Skip to content

Commit

Permalink
[Security Sprint] - Docutune Microsoft Entra and add fictitious GUIDs (
Browse files Browse the repository at this point in the history 
…Azure-Samples#79)

* Docutune Microsoft Entra and add fictitious GUIDs

* id GUID changes

* more GUID changes and iamge fixes

* final image sweep
  • Loading branch information
@cilwerner
cilwerner authored Apr 8, 2024
1 parent 02ec235 commit 4138329
Show file tree
Hide file tree
Showing 25 changed files with 63 additions and 53 deletions.
14 changes: 7 additions & 7 deletions console-cli/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,23 +28,23 @@ $ dotnet run
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXXX to authenticate.
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": ["+1 (999) 5551001"],
"businessPhones": ["+1 (000) 1112222"],
"displayName": "Contoso Employee",
"givenName": "Contoso",
"jobTitle": "Worker",
"mail": "[email protected]",
"mobilePhone": "1 999-555-1001",
"mobilePhone": "1 000-111-2222",
"officeLocation": "Contoso Plaza/F30",
"preferredLanguage": null,
"surname": "Employee",
"userPrincipalName": "[email protected]",
"id": "e3a49d8b-d849-48eb-9947-37c1f9589812"
"id": "00aa11bb-cc22-dd33-ee44-ff55ee66dd77"
}
```

## Prerequisites

- Azure Active Directory (Azure AD) tenant and the permissions or role required for managing app registrations in the tenant.
- Microsoft Entra tenant and the permissions or role required for managing app registrations in the tenant.
- [.NET 6.0 SDK](https://dotnet.microsoft.com/download/dotnet/6.0)

## Setup
Expand Down Expand Up @@ -85,17 +85,17 @@ Follow the device code flow instructions that are presented. If everything worke
```json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": ["+1 (999) 5551001"],
"businessPhones": ["+1 (000) 1112222"],
"displayName": "Contoso Employee",
"givenName": "Contoso",
"jobTitle": "Worker",
"mail": "[email protected]",
"mobilePhone": "1 999-555-1001",
"mobilePhone": "1 000-111-2222",
"officeLocation": "Contoso Plaza/F30",
"preferredLanguage": null,
"surname": "Employee",
"userPrincipalName": "[email protected]",
"id": "e3a49d8b-d849-48eb-9947-37c1f9589812"
"id": "00aa11bb-cc22-dd33-ee44-ff55ee66dd77"
}
```

Expand Down
8 changes: 4 additions & 4 deletions console-daemon/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ dotnet run
Could not find a cached token, so fetching a new one.
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "0aa1b222-3ccc-4d55-e666-f7g888h9i000",
"id": "00aa11bb-cc22-dd33-ee44-ff55ee66dd77",
"deletedDateTime": null,
"appId": "0aa1b222-3ccc-4d55-e666-f7g888h9i000",
"appId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"applicationTemplateId": null,
"disabledByMicrosoftStatus": null,
"createdDateTime": "2021-01-17T15:30:55Z",
Expand Down Expand Up @@ -87,9 +87,9 @@ If successful, an output simialir to the following is displayed in the console (
```json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "0aa1b222-3ccc-4d55-e666-f7g888h9i000",
"id": "00aa11bb-cc22-dd33-ee44-ff55ee66dd77",
"deletedDateTime": null,
"appId": "0aa1b222-3ccc-4d55-e666-f7g888h9i000",
"appId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"applicationTemplateId": null,
"disabledByMicrosoftStatus": null,
"createdDateTime": "2021-01-17T15:30:55Z",
Expand Down
2 changes: 1 addition & 1 deletion desktop-winforms/MainWindow.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public MainWindow()
msalPublicClientApp = PublicClientApplicationBuilder
.CreateWithApplicationOptions(new PublicClientApplicationOptions
{
// 'Tenant ID' of your Azure AD instance - this value is a GUID
// 'Tenant ID' of your Microsoft Entra instance - this value is a GUID
TenantId = "",

