merged

Kalyan Krishna · Kalyan Krishna · commit 31de3333579b · 2021-09-14T23:18:01.000-07:00
diff --git a/README.md b/README.md
@@ -205,7 +205,7 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
 1. Open the `TodoListClient\App.Config` file.
 1. Find the key `ida:Tenant` and replace the existing value with your Azure AD tenant name.
 1. Find the key `ida:ClientId` and replace the existing value with the application ID (clientId) of `TodoListClient-ManualJwt` app copied from the Azure portal.
-1. Find the key `todo:TodoListResourceId` and replace the existing value with the App ID URI you registered earlier, when exposing an API. For instance use `api://<application_id>`.
+1. Find the key `todo:TodoListResourceId` and replace the value with the App ID URI you registered earlier, when exposing an API. For instance use `api://<application_id>`.
 1. Find the key `todo:TodoListBaseAddress` and replace the existing value with the base address of `TodoListService-ManualJwt` (by default `https://localhost:44324`).
 
 ## Running the sample
diff --git a/Shared/Models/TodoItem.cs b/Shared/Models/TodoItem.cs
@@ -22,9 +22,9 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 */
 
-namespace TodoListClient
+namespace Shared.Models
 {
-    internal class TodoItem
+    public class TodoItem
     {
         public string Title { get; set; }
         public string Owner { get; set; }
diff --git a/Shared/Properties/AssemblyInfo.cs b/Shared/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+﻿using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Shared")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Shared")]
+[assembly: AssemblyCopyright("Copyright ©  2021")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("f4e8b876-762e-4eec-99bc-7ef12b01799d")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/Shared/Shared.csproj b/Shared/Shared.csproj
@@ -0,0 +1,49 @@
+﻿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{F4E8B876-762E-4EEC-99BC-7EF12B01799D}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>Shared</RootNamespace>
+    <AssemblyName>Shared</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <Deterministic>true</Deterministic>
+    <TargetFrameworkProfile />
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Models\TodoItem.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>
diff --git a/TodoListClient/App.config b/TodoListClient/App.config
@@ -7,8 +7,8 @@
     <add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />
     <add key="ida:ClientId" value="[Enter client ID of the TodoListClient-ManualJwt as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />
     <add key="todo:TodoListResourceId" value="[Enter App ID URI of TodoListService-ManualJwt, e.g. api://{clientID}]" />
+    <add key="todo:TodoListScope" value="access_as_user" />
     <add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}/v2.0" />
     <add key="todo:TodoListBaseAddress" value="https://localhost:44324" />
-    <add key="todo:TodoListScope" value="access_as_user" />
   </appSettings>
 </configuration>
diff --git a/TodoListClient/MainWindow.xaml.cs b/TodoListClient/MainWindow.xaml.cs
@@ -23,6 +23,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  */
 
 using Microsoft.Identity.Client;
+using Shared.Models;
 using System;
 using System.Collections.Generic;
 using System.Configuration;
@@ -49,20 +50,17 @@ public partial class MainWindow : Window
         // The Redirect URI is the URI where Azure AD will return OAuth responses.
         // The Authority is the sign-in URL of the tenant.
         //
-        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
-
-        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
-        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
-
-        private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
+        private static string authority =
+            String.Format(
+                CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ida:AADInstance"], ConfigurationManager.AppSettings["ida:Tenant"]);
 
         //
         // To authenticate to the To Do list service, the client needs to know the service's App ID URI.
         // To contact the To Do list service we need it's URL as well.
         //
+        private static string todoListBaseAddress = ConfigurationManager.AppSettings["todo:TodoListBaseAddress"];
         private static string todoListResourceId = ConfigurationManager.AppSettings["todo:TodoListResourceId"];
 
-        private static string todoListBaseAddress = ConfigurationManager.AppSettings["todo:TodoListBaseAddress"];
         public static string[] scopes = { $"{todoListResourceId}/{ConfigurationManager.AppSettings["todo:TodoListScope"]}" };
 
         private HttpClient httpClient = new HttpClient();
@@ -76,7 +74,7 @@ public partial class MainWindow : Window
         public MainWindow()
         {
             InitializeComponent();
-            _app = PublicClientApplicationBuilder.Create(clientId)
+            _app = PublicClientApplicationBuilder.Create(ConfigurationManager.AppSettings["ida:ClientId"])
                 .WithAuthority(authority)
                 .WithDefaultRedirectUri()
                 .Build();
@@ -85,10 +83,7 @@ public MainWindow()
             GetTodoList();
         }
 
