the_Tenant_Id_Here` with the tenant ID or tenant name (for example, `contoso.microsoft.com`).
112
-
*`Enter_the_Application_Id_Here` is the application (client) ID for the registered application.
104
+
105
+
- Replace `Enter_the_Tenant_Id_Here` with the tenant ID or tenant name (for example, `contoso.microsoft.com`).
106
+
-`Enter_the_Application_Id_Here` is the application (client) ID for the registered application.
113
107
114
108
The error `AADSTS50011: No reply address is registered for the application` may be displayed after you grant consent to the app by using the preceding URL. This error occurs because the application and the URL don't have a redirect URI. This can be ignored.
115
109
@@ -121,12 +115,14 @@ In Visual Studio, press **F5** to run the application. Otherwise, run the applic
121
115
cd {ProjectFolder}\1-Call-MSGraph\daemon-console
122
116
dotnet run
123
117
```
118
+
124
119
In that code:
125
-
*`{ProjectFolder}` is the folder where you extracted the .zip file. An example is `C:\Azure-Samples\active-directory-dotnetcore-daemon-v2`.
120
+
121
+
-`{ProjectFolder}` is the folder where you extracted the .zip file. An example is `C:\Azure-Samples\active-directory-dotnetcore-daemon-v2`.
126
122
127
123
A list of users in Azure Active Directory should be displayed as a result.
128
124
129
-
This quickstart application uses a client secret to identify itself as a confidential client. The client secret is added as a plain-text file to the project files. For security reasons, we recommend to use a certificate instead of a client secret before considering the application as a production application. For more information on how to use a certificate, see [these instructions](https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/#variation-daemon-application-using-client-credentials-with-certificates).
125
+
This quickstart application uses a client secret to identify itself as a confidential client. The client secret is added as a plain-text file to the project files. For security reasons, it is recommended to use a certificate instead of a client secret before considering the application as a production application. For more information on how to use a certificate, see [these instructions](https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/#variation-daemon-application-using-client-credentials-with-certificates).
Copy file name to clipboardExpand all lines: articles/active-directory/develop/includes/web-api/quickstart-aspnet-core.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -49,7 +49,7 @@ First, register the web API in your Azure AD tenant and add a scope by following
49
49
50
50
> [!Note]
51
51
> The code sample currently targets ASP.NET Core 3.1. The sample can be updated to use .NET Core 6.0 and is covered in the following steps: [Update the sample code to ASP.NET Core 6.0](#step-4-update-the-sample-code-to-aspnet-core-60)
52
-
This quickstart will be deprecated in the near future and will be updated to use .NET 6.0.
52
+
This quickstart will be deprecated in the near future and will be updated to use .NET 6.0.
53
53
54
54
## Step 3: Configure the ASP.NET Core project
55
55
@@ -90,7 +90,7 @@ To update this code sample to target ASP.NET Core 6.0, follow these steps:
90
90
<TargetFramework>netcoreapp6.0</TargetFramework>
91
91
```
92
92
93
-
This step will ensure that the sample is targeting .NET 6.0.
93
+
This step will ensure that the sample is targeting the .NET Core 6.0 framework.
#Customer intent: As an application developer, I want to know how to set up OpenId Connect authentication in a web application that's built by using Node.js with Express.
15
15
---
16
16
17
-
The following quickstart uses quickstart, uses a code sample that demonstrates how to protect an ASP.NET web API by restricting access to its resources to authorized accounts only. The sample supports authorization of personal Microsoft accounts and accounts in any Azure Active Directory (Azure AD) organization.
17
+
The following quickstart uses, uses a code sample that demonstrates how to protect an ASP.NET web API by restricting access to its resources to authorized accounts only. The sample supports authorization of personal Microsoft accounts and accounts in any Azure Active Directory (Azure AD) organization.
18
18
19
19
The article also uses a Windows Presentation Foundation (WPF) app to demonstrate how to request an access token to access a web API.
> We apologize for the inconvenience and appreciate your patience while we work to get this resolved.
