Adding application creation scripts which create the Azure AD applications, and update the config files in the C# projects to match the application coordinates.

Author: jmprieur

AppCreationScripts/Cleanup.ps1

@@ -0,0 +1,70 @@
+param([Parameter(Mandatory=$false)][PSCredential]$Credential=$null, [Parameter(Mandatory=$false)][string]$TenantId)
+Import-Module AzureAD
+$ErrorActionPreference = 'Stop'
+
+Function Cleanup
+{
+<#
+.Description
+This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
+#>
+   [CmdletBinding()]
+    param(
+        [Parameter(HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
+        [PSCredential] $Credential,
+        [string] $tenantId
+    )
+
+   process
+   {
+    # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
+    # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
+
+    # Login to Azure PowerShell (interactive if credentials are not already provided:
+    # you'll need to sign-in with creds enabling your to create apps in the tenant)
+    if (!$Credential -and $TenantId)
+    {
+        $creds = Connect-AzureAD -TenantId $tenantId
+    }
+    else
+    {
+        if (!$TenantId)
+        {
+            $creds = Connect-AzureAD -Credential $Credential
+        }
+        else
+        {
+            $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential
+        }
+    }
+
+    if (!$tenantId)
+    {
+        $tenantId = $creds.Tenant.Id
+    }
+    $tenant = Get-AzureADTenantDetail
+    $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
+    
+    # Removes the applications
+    Write-Host "Cleaning-up applications from tenant '$tenantName'"
+
+    Write-Host "Removing 'service' (TodoListService-ManualJwt) if needed"
+    $app=Get-AzureADApplication -Filter "identifierUris/any(uri:uri eq 'https://$tenantName/TodoListService-ManualJwt')"  
+    if ($app)
+    {
+        Remove-AzureADApplication -ObjectId $app.ObjectId
+        Write-Host "Removed."
+    }
+
+    Write-Host "Removing 'client' (TodoListClient-ManualJwt) if needed"
+    $app=Get-AzureADApplication -Filter "DisplayName eq 'TodoListClient-ManualJwt'"  
+    if ($app)
+    {
+        Remove-AzureADApplication -ObjectId $app.ObjectId
+        Write-Host "Removed."
+    }
+
+   }
+}
+
+Cleanup -Credential $Credential -tenantId $TenantId