-        private void GetTodoList()
-        {
-            GetTodoList(SignInButton.Content.ToString() != clearCacheString);
-        }
+        private void GetTodoList() => GetTodoList(SignInButton.Content.ToString() != clearCacheString);
 
         private async void GetTodoList(bool isAppStarting)
         {
@@ -156,14 +151,12 @@ private async void GetTodoList(bool isAppStarting)
                 Dispatcher.Invoke(() =>
                 {
                     TodoList.ItemsSource = toDoArray.Select(t => new { t.Title });
-                });                
+                });
             }
             else
             {
                 MessageBox.Show("An error occurred : " + response.ReasonPhrase);
             }
-
-            return;
         }
 
         private async void AddTodoItem(object sender, RoutedEventArgs e)
@@ -305,9 +298,6 @@ private async void SignIn(object sender = null, RoutedEventArgs args = null)
 
                     MessageBox.Show(message);
                 }
-
-                UserName.Content = Properties.Resources.UserNotSignedIn;
-                //SignInButton.Content = signInString;
             }
         }
 
@@ -322,7 +312,9 @@ private void SetUserName(IAccount userInfo)
             }
 
             if (userName == null)
+            {
                 userName = Properties.Resources.UserNotIdentified;
+            }
 
             UserName.Content = userName;
         }
diff --git a/TodoListClient/TodoListClient-ManualJwt.csproj b/TodoListClient/TodoListClient-ManualJwt.csproj
@@ -34,8 +34,8 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="Microsoft.Identity.Client, Version=4.8.2.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Identity.Client.4.8.2\lib\net45\Microsoft.Identity.Client.dll</HintPath>
+    <Reference Include="Microsoft.Identity.Client, Version=4.35.1.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Identity.Client.4.35.1\lib\net45\Microsoft.Identity.Client.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
@@ -64,7 +64,6 @@
       <SubType>Designer</SubType>
     </ApplicationDefinition>
     <Compile Include="FileCache.cs" />
-    <Compile Include="TodoItem.cs" />
     <Page Include="MainWindow.xaml">
       <Generator>MSBuild:Compile</Generator>
       <SubType>Designer</SubType>
@@ -108,7 +107,12 @@
       <SubType>Designer</SubType>
     </None>
   </ItemGroup>
-  <ItemGroup />
+  <ItemGroup>
+    <ProjectReference Include="..\Shared\Shared.csproj">
+      <Project>{f4e8b876-762e-4eec-99bc-7ef12b01799d}</Project>
+      <Name>Shared</Name>
+    </ProjectReference>
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
diff --git a/TodoListClient/packages.config b/TodoListClient/packages.config
@@ -1,4 +1,4 @@
 ﻿<?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="Microsoft.Identity.Client" version="4.8.2" targetFramework="net45" />
+  <package id="Microsoft.Identity.Client" version="4.35.1" targetFramework="net45" />
 </packages>
diff --git a/TodoListService-ManualJwt/Controllers/TodoListController.cs b/TodoListService-ManualJwt/Controllers/TodoListController.cs
@@ -23,14 +23,14 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  */
 
 // The following using statements were added for this sample.
+using Shared.Models;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Web.Http;
-using TodoListService_ManualJwt.Models;
 
 namespace TodoListService_ManualJwt.Controllers
 {
@@ -42,7 +42,7 @@ public class TodoListController : ApiController
         // GET api/todolist
         public IEnumerable<TodoItem> Get()
         {
-            this.CheckExpectedClaim();
+            CheckExpectedClaim();
 
             // A user's To Do list is keyed off of the NameIdentifier claim, which contains an immutable, unique identifier for the user.
             Claim subject = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier);
@@ -55,15 +55,19 @@ public IEnumerable<TodoItem> Get()
         // POST api/todolist
         public void Post(TodoItem todo)
         {
-            this.CheckExpectedClaim();
+            CheckExpectedClaim();
 
             if (null != todo && !string.IsNullOrWhiteSpace(todo.Title))
             {
                 todoBag.Add(new TodoItem { Title = todo.Title, Owner = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value });
             }
         }
 
