You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -49,7 +49,7 @@ Register your web API in **App registrations** in the Azure portal.
49
49
1. Enter a **Name** for your application, for example `AppModelv2-NativeClient-DotNet-TodoListService`. Users of your app might see this name, and you can change it later.
50
50
1. For **Supported account types**, select **Accounts in any organizational directory**.
51
51
1. Select **Register** to create the application.
52
-
1. On the app **Overview** page, look for the **Application (client) ID** value, and then record it for later use. You'll need it to configure the Visual Studio configuration file for this project (that is, `ClientId` in the *TodoListService\Web.config* file).
52
+
1. On the app **Overview** page, look for the **Application (client) ID** value, and then record it for later use. You'll need it to configure the Visual Studio configuration file for this project (that is, `ClientId` in the *TodoListService\appsettings.json* file).
53
53
1. Under **Manage**, select **Expose an API** > **Add a scope**. Accept the proposed Application ID URI (`api://{clientId}`) by selecting **Save and continue**, and then enter the following information:
54
54
55
55
1. For **Scope name**, enter `access_as_user`.
@@ -65,9 +65,9 @@ Register your web API in **App registrations** in the Azure portal.
65
65
66
66
Configure the service project to match the registered web API.
67
67
68
-
1. Open the solution in Visual Studio, and then open the *Web.config* file under the root of the TodoListService project.
68
+
1. Open the solution in Visual Studio, and then open the *appsettings.json* file under the root of the TodoListService project.
69
69
70
-
1. Replace the value of the `ida:ClientId` parameter with the Client ID (Application ID) value from the application you registered in the **App registrations** portal.
70
+
1. Replace the value of the `Enter_the_Application_Id_here` by the Client ID (Application ID) value from the application you registered in the **App registrations** portal both in the `ClientID` and the `Audience` properties.
71
71
72
72
### Add the new scope to the app.config file
73
73
@@ -167,18 +167,7 @@ You can allow users from other directories to access your web API by pre-authori
167
167
168
168
By default, any personal accounts, such as *outlook.com* or *live.com* accounts, or work or school accounts from organizations that are integrated with Azure AD can request tokens and access your web API.
169
169
170
-
To specify who can sign in to your application, use one of the following options:
171
-
172
-
### Option 1: Limit access to a single organization (single tenant)
173
-
174
-
You can limit sign-in access to your application to user accounts that are in a single Azure AD tenant, including guest accounts of that tenant. This scenario is common for line-of-business applications.
175
-
176
-
1. Open the *App_Start\Startup.Auth* file, and then change the value of the metadata endpoint that's passed into the `OpenIdConnectSecurityTokenProvider` to `https://login.microsoftonline.com/{Tenant ID}/v2.0/.well-known/openid-configuration`. You can also use the tenant name, such as `contoso.onmicrosoft.com`.
177
-
1. In the same file, set the `ValidIssuer` property on the `TokenValidationParameters` to `https://sts.windows.net/{Tenant ID}/`, and set the `ValidateIssuer` argument to `true`.
178
-
179
-
### Option 2: Use a custom method to validate issuers
180
-
181
-
You can implement a custom method to validate issuers by using the `IssuerValidator` parameter. For more information about this parameter, see [TokenValidationParameters class](/dotnet/api/microsoft.identitymodel.tokens.tokenvalidationparameters).
170
+
To specify who can sign in to your application, by changing the `TenantId` property in the *appsettings.json* file.
182
171
183
172
[!INCLUDE [Help and support](../../../../../includes/active-directory-develop-help-support-include.md)]
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments