Azure-Samples
diff --git a/‎AppCreationScripts/Cleanup.ps1‎
Lines changed: 22 additions & 18 deletions b/‎AppCreationScripts/Cleanup.ps1‎
Lines changed: 22 additions & 18 deletions
diff --git a/‎AppCreationScripts/Configure.ps1‎
Lines changed: 55 additions & 40 deletions b/‎AppCreationScripts/Configure.ps1‎
Lines changed: 55 additions & 40 deletions
diff --git a/‎AppCreationScripts/apps.json‎ renamed to ‎AppCreationScripts/sample.json‎
Lines changed: 10 additions & 6 deletions b/‎AppCreationScripts/apps.json‎ renamed to ‎AppCreationScripts/sample.json‎
Lines changed: 10 additions & 6 deletions
diff --git a/‎TodoListClient/App.config‎
Lines changed: 5 additions & 4 deletions b/‎TodoListClient/App.config‎
Lines changed: 5 additions & 4 deletions
@@ -1,4 +1,13 @@
-param([Parameter(Mandatory=$false)][PSCredential]$Credential=$null, [Parameter(Mandatory=$false)][string]$TenantId)
+[CmdletBinding()]
+param(    
+    [PSCredential] $Credential,
+    [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
+    [string] $tenantId
+)
+
+if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) { 
+    Install-Module "AzureAD" -Scope CurrentUser 
+} 
 Import-Module AzureAD
 $ErrorActionPreference = 'Stop'
 
@@ -8,15 +17,7 @@ Function Cleanup
 .Description
 This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
 #>
-   [CmdletBinding()]
-    param(
-        [Parameter(HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
-        [PSCredential] $Credential,
-        [string] $tenantId
-    )
 
-   process
-   {
     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
 
@@ -49,22 +50,25 @@ This function removes the Azure AD applications for the sample. These applicatio
     Write-Host "Cleaning-up applications from tenant '$tenantName'"
 
     Write-Host "Removing 'service' (TodoListService-ManualJwt) if needed"
-    $app=Get-AzureADApplication -Filter "identifierUris/any(uri:uri eq 'https://$tenantName/TodoListService-ManualJwt')"  
-    if ($app)
+    Get-AzureADApplication -Filter "DisplayName eq 'TodoListService-ManualJwt'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
+    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListService-ManualJwt'"
+    if ($apps)
     {
-        Remove-AzureADApplication -ObjectId $app.ObjectId
-        Write-Host "Removed."
+        Remove-AzureADApplication -ObjectId $apps.ObjectId
     }
+    Get-AzureRmADServicePrincipal -SearchString "TodoListService-ManualJwt" | ForEach-Object {Remove-AzureRmADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    Write-Host "Removed TodoListService-ManualJwt."
 
     Write-Host "Removing 'client' (TodoListClient-ManualJwt) if needed"
-    $app=Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient-ManualJwt'"  
-    if ($app)
+    Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient-ManualJwt'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
+    $apps = Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient-ManualJwt'"
+    if ($apps)
     {
-        Remove-AzureADApplication -ObjectId $app.ObjectId
-        Write-Host "Removed."
+        Remove-AzureADApplication -ObjectId $apps.ObjectId
     }
+    Get-AzureRmADServicePrincipal -SearchString "TodoListClient-ManualJwt" | ForEach-Object {Remove-AzureRmADServicePrincipal -ObjectId $_.Id -Confirm:$false}
+    Write-Host "Removed TodoListClient-ManualJwt."
 