-        /// <summary>Checks that the expected claim that proves that the Api was provisioned in a target tenant and consented by an admin/user.</summary>
+        /// <summary>
+        /// Checks that the expected claim that proves that the Api was provisioned in a target tenant and consented by an admin/user.
+        /// </summary>
+        /// 
+        // Although we've already checked for the scope in Global.asax.cs, usually you may check the scope in the controller as explained below.
         private void CheckExpectedClaim()
         {
             //
@@ -72,7 +76,9 @@ private void CheckExpectedClaim()
 
             if (!ClaimsPrincipal.Current.HasClaim(ClaimConstants.ScopeClaimType, ClaimConstants.ScopeClaimValue))
             {
-                throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = $"The Scope claim does not contain '{ClaimConstants.ScopeClaimValue}' or scope claim not found" });
+                throw new HttpResponseException(
+                    new HttpResponseMessage { 
+                        StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = $"The Scope claim does not contain '{ClaimConstants.ScopeClaimValue}' or scope claim not found" });
             }
         }
     }
diff --git a/TodoListService-ManualJwt/Global.asax.cs b/TodoListService-ManualJwt/Global.asax.cs
@@ -68,22 +68,15 @@ internal class TokenValidationHandler : DelegatingHandler
         // The Authority is the sign-in URL of the tenant.
         // The Audience is the value of one of the 'aud' claims the service expects to find in token to assure the token is addressed to it.
 
-        private string _audience;
-        private string _authority;
-        private string _clientId;
-        private ConfigurationManager<OpenIdConnectConfiguration> _configManager;
-        private string _tenant;
+        private string _audience = ConfigurationManager.AppSettings["ida:Audience"];        
+        private string _clientId = ConfigurationManager.AppSettings["ida:ClientId"];
+        private string _tenant = ConfigurationManager.AppSettings["ida:TenantId"];
         private ISecurityTokenValidator _tokenValidator;
+        private string _authority;
 
         public TokenValidationHandler()
         {
-            _audience = ConfigurationManager.AppSettings["ida:Audience"];
-            _clientId = ConfigurationManager.AppSettings["ida:ClientId"];
-            var aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
-            _tenant = ConfigurationManager.AppSettings["ida:TenantId"];
-            _authority = string.Format(CultureInfo.InvariantCulture, aadInstance, _tenant);
-            // The ConfigurationManager class holds properties to control the metadata refresh interval. For more details, https://docs.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.protocols.configurationmanager-1?view=azure-dotnet
-            _configManager = new ConfigurationManager<OpenIdConnectConfiguration>($"{_authority}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
+            _authority = string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ida:AADInstance"], _tenant);
             _tokenValidator = new JwtSecurityTokenHandler();
         }
 
@@ -107,7 +100,7 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
             OpenIdConnectConfiguration config = null;
             try
             {
-                config = await _configManager.GetConfigurationAsync(cancellationToken).ConfigureAwait(false);
+                config = await GetConfigurationManager().GetConfigurationAsync(cancellationToken).ConfigureAwait(false);
             }
             catch (Exception ex)
             {
@@ -170,11 +163,11 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                 if (HttpContext.Current != null)
                     HttpContext.Current.User = claimsPrincipal;
 
-                // If the token is scoped, verify that required permission is set in the scope claim. This could be done later at the controller level as well
-                if (ClaimsPrincipal.Current.FindFirst(ClaimConstants.ScopeClaimType).Value != ClaimConstants.ScopeClaimValue)
-                    return BuildResponseErrorMessage(HttpStatusCode.Forbidden);
-
-                return await base.SendAsync(request, cancellationToken);
+                // If the token is scoped, verify that required permission is set in the scope claim.
+                // This could be done later at the controller level as well
+                return ClaimsPrincipal.Current.FindFirst(ClaimConstants.ScopeClaimType).Value != ClaimConstants.ScopeClaimValue
+                    ? BuildResponseErrorMessage(HttpStatusCode.Forbidden)
+                    : await base.SendAsync(request, cancellationToken);
             }
             catch (SecurityTokenValidationException stex)
             {
@@ -199,9 +192,17 @@ private HttpResponseMessage BuildResponseErrorMessage(HttpStatusCode statusCode,
             var response = new HttpResponseMessage(statusCode);
 
             // The Scheme should be "Bearer", authorization_uri should point to the tenant url and resource_id should point to the audience.
-            var authenticateHeader = new AuthenticationHeaderValue("Bearer", "authorization_uri=\"" + _authority + "\"" + "," + "resource_id=" + _audience + $",error_description={error_description}");
-            response.Headers.WwwAuthenticate.Add(authenticateHeader);
+            response.Headers.WwwAuthenticate.Add(
+                new AuthenticationHeaderValue("Bearer", "authorization_uri=\"" + _authority + "\"" + "," + "resource_id=" + _audience + $",error_description={error_description}"));
             return response;
         }
+
+        /// <summary>
+        /// The ConfigurationManager class holds properties to control the metadata refresh interval. 
+        /// For more details, https://docs.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.protocols.configurationmanager-1?view=azure-dotnet
+        /// </summary>
+        /// <returns></returns>
+        private ConfigurationManager<OpenIdConnectConfiguration> GetConfigurationManager() =>
+            new ConfigurationManager<OpenIdConnectConfiguration>($"{_authority}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
     }
 }
diff --git a/TodoListService-ManualJwt/Models/TodoItem.cs b/TodoListService-ManualJwt/Models/TodoItem.cs
diff --git a/TodoListService-ManualJwt/TodoListService-ManualJwt.csproj b/TodoListService-ManualJwt/TodoListService-ManualJwt.csproj
diff --git a/TodoListService-ManualJwt/packages.config b/TodoListService-ManualJwt/packages.config
diff --git a/WebAPI-ManuallyValidateJwt-DotNet.sln b/WebAPI-ManuallyValidateJwt-DotNet.sln

