Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit add54c4

Browse files
committed
Sweeping cleanup
- Fixing typos in the AppCreationScripts.md (found while reviewing other samples) - Improving the Configure.ps1 file - Adding metadata in the apps.json file - Improving the Reame.md (fixing typos, grammar, style, and adding a section on Community Help and Support, and a section on how to deploy to Azure)
1 parent c018717 commit add54c4

File tree

4 files changed

+139
-93
lines changed

4 files changed

+139
-93
lines changed

‎AppCreationScripts/AppCreationScripts.md‎

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,10 @@ These scripts are:
1111
- `Configure.ps1` which:
1212
- creates Azure AD applications and their related objects (permissions, dependencies, secrets),
1313
- changes the configuration files in the C# and JavaScript projects.
14-
- creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created, the identifier of the application, and url of its registration in the [Azure portal](https://portal.azure.com).
14+
- creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created:
15+
- the identifier of the application
16+
- the AppId of the application
17+
- the url of its registration in the [Azure portal](https://portal.azure.com).
1518

1619
- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, git reset).
1720

@@ -58,7 +61,7 @@ Here are the details on how to do this.
5861
5962
#### Option 1 (interactive)
6063
61-
- Just run ``. .\Configue.ps1``, and you will be prompted to sign-in (email address, password, and if needed MFA).
64+
- Just run ``. .\Configure.ps1``, and you will be prompted to sign-in (email address, password, and if needed MFA).
6265
- The script will be run as the signed-in user and will use the tenant in which the user is defined.
6366
6467
Note that the script will choose the tenant in which to create the applications, based on the user. Also to run the `Cleanup.ps1` script, you will need to re-sign-in.

‎AppCreationScripts/Configure.ps1‎

Lines changed: 15 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -7,26 +7,7 @@
77
1) Run Powershell as an administrator
88
2) in the PowerShell window, type: Install-Module AzureAD
99
10-
There are three ways to run this script
11-
Option1 (interactive)
12-
---------------------
13-
Just run . .\Configue.ps1, and you will be prompted to sign-in (email address, password, and if needed MFA).
14-
The script will be run as the signed-in user and will use the tenant in which the user is defined.
15-
16-
Option 2 (Interactive, but create apps in a specified tenant)
17-
-------------------------------------------------------------
18-
If you want to create the apps in a specific tenant, before you run this script
19-
- In the Azure portal (https://portal.azure.com), choose your active directory tenant, then go to the Properties of the tenant and copy
20-
the DirectoryID. This is what we'll use in this script for the tenant ID
21-
- run . .\Configue.ps1 -TenantId [place here the GUID representing the tenant ID]
22-
23-
Option 2 (non-interactive)
24-
---------------------------
25-
This supposes that you know the credentials of the user under which identity you want to create
26-
the applications. Here is an example of script you'd want to run in a PowerShell Window
27-
$secpasswd = ConvertTo-SecureString "[Password here]" -AsPlainText -Force
28-
$mycreds = New-Object System.Management.Automation.PSCredential ("[login@tenantName here]", $secpasswd)
29-
. .\Configure.ps1 -Credential $mycreds
10+
There are four ways to run this script. For more information, read the AppCreationScripts.md file in the same folder as this script.
3011
#>
3112

3213
# Adds the requiredAccesses (expressed as a pipe separated string) to the requiredAccess structure
@@ -55,15 +36,15 @@ Function AddResourcePermission($requiredAccess, `
5536
# See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell
5637
Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requiredDelegatedPermissions, [string]$requiredApplicationPermissions, $servicePrincipal)
5738
{
58-
# If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)
59-
if ($servicePrincipal)
60-
{
61-
$sp = $servicePrincipal
62-
}
63-
else
39+
# If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)
40+
if ($servicePrincipal)
6441
{
65-
$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '$applicationDisplayName'"
66-
}
42+
$sp = $servicePrincipal
43+
}
44+
else
45+
{
46+
$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '$applicationDisplayName'"
47+
}
6748
$appid = $sp.AppId
6849
$requiredAccess = New-Object Microsoft.Open.AzureAD.Model.RequiredResourceAccess
6950
$requiredAccess.ResourceAppId = $appid
@@ -155,6 +136,8 @@ Function ConfigureApplications
155136
-HomePage "https://localhost:44324" `
156137
-IdentifierUris "https://$tenantName/TodoListService-ManualJwt" `
157138
-PublicClient $False
139+
140+
158141
$currentAppId = $serviceAadApplication.AppId
159142
$serviceServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
160143
Write-Host "Done."
@@ -168,6 +151,8 @@ Function ConfigureApplications
168151
$clientAadApplication = New-AzureADApplication -DisplayName "TodoListClient-ManualJwt" `
169152
-ReplyUrls "https://TodoListClient-ManualJwt" `
170153
-PublicClient $True
154+
155+
171156
$currentAppId = $clientAadApplication.AppId
172157
$clientServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
173158
Write-Host "Done."
@@ -176,23 +161,15 @@ Function ConfigureApplications
176161
$clientPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_IAM/ApplicationBlade/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId
177162
Add-Content -Value "<tr><td>client</td><td>$currentAppId</td><td><a href='$clientPortalUrl'>TodoListClient-ManualJwt</a></td></tr>" -Path createdApps.html
178163

164+
$requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
179165
# Add Required Resources Access (from 'client' to 'service')
180166
Write-Host "Getting access from 'client' to 'service'"
181-
$requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
182167
$requiredPermissions = GetRequiredPermissions -applicationDisplayName "TodoListService-ManualJwt" `
183168
-requiredDelegatedPermissions "user_impersonation";
184169
$requiredResourcesAccess.Add($requiredPermissions)
185170
Set-AzureADApplication -ObjectId $clientAadApplication.ObjectId -RequiredResourceAccess $requiredResourcesAccess
186171
Write-Host "Granted."
187172

188-
# Configure known client applications for service
189-
Write-Host "Configure known client applications for the 'service'"
190-
$knowApplications = New-Object System.Collections.Generic.List[System.String]
191-
$knowApplications.Add($clientAadApplication.AppId)
192-
Set-AzureADApplication -ObjectId $serviceAadApplication.ObjectId -KnownClientApplications $knowApplications
193-
Write-Host "Configured."
194-
195-
196173
# Update config file for 'service'
197174
$configFile = $pwd.Path + "\..\TodoListService-ManualJwt\Web.Config"
198175
Write-Host "Updating the sample code ($configFile)"
@@ -208,7 +185,7 @@ Function ConfigureApplications
208185
ReplaceSetting -configFilePath $configFile -key "ida:RedirectUri" -newValue $clientAadApplication.ReplyUrls
209186
ReplaceSetting -configFilePath $configFile -key "todo:TodoListResourceId" -newValue $serviceAadApplication.IdentifierUris
210187
ReplaceSetting -configFilePath $configFile -key "todo:TodoListBaseAddress" -newValue $serviceAadApplication.HomePage
211-
Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html
188+
Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html
212189

213190
}
214191
}

‎AppCreationScripts/apps.json‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
11
{
2+
"Sample": {
3+
"Title": "Manually validating a JWT access token in a web API",
4+
"Level": 300,
5+
"Client": ".NET 4.5 Desktop App (WPF)",
6+
"Service": "ASP.NET Web API"
7+
},
8+
29
/*
310
This section describes the Azure AD Applications to configure, and their dependencies
411
*/

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /