Update web API sample to run in both external and workforce tenants (#105)

Dickson-Mwendia · web-flow · commit 3a98f0f20495 · 2025-03-03T08:51:28.000+03:00
Update samples
diff --git a/web-api/Api.csproj b/web-api/Api.csproj
@@ -1,13 +1,17 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
+    <RootNamespace>dotnet_web_api</RootNamespace>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Identity.Web" Version="2.*" />
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="9.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.HttpsPolicy" Version="2.3.0" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.2" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="3.7.1" />
   </ItemGroup>
 
-</Project>
+</Project>
diff --git a/web-api/Program.cs b/web-api/Program.cs
@@ -1,50 +1,52 @@
-// <ms_docref_import_types>
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.Identity.Web;
-// </ms_docref_import_types>
 
-// <ms_docref_add_msal>
-WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
+var builder = WebApplication.CreateBuilder(args);
+
+// Configure authentication
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-                .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));
+    .AddMicrosoftIdentityWebApi(options =>
+    {
+        builder.Configuration.Bind("AzureAd", options);
+        options.TokenValidationParameters.NameClaimType = "name";
+    }, options => { builder.Configuration.Bind("AzureAd", options); });
+
+// Configure authorization
 builder.Services.AddAuthorization(config =>
 {
-    config.AddPolicy("AuthZPolicy", policyBuilder =>
-        policyBuilder.Requirements.Add(new ScopeAuthorizationRequirement() { RequiredScopesConfigurationKey = $"AzureAd:Scopes" }));
+config.AddPolicy("AuthZPolicy", policy =>
+    policy.RequireRole("Forecast.Read"));
 });
-// </ms_docref_add_msal>
 
-// <ms_docref_enable_authz_capabilities>
-WebApplication app = builder.Build();
+var app = builder.Build();
+
+app.UseHttpsRedirection();
 app.UseAuthentication();
 app.UseAuthorization();
-// </ms_docref_enable_authz_capabilities>
 
-var weatherSummaries = new[]
+var summaries = new[]
 {
     "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
 };
 
-// <ms_docref_protect_endpoint>
-app.MapGet("/weatherforecast", [Authorize(Policy = "AuthZPolicy")] () =>
+app.MapGet("/weatherforecast", () =>
 {
-    var forecast = Enumerable.Range(1, 5).Select(index =>
-       new WeatherForecast
-       (
-           DateTime.Now.AddDays(index),
-           Random.Shared.Next(-20, 55),
-           weatherSummaries[Random.Shared.Next(weatherSummaries.Length)]
-       ))
+    var forecast =  Enumerable.Range(1, 5).Select(index =>
+        new WeatherForecast
+        (
+            DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
+            Random.Shared.Next(-20, 55),
+            summaries[Random.Shared.Next(summaries.Length)]
+        ))
         .ToArray();
     return forecast;
 })
-.WithName("GetWeatherForecast");
-// </ms_docref_protect_endpoint>
+.WithName("weatherForecast")
+.RequireAuthorization("AuthZPolicy"); // Protect this endpoint with the AuthZPolicy
 
 app.Run();
 
-record WeatherForecast(DateTime Date, int TemperatureC, string? Summary)
+record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)
 {
     public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
-}
+}
diff --git a/web-api/Properties/launchSettings.json b/web-api/Properties/launchSettings.json
@@ -0,0 +1,23 @@
+{
+    "$schema": "https://json.schemastore.org/launchsettings.json",
+    "profiles": {
+      "http": {
+        "commandName": "Project",
+        "dotnetRunMessages": true,
+        "launchBrowser": false,
+        "applicationUrl": "http://localhost:5000",
+        "environmentVariables": {
+          "ASPNETCORE_ENVIRONMENT": "Development"
+        }
+      },
+      "https": {
+        "commandName": "Project",
+        "dotnetRunMessages": true,
+        "launchBrowser": false,
+        "applicationUrl": "https://localhost:7000",
+        "environmentVariables": {
+          "ASPNETCORE_ENVIRONMENT": "Development"
+        }
+      }
+    }
+  }
diff --git a/web-api/appsettings.json b/web-api/appsettings.json
@@ -1,6 +1,6 @@
 {
   "AzureAd": {
-    "Instance": "https://login.microsoftonline.com/",
+    "Instance": "https://login.microsoftonline.com/", //For external tenants, use instance in the form of "https://Enter_the_Tenant_Subdomain_Here.ciamlogin.com/"
     "TenantId": "Enter the tenant ID obtained from the Microsoft Entra admin center",
     "ClientId": "Enter the client ID obtained from the Microsoft Entra admin center",
     "Scopes": "Forecast.Read"
@@ -12,4 +12,4 @@
     }
   },
   "AllowedHosts": "*"
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"AzureAd": {`
`3`		`- "Instance": "https://login.microsoftonline.com/",`
	`3`	`+ "Instance": "https://login.microsoftonline.com/", //For external tenants, use instance in the form of "https://Enter_the_Tenant_Subdomain_Here.ciamlogin.com/"`
`4`	`4`	`"TenantId": "Enter the tenant ID obtained from the Microsoft Entra admin center",`
`5`	`5`	`"ClientId": "Enter the client ID obtained from the Microsoft Entra admin center",`
`6`	`6`	`"Scopes": "Forecast.Read"`
`@@ -12,4 +12,4 @@`
`12`	`12`	`}`
`13`	`13`	`},`
`14`	`14`	`"AllowedHosts": "*"`
`15`		`-}`
	`15`	`+}`