26
26
27
27
> [!div renderon="portal" class="sxs-lookup"]
28
-
> In this quickstart, you download an ASP.NET Core web API code sample and review the way it restricts resource access to authorized accounts only. The sample supports authorization of personal Microsoft accounts and accounts in any Azure Active Directory (Azure AD) organization.
29
-
>
30
-
>
28
+
> The following quickstart uses a ASP.NET Core web API code sample to demonstrate how to restrict resource access to authorized accounts. The sample supports authorization of personal Microsoft accounts and accounts in any Azure Active Directory (Azure AD) organization.
29
+
>
30
+
>
31
31
> ## Prerequisites
32
32
>
33
33
> - Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
34
34
> -[Azure Active Directory tenant](quickstart-create-new-tenant.md)
> -[Visual Studio 2022](https://visualstudio.microsoft.com/vs/) or [Visual Studio Code](https://code.visualstudio.com/)
37
37
>
38
38
> ## Step 1: Register the application
39
39
>
40
40
> First, register the web API in your Azure AD tenant and add a scope by following these steps:
41
41
>
42
42
> 1. Sign in to the [Azure portal](https://portal.azure.com/).
43
-
> 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which you want to register the application.
43
+
> 1. If access to multiple tenants is available, use the **Directories + subscriptions** filter :::image type="icon" source=".\media\common\portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the tenant in which to register the application.
44
44
> 1. Search for and select **Azure Active Directory**.
45
45
> 1. Under **Manage**, select **App registrations** > **New registration**.
46
-
> 1. For **Name**, enter a name for your application. For example, enter **AspNetCoreWebApi-Quickstart**. Users of your app will see this name, and you can change it later.
46
+
> 1. For **Name**, enter a name for the application. For example, enter **AspNetCoreWebApi-Quickstart**. Users of the app will see this name, and can be changed later.
47
47
> 1. Select **Register**.
48
-
> 1. Under **Manage**, select **Expose an API** > **Add a scope**. For **Application ID URI**, accept the default by selecting **Save and continue**, and then enter the following details:
> -**User consent description**: `Allow the application to access AspNetCoreWebApi-Quickstart on your behalf.`
55
-
> -**State**: **Enabled**
48
+
> 1. Under **Manage**, select **Expose an API** > **Add a scope**. For **Application ID URI**, accept the default by selecting **Save and continue**, and then enter the following details:
> -**User consent description**: `Allow the application to access AspNetCoreWebApi-Quickstart on your behalf.`
55
+
> -**State**: **Enabled**
56
56
> 1. Select **Add scope** to complete the scope addition.
57
57
>
58
58
> ## Step 2: Download the ASP.NET Core project
59
59
>
60
60
> [Download the ASP.NET Core solution](https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/archive/aspnetcore3-1.zip) from GitHub.
> The code sample currently targets ASP.NET Core 3.1. The sample can be updated to use .NET Core 6.0 and is covered in the following steps: [Update the sample code to ASP.NET Core 6.0](#step-4-update-the-sample-code-to-aspnet-core-60).
64
+
This quickstart will be deprecated in the near future and will be updated to use .NET 6.0.
65
+
>
63
66
>
64
67
>
65
68
> ## Step 3: Configure the ASP.NET Core project
66
69
>
67
-
> In this step, configure the sample code to work with the app registration that you created earlier.
68
-
>
69
-
> 1. Extract the .zip archive into a folder near the root of your drive. For example, extract into *C:\Azure-Samples*.
70
-
>
71
-
> We recommend extracting the archive into a directory near the root of your drive to avoid errors caused by path length limitations on Windows.
70
+
> In this step, the sample code will be configured to work with the app registration that was created earlier.
72
71
>
72
+
> 1. Extract the *.zip* file to a local folder that's close to the root of the disk to avoid errors caused by path length limitations on Windows. For example, extract to *C:\Azure-Samples*.
73
+
>
73
74
> 1. Open the solution in the *webapi* folder in your code editor.
74
-
> 1.Open the *appsettings.json* file and modify the following code:
75
+
> 1.In *appsettings.json*, replace the values of `ClientId`, and `TenantId`.