-   }
 }
 
 Cleanup -Credential $Credential -tenantId $TenantId
@@ -1,9 +1,9 @@
 [CmdletBinding()]
-    param(
-        [PSCredential] $Credential,
-        [Parameter(HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
-        [string] $tenantId
-    )
+param(
+    [PSCredential] $Credential,
+    [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
+    [string] $tenantId
+)
 
 <#
  This script creates the Azure AD applications needed for this sample and updates the configuration files
@@ -15,10 +15,6 @@
  2) in the PowerShell window, type: Install-Module AzureAD
 
  There are four ways to run this script. For more information, read the AppCreationScripts.md file in the same folder as this script.
-
- # Parameters
- # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
- # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
 #>
 
 # Adds the requiredAccesses (expressed as a pipe separated string) to the requiredAccess structure
@@ -66,7 +62,7 @@ Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requ
     {
         AddResourcePermission $requiredAccess -exposedPermissions $sp.Oauth2Permissions -requiredAccesses $requiredDelegatedPermissions -permissionType "Scope"
     }
-
+    
     # $sp.AppRoles | Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application
     if ($requiredApplicationPermissions)
     {
@@ -103,7 +99,12 @@ Function ConfigureApplications
    This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
    configuration files in the client and service project  of the visual studio solution (App.Config and Web.Config)
    so that they are consistent with the Applications parameters
-#>
+#> 
+
+    $commonendpoint = "common"
+
+    # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
+    # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
 
     # Login to Azure PowerShell (interactive if credentials are not already provided:
     # you'll need to sign-in with creds enabling your to create apps in the tenant)
@@ -127,72 +128,81 @@ Function ConfigureApplications
     {
         $tenantId = $creds.Tenant.Id
     }
+
     $tenant = Get-AzureADTenantDetail
     $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
 
+    # Get the user running the script
+    $user = Get-AzureADUser -ObjectId $creds.Account.Id
+
    # Create the service AAD application
-   Write-Host "Creating the AAD appplication (TodoListService-ManualJwt)"
+   Write-Host "Creating the AAD application (TodoListService-ManualJwt)"
    $serviceAadApplication = New-AzureADApplication -DisplayName "TodoListService-ManualJwt" `
                                                    -HomePage "https://localhost:44324" `
-                                                   -IdentifierUris "https://$tenantName/TodoListService-ManualJwt" `
                                                    -PublicClient $False
-
+   $serviceIdentifierUri = 'api://'+$serviceAadApplication.AppId
+   Set-AzureADApplication -ObjectId $serviceAadApplication.ObjectId -IdentifierUris $serviceIdentifierUri
 
    $currentAppId = $serviceAadApplication.AppId
    $serviceServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
 
-   # add this user as app owner
-   $user = Get-AzureADUser -ObjectId $creds.Account.Id
-   Add-AzureADApplicationOwner -ObjectId $serviceAadApplication.ObjectId -RefObjectId $user.ObjectId
-   Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($serviceAadApplication.DisplayName)'"
+   # add the user running the script as an app owner if needed
+   $owner = Get-AzureADApplicationOwner -ObjectId $serviceAadApplication.ObjectId
+   if ($owner -eq $null)
+   { 
+        Add-AzureADApplicationOwner -ObjectId $serviceAadApplication.ObjectId -RefObjectId $user.ObjectId
+        Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($serviceServicePrincipal.DisplayName)'"
+   }
 
-   Write-Host "Done."
+   Write-Host "Done creating the service application (TodoListService-ManualJwt)"
 
    # URL of the AAD application in the Azure portal
-   $servicePortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_IAM/ApplicationBlade/appId/"+$serviceAadApplication.AppId+"/objectId/"+$serviceAadApplication.ObjectId
+   # Future? $servicePortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$serviceAadApplication.AppId+"/objectId/"+$serviceAadApplication.ObjectId+"/isMSAApp/"
+   $servicePortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$serviceAadApplication.AppId+"/objectId/"+$serviceAadApplication.ObjectId+"/isMSAApp/"
    Add-Content -Value "<tr><td>service</td><td>$currentAppId</td><td><a href='$servicePortalUrl'>TodoListService-ManualJwt</a></td></tr>" -Path createdApps.html
 