AppCreationScripts/Configure.ps1

@@ -0,0 +1,160 @@
+# Adds the requiredAccesses (expressed as a pipe separated string) to the requiredAccess structure
+# The exposed permissions are in the $exposedPermissions collection, and the type of permission (Scope | Role) is 
+# described in $permissionType
+Function AddResourcePermission($requiredAccess, `
+                               $exposedPermissions, [string]$requiredAccesses, [string]$permissionType)
+{
+        foreach($permission in $requiredAccesses.Trim().Split("|"))
+        {
+            foreach($exposedPermission in $exposedPermissions)
+            {
+                if ($exposedPermission.Value -eq $permission)
+                 {
+                    $resourceAccess = New-Object Microsoft.Open.AzureAD.Model.ResourceAccess
+                    $resourceAccess.Type = $permissionType # Scope = Delegated permissions | Role = Application permissions
+                    $resourceAccess.Id = $exposedPermission.Id # Read directory data
+                    $requiredAccess.ResourceAccess.Add($resourceAccess)
+                 }
+            }
+        }
+}
+
+#
+# Exemple: GetRequiredPermissions "Microsoft Graph"  "Graph.Read|User.Read"
+# See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell
+Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requiredDelegatedPermissions, [string]$requiredApplicationPermissions, $servicePrincipal)
+{
+	# If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)
+	if ($servicePrincipal)
+	{
+		$sp = $servicePrincipal
+	}
+	else
+    {
+		$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '$applicationDisplayName'"
+	}
+    $appid = $sp.AppId
+    $requiredAccess = New-Object Microsoft.Open.AzureAD.Model.RequiredResourceAccess
+    $requiredAccess.ResourceAppId = $appid 
+    $requiredAccess.ResourceAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.ResourceAccess]
+
+    # $sp.Oauth2Permissions | Select Id,AdminConsentDisplayName,Value: To see the list of all the Delegated permissions for the application:
+    if ($requiredDelegatedPermissions)
+    {
+        AddResourcePermission $requiredAccess -exposedPermissions $sp.Oauth2Permissions -requiredAccesses $requiredDelegatedPermissions -permissionType "Scope"
+    }
+    
+    # $sp.AppRoles | Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application
+    if ($requiredDelegatedPermissions)
+    {
+        AddResourcePermission $requiredAccess -exposedPermissions $sp.AppRoles -requiredAccesses $requiredApplicationPermissions -permissionType "Role"
+    }
+    return $requiredAccess
+}
+
+# Replace the value of an appsettings of a given key in an XML App.Config file.
+Function ReplaceSetting([string] $configFilePath, [string] $key, [string] $newValue)
+{
+    [xml] $content = Get-Content $configFilePath
+    $appSettings = $content.configuration.appSettings; 
+    $keyValuePair = $appSettings.SelectSingleNode("descendant::add[@key='$key']")
+    if ($keyValuePair)
+    {
+        $keyValuePair.value = $newValue;
+    }
+    else
+    {
+        Throw "Key '$key' not found in file '$configFilePath'"
+    }
+   $content.save($configFilePath)
+}
+
+Function ConfigureApplications
+{
+<#.Description
+   This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
+   configuration files in the client and service project  of the visual studio solution (App.Config and Web.Config)
+   so that they are consistent with the Applications parameters
+#> 
+    [CmdletBinding()]
+    param(
+        [PSCredential] $Credential,
+        [Parameter(HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
+        [string] $tenantId
+    )
+
+   process
+   {
+    # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
+    # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
+
+    # Login to Azure PowerShell (interactive if credentials are not already provided:
+    # you'll need to sign-in with creds enabling your to create apps in the tenant)
+    if (!$Credential -and $TenantId)
+    {
+        $creds = Connect-AzureAD -TenantId $tenantId
+    }
+    else
+    {
+        if (!$TenantId)
+        {
+            $creds = Connect-AzureAD -Credential $Credential
+        }
+        else
+        {
+            $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential
+        }
+    }
+
+    if (!$tenantId)
+    {
+        $tenantId = $creds.Tenant.Id
+    }
+    $tenant = Get-AzureADTenantDetail
+    $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
+
+   # Create the service AAD application
+   Write-Host "Creating the AAD appplication (TodoListService-ManualJwt)"
+   $serviceAadApplication = New-AzureADApplication -DisplayName "TodoListService-ManualJwt" `
+                                                   -HomePage "https://localhost:44324" `
+                                                   -IdentifierUris "https://$tenantName/TodoListService-ManualJwt" `
+                                                   -PublicClient $False
+   $serviceServicePrincipal = New-AzureADServicePrincipal -AppId $serviceAadApplication.AppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
+   Write-Host "Done."
+
+   # Create the client AAD application
+   Write-Host "Creating the AAD appplication (TodoListClient-ManualJwt)"
+   $clientAadApplication = New-AzureADApplication -DisplayName "TodoListClient-ManualJwt" `
+                                                  -ReplyUrls "https://TodoListClient-ManualJwt" `
+                                                  -PublicClient $True
+   $clientServicePrincipal = New-AzureADServicePrincipal -AppId $clientAadApplication.AppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
+   Write-Host "Done."
+
+   # Add Required Resources Access (from 'client' to 'service')
+   Write-Host "Getting access from 'client' to 'service'"
+   $requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
+   $requiredPermissions = GetRequiredPermissions -applicationDisplayName "TodoListService-ManualJwt" `
+                                                 -requiredDelegatedPermissions "user_impersonation";
+   $requiredResourcesAccess.Add($requiredPermissions)
+   Set-AzureADApplication -ObjectId $clientAadApplication.ObjectId -RequiredResourceAccess $requiredResourcesAccess
+   Write-Host "Granted."
+
+   # Update config file for 'service'
+   $configFile = $pwd.Path + "\..\TodoListService-ManualJwt\Web.Config"
+   Write-Host "Updating the sample code ($configFile)"
+   ReplaceSetting -configFilePath $configFile -key "ida:Tenant" -newValue $tenantName
+   ReplaceSetting -configFilePath $configFile -key "ida:Audience" -newValue $serviceAadApplication.IdentifierUris
+
+   # Update config file for 'client'
+   $configFile = $pwd.Path + "\..\TodoListClient\App.Config"
+   Write-Host "Updating the sample code ($configFile)"
+   ReplaceSetting -configFilePath $configFile -key "ida:Tenant" -newValue $tenantName
+   ReplaceSetting -configFilePath $configFile -key "ida:ClientId" -newValue $clientAadApplication.AppId
+   ReplaceSetting -configFilePath $configFile -key "ida:RedirectUri" -newValue $clientAadApplication.ReplyUrls
+   ReplaceSetting -configFilePath $configFile -key "todo:TodoListResourceId" -newValue $serviceAadApplication.IdentifierUris
+   ReplaceSetting -configFilePath $configFile -key "todo:TodoListBaseAddress" -newValue $serviceAadApplication.HomePage
+  }
+}
+
+# Run interactively (will ask you for the tenant ID)
+ConfigureApplications -Credential $Credential -tenantId $TenantId

AppCreationScripts/apps.json

@@ -0,0 +1,76 @@
+{
+  /*
+    This section describes the Azure AD Applications to configure, and their dependencies
+  */
+  "AADApps": [
+    {
+      "Id": "service",
+      "Name": "TodoListService-ManualJwt",
+      "IsPublicClient": false,
+      "HomePage": "https://localhost:44324"
+    },
+    {
+      "Id": "client",
+      "Name": "TodoListClient-ManualJwt",
+      "IsPublicClient": true,
+      "RequiredResourcesAccess": [
+        {
+          "Resource": "service",
+          "DelegatedPermissions": [ "user_impersonation" ]
+        }
+      ]
+    }
+  ],
+
+  /*
+    This section describes how to update the code in configuration files from the apps coordinates, once the apps
+    are created in Azure AD.
+    Each section describes a configuration file, for one of the apps, it's type (XML, JSon, plain text), its location
+    with respect to the root of the sample, and the mappping (which string in the config file is mapped to which value
+  */
+  "CodeConfiguration": [
+    {
+      "App": "service",
+      "SettingKind": "XML",
+      "SettingFile": "\\..\\TodoListService-ManualJwt\\Web.Config",
+      "Mappings": [
+        {
+          "key": "ida:Tenant",
+          "value": "$tenantName"
+        },
+        {
+          "key": "ida:Audience",
+          "value": "service.IdentifierUris"
+        }
+      ]
+    },
+
+    {
+      "App": "client",
+      "SettingKind": "XML",
+      "SettingFile": "\\..\\TodoListClient\\App.Config",
+      "Mappings": [
+        {
+          "key": "ida:Tenant",
+          "value": "$tenantName"
+        },
+        {
+          "key": "ida:ClientId",
+          "value": ".AppId"
+        },
+        {
+          "key": "ida:RedirectUri",
+          "value": ".ReplyUrls"
+        },
+        {
+          "key": "todo:TodoListResourceId",
+          "value": "service.IdentifierUris"
+        },
+        {
+          "key": "todo:TodoListBaseAddress",
+          "value": "service.HomePage"
+        }
+      ]
+    }
+  ]
+}