75
76
>
76
77
> ```json
77
78
> "ClientId": "Enter_the_Application_Id_here",
78
79
> "TenantId": "Enter_the_Tenant_Info_Here"
79
80
> ```
80
81
>
81
-
> - Replace `Enter_the_Application_Id_here` with the application (client) ID of the application that you registered in the Azure portal. You can find the application (client) ID on the app's **Overview** page.
82
+
> - `Enter_the_Application_Id_Here` is the application (client) ID for the registered application.
82
83
> - Replace `Enter_the_Tenant_Info_Here` with one of the following:
83
-
> - If your application supports **Accounts in this organizational directory only**, replace this value with the directory (tenant) ID (a GUID) or tenant name (for example, `contoso.onmicrosoft.com`). You can find the directory (tenant) ID on the app's **Overview** page.
84
-
> - If your application supports **Accounts in any organizational directory**, replace this value with `organizations`.
85
-
> - If your application supports **All Microsoft account users**, leave this value as `common`.
84
+
> - If the application supports **Accounts in this organizational directory only**, replace this value with the directory (tenant) ID (a GUID) or tenant name (for example, `contoso.onmicrosoft.com`). The directory (tenant) ID can be found on the app's **Overview** page.
85
+
> - If the application supports **Accounts in any organizational directory**, replace this value with `organizations`.
86
+
> - If the application supports **All Microsoft account users**, leave this value as `common`.
86
87
>
87
88
> For this quickstart, don't change any other values in the *appsettings.json* file.
88
89
>
90
+
> ### Step 4: Update the sample code to ASP.NET Core 6.0
91
+
>
92
+
> To update this code sample to target ASP.NET Core 6.0, follow these steps:
> This step will ensure that the sample is targeting the .NET Core 6.0 framework.
108
+
>
109
+
> ### Step 5: Run the sample
110
+
>
111
+
> 1. Open a terminal and change directory to the project folder.
112
+
>
113
+
> ```powershell
114
+
> cd webapi
115
+
> ```
116
+
>
117
+
> 1. Run the following command to build the solution:
118
+
>
119
+
> ```powershell
120
+
> dotnet run
121
+
> ```
122
+
>
123
+
> If the build has been successful, the following output is displayed:
124
+
>
125
+
> ```powershell
126
+
> Building...
127
+
> info: Microsoft.Hosting.Lifetime[0]
128
+
> Now listening on: https://localhost:{port}
129
+
> info: Microsoft.Hosting.Lifetime[0]
130
+
> Now listening on: http://localhost:{port}
131
+
> info: Microsoft.Hosting.Lifetime[0]
132
+
> Application started. Press Ctrl+C to shut down.
133
+
> ...
134
+
> ```
135
+
>
89
136
> ## How the sample works
90
137
>
91
138
> The web API receives a token from a client application, and the code in the web API validates the token. This scenario is explained in more detail in [Scenario: Protected web API](scenario-protected-web-api-overview.md).
> The `AddAuthentication()` method configures the service to add JwtBearer-based authentication.
106
153
>
107
-
> The line that contains `.AddMicrosoftIdentityWebApi` adds the Microsoft identity platform authorization to your web API. It's then configured to validate access tokens issued by the Microsoft identity platform based on the information in the `AzureAD` section of the *appsettings.json* configuration file:
154
+
> The line that contains `.AddMicrosoftIdentityWebApi` adds the Microsoft identity platform authorization to the web API. It's then configured to validate access tokens issued by the Microsoft identity platform based on the information in the `AzureAD` section of the *appsettings.json* configuration file:
> | `ClientId` | Application (client) ID of the application registered in the Azure portal. |
112
160
> | `Instance` | Security token service (STS) endpoint for the user to authenticate. This value is typically `https://login.microsoftonline.com/`, indicating the Azure public cloud. |
> ### Protecting a controller, a controller's method, or a Razor page
129
177
>
130
-
> You can protect a controller or controller methods by using the `[Authorize]` attribute. This attribute restricts access to the controller or methods by allowing only authenticated users. An authentication challenge can be started to access the controller if the user isn't authenticated.
178
+
> A controller or controller methods can be protected by using the `[Authorize]` attribute. This attribute restricts access to the controller or methods by allowing only authenticated users. An authentication challenge can be started to access the controller if the user isn't authenticated.
0 commit comments