    # Create the client AAD application
-   Write-Host "Creating the AAD appplication (TodoListClient-ManualJwt)"
+   Write-Host "Creating the AAD application (TodoListClient-ManualJwt)"
    $clientAadApplication = New-AzureADApplication -DisplayName "TodoListClient-ManualJwt" `
-                                                  -ReplyUrls "https://TodoListClient-ManualJwt" `
+                                                  -ReplyUrls "urn:ietf:wg:oauth:2.0:oob", "https://login.microsoftonline.com/common/oauth2/nativeclient" `
                                                   -PublicClient $True
 
-
    $currentAppId = $clientAadApplication.AppId
    $clientServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
 
-   # add this user as app owner
-   Add-AzureADApplicationOwner -ObjectId $clientAadApplication.ObjectId -RefObjectId $user.ObjectId
-   Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($clientServicePrincipal.DisplayName)'"
+   # add the user running the script as an app owner if needed
+   $owner = Get-AzureADApplicationOwner -ObjectId $clientAadApplication.ObjectId
+   if ($owner -eq $null)
+   { 
+        Add-AzureADApplicationOwner -ObjectId $clientAadApplication.ObjectId -RefObjectId $user.ObjectId
+        Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($clientServicePrincipal.DisplayName)'"
+   }
 
-   Write-Host "Done."
+   Write-Host "Done creating the client application (TodoListClient-ManualJwt)"
 
    # URL of the AAD application in the Azure portal
-   $clientPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_IAM/ApplicationBlade/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId
+   # Future? $clientPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId+"/isMSAApp/"
+   $clientPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$clientAadApplication.AppId+"/objectId/"+$clientAadApplication.ObjectId+"/isMSAApp/"
    Add-Content -Value "<tr><td>client</td><td>$currentAppId</td><td><a href='$clientPortalUrl'>TodoListClient-ManualJwt</a></td></tr>" -Path createdApps.html
 
    $requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
+
    # Add Required Resources Access (from 'client' to 'service')
    Write-Host "Getting access from 'client' to 'service'"
    $requiredPermissions = GetRequiredPermissions -applicationDisplayName "TodoListService-ManualJwt" `
-                                                 -requiredDelegatedPermissions "user_impersonation";
+                                                -requiredDelegatedPermissions "user_impersonation" `
+
    $requiredResourcesAccess.Add($requiredPermissions)
-   Set-AzureADApplication -ObjectId $clientAadApplication.ObjectId -RequiredResourceAccess $requiredResourcesAccess
-   Write-Host "Granted."
 
-   # Configure known client applications for service
-   Write-Host "Configure known client applications for the 'service'"
-   $knowApplications = New-Object System.Collections.Generic.List[System.String]
-   $knowApplications.Add($clientAadApplication.AppId)
-   Set-AzureADApplication -ObjectId $serviceAadApplication.ObjectId -KnownClientApplications $knowApplications
-   Write-Host "Configured."
+
+   Set-AzureADApplication -ObjectId $clientAadApplication.ObjectId -RequiredResourceAccess $requiredResourcesAccess
+   Write-Host "Granted permissions."
 
    # Update config file for 'service'
    $configFile = $pwd.Path + "\..\TodoListService-ManualJwt\Web.Config"
    Write-Host "Updating the sample code ($configFile)"
    ReplaceSetting -configFilePath $configFile -key "ida:Tenant" -newValue $tenantName
-   ReplaceSetting -configFilePath $configFile -key "ida:Audience" -newValue $serviceAadApplication.IdentifierUris
+   ReplaceSetting -configFilePath $configFile -key "ida:Audience" -newValue $serviceIdentifierUri
    ReplaceSetting -configFilePath $configFile -key "ida:ClientId" -newValue $serviceAadApplication.AppId
 