Original file line number	Diff line number	Diff line change
`@@ -22,9 +22,9 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
`22`	`22`	`SOFTWARE.`
`23`	`23`	`*/`
`24`	`24`
`25`		`-namespace TodoListClient`
	`25`	`+namespace Shared.Models`
`26`	`26`	`{`
`27`		`- internal class TodoItem`
	`27`	`+ public class TodoItem`
`28`	`28`	`{`
`29`	`29`	`public string Title { get; set; }`
`30`	`30`	`public string Owner { get; set; }`
Original file line number	Diff line number	Diff line change
`@@ -23,14 +23,14 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
`23`	`23`	`*/`
`24`	`24`
`25`	`25`	`// The following using statements were added for this sample.`
	`26`	`+using Shared.Models;`
`26`	`27`	`using System.Collections.Concurrent;`
`27`	`28`	`using System.Collections.Generic;`
`28`	`29`	`using System.Linq;`
`29`	`30`	`using System.Net;`
`30`	`31`	`using System.Net.Http;`
`31`	`32`	`using System.Security.Claims;`
`32`	`33`	`using System.Web.Http;`
`33`		`-using TodoListService_ManualJwt.Models;`
`34`	`34`
`35`	`35`	`namespace TodoListService_ManualJwt.Controllers`
`36`	`36`	`{`
`@@ -42,7 +42,7 @@ public class TodoListController : ApiController`
`42`	`42`	`// GET api/todolist`
`43`	`43`	`public IEnumerable<TodoItem> Get()`
`44`	`44`	`{`
`45`		`- this.CheckExpectedClaim();`
	`45`	`+ CheckExpectedClaim();`
`46`	`46`
`47`	`47`	`// A user's To Do list is keyed off of the NameIdentifier claim, which contains an immutable, unique identifier for the user.`
`48`	`48`	`Claim subject = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier);`
`@@ -55,15 +55,19 @@ public IEnumerable<TodoItem> Get()`
`55`	`55`	`// POST api/todolist`
`56`	`56`	`public void Post(TodoItem todo)`
`57`	`57`	`{`
`58`		`- this.CheckExpectedClaim();`
	`58`	`+ CheckExpectedClaim();`
`59`	`59`
`60`	`60`	`if (null != todo && !string.IsNullOrWhiteSpace(todo.Title))`
`61`	`61`	`{`
`62`	`62`	`todoBag.Add(new TodoItem { Title = todo.Title, Owner = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value });`
`63`	`63`	`}`
`64`	`64`	`}`
`65`	`65`
`66`		`- /// <summary>Checks that the expected claim that proves that the Api was provisioned in a target tenant and consented by an admin/user.</summary>`
	`66`	`+ /// <summary>`
	`67`	`+ /// Checks that the expected claim that proves that the Api was provisioned in a target tenant and consented by an admin/user.`
	`68`	`+ /// </summary>`
	`69`	`+ ///`
	`70`	`+ // Although we've already checked for the scope in Global.asax.cs, usually you may check the scope in the controller as explained below.`
`67`	`71`	`private void CheckExpectedClaim()`
`68`	`72`	`{`
`69`	`73`	`//`
`@@ -72,7 +76,9 @@ private void CheckExpectedClaim()`
`72`	`76`
`73`	`77`	`if (!ClaimsPrincipal.Current.HasClaim(ClaimConstants.ScopeClaimType, ClaimConstants.ScopeClaimValue))`
`74`	`78`	`{`
`75`		`- throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = $"The Scope claim does not contain '{ClaimConstants.ScopeClaimValue}' or scope claim not found" });`
	`79`	`+ throw new HttpResponseException(`
	`80`	`+ new HttpResponseMessage {`
	`81`	`+ StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = $"The Scope claim does not contain '{ClaimConstants.ScopeClaimValue}' or scope claim not found" });`
`76`	`82`	`}`
`77`	`83`	`}`
`78`	`84`	`}`