    # Update config file for 'client'
@@ -201,12 +211,17 @@ Function ConfigureApplications
    ReplaceSetting -configFilePath $configFile -key "ida:Tenant" -newValue $tenantName
    ReplaceSetting -configFilePath $configFile -key "ida:ClientId" -newValue $clientAadApplication.AppId
    ReplaceSetting -configFilePath $configFile -key "ida:RedirectUri" -newValue $clientAadApplication.ReplyUrls
-   ReplaceSetting -configFilePath $configFile -key "todo:TodoListResourceId" -newValue $serviceAadApplication.IdentifierUris
+   ReplaceSetting -configFilePath $configFile -key "todo:TodoListResourceId" -newValue $serviceIdentifierUri
    ReplaceSetting -configFilePath $configFile -key "todo:TodoListBaseAddress" -newValue $serviceAadApplication.HomePage
-   Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html
 
+   Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html  
 }
 
+# Pre-requisites
+if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) { 
+    Install-Module "AzureAD" -Scope CurrentUser 
+} 
+Import-Module AzureAD
 
 # Run interactively (will ask you for the tenant ID)
 ConfigureApplications -Credential $Credential -tenantId $TenantId
@@ -1,10 +1,11 @@
 {
   "Sample": {
-    "Title": "Manually validating a JWT access token in a web API",
+    "Title": "How to manually validating a JWT access token using Microsoft identity platform (formerly Azure Active Directory for developers)",
     "Level": 300,
-    "Client": ".NET 4.5 Desktop App (WPF)",
+    "Client": ".NET Desktop App (WPF)",
     "Service": "ASP.NET Web API",
-    "RepositoryUrl": "active-directory-dotnet-webapi-manual-jwt-validation"
+    "RepositoryUrl": "active-directory-dotnet-webapi-manual-jwt-validation",
+    "Endpoint": "AAD v2.0"    
   },
 
   /*
@@ -14,14 +15,17 @@
     {
       "Id": "service",
       "Name": "TodoListService-ManualJwt",
-      "Kind": "WebApi",
       "IsPublicClient": false,
+      "Kind": "WebApi",
+      "Audience": "AzureADMyOrg",
       "HomePage": "https://localhost:44324"
     },
     {
       "Id": "client",
       "Name": "TodoListClient-ManualJwt",
       "Kind": "Desktop",
+      "Audience": "AzureADMyOrg",
+      "ReplyUrls": "urn:ietf:wg:oauth:2.0:oob,https://login.microsoftonline.com/common/oauth2/nativeclient",
       "IsPublicClient": true,
       "RequiredResourcesAccess": [
         {
@@ -50,7 +54,7 @@
         },
         {
           "key": "ida:Audience",
-          "value": "service.IdentifierUris"
+          "value": "$serviceIdentifierUri"
         },
         {
           "key": "ida:ClientId",
@@ -78,7 +82,7 @@
         },
         {
           "key": "todo:TodoListResourceId",
-          "value": "service.HomePage"
+          "value": "$serviceIdentifierUri"
         },
         {
           "key": "todo:TodoListBaseAddress",
 
@@ -5,10 +5,11 @@
   </startup>
   <appSettings>
     <add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />
-    <add key="ida:ClientId" value="[Enter client ID as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />
-    <add key="ida:RedirectUri" value="[Enter redirect URI as entered in Azure Portal, e.g. http://TodoListClient]" />
-    <add key="todo:TodoListResourceId" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService-ManualJwt]" />
-    <add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
+    <add key="ida:ClientId" value="[Enter client ID of the TodoListClient-ManualJwt as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />
+    <!--<add key="ida:RedirectUri" value="[Enter redirect URI as entered in Azure Portal, e.g. http://TodoListClient]" />-->
+    <add key="todo:TodoListResourceId" value="[Enter App ID URI of TodoListService-ManualJwt, e.g. https://contoso.onmicrosoft.com/TodoListService-ManualJwt]" />
+    <add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}/v2.0" />
     <add key="todo:TodoListBaseAddress" value="https://localhost:44324" />
+    <add key="todo:TodoListScope" value="user_impersonation"/>
   </appSettings>
 </configuration>