// 'Application (client) ID' of app registration in Azure portal - this value is a GUID
Expand Down
4 changes: 2 additions & 2 deletions desktop-winforms/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ This .NET Windows Forms application authenticates a user and then makes a reques

## Prerequisites

- Azure Active Directory (Azure AD) tenant and the permissions or role required for managing app registrations in the tenant.
- Microsoft Entra tenant and the permissions or role required for managing app registrations in the tenant.
- Visual Studio 2022, [configured for the .NET 6 desktop development workload](https://docs.microsoft.com/dotnet/desktop/winforms/get-started/create-app-visual-studio?view=netdesktop-6.0#prerequisites)

## Setup
Expand Down Expand Up @@ -55,7 +55,7 @@ Next, open the _MsalExamples.csproj_ project in Visual Studio.
Finally, set the following values in _MainWindow.cs_.

```csharp
// 'Tenant ID' of your Azure AD instance - this value is a GUID
// 'Tenant ID' of your Microsoft Entra instance - this value is a GUID
TenantId = "",

// 'Application (client) ID' of app registration in Azure portal - this value is a GUID
Expand Down
Binary file modified desktop-winforms/app.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion desktop-winui/MainWindow.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ public MainWindow()
msalPublicClientApp = PublicClientApplicationBuilder
.CreateWithApplicationOptions(new PublicClientApplicationOptions
{
// 'Tenant ID' of your Azure AD instance - this value is a GUID
// 'Tenant ID' of your Microsoft Entra instance - this value is a GUID
TenantId = "",

// 'Application (client) ID' of app registration in Azure portal - this value is a GUID
Expand Down
4 changes: 2 additions & 2 deletions desktop-winui/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ This .NET WinUI 3 Packaged Desktop App authenticates a user and then makes a req

## Prerequisites

- Azure Active Directory (Azure AD) tenant and the permissions or role required for managing app registrations in the tenant.
- Microsoft Entra tenant and the permissions or role required for managing app registrations in the tenant.
- Visual Studio 2022, [configured with WinUI 3 workload and components](https://docs.microsoft.com/windows/apps/windows-app-sdk/set-up-your-development-environment?tabs=vs-2022-17-1-a%2Cvs-2022-17-1-b#required-workloads-and-components)

## Setup
Expand Down Expand Up @@ -56,7 +56,7 @@ Finally, set the following values in _MainWindow.xaml.cs_.


```csharp
// 'Tenant ID' of your Azure AD instance - this value is a GUID
// 'Tenant ID' of your Microsoft Entra instance - this value is a GUID
TenantId = "",

// 'Application (client) ID' of app registration in Azure portal - this value is a GUID
Expand Down
2 changes: 1 addition & 1 deletion desktop-wpf/MainWindow.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ public MainWindow()
_msalPublicClientApp = PublicClientApplicationBuilder
.CreateWithApplicationOptions(new PublicClientApplicationOptions
{
// 'Tenant ID' of your Azure AD instance - this value is a GUID
// 'Tenant ID' of your Microsoft Entra instance - this value is a GUID
TenantId = "",

// 'Application (client) ID' of app registration in Azure portal - this value is a GUID
Expand Down
4 changes: 2 additions & 2 deletions desktop-wpf/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ This .NET Windows Presentation Foundation (WPF) application authenticates a user

## Prerequisites

- Azure Active Directory (Azure AD) tenant and the permissions or role required for managing app registrations in the tenant.
- Microsoft Entra tenant and the permissions or role required for managing app registrations in the tenant.
- Visual Studio 2022, [configured for the .NET 6 desktop development workload](https://docs.microsoft.com/dotnet/desktop/winforms/get-started/create-app-visual-studio?view=netdesktop-6.0#prerequisites)

## Setup
Expand Down Expand Up @@ -55,7 +55,7 @@ Next, open the _MsalExamples.csproj_ project in Visual Studio.
Finally, set the following values in _MainWindow.xaml.cs_.

```csharp
// 'Tenant ID' of your Azure AD instance - this value is a GUID
// 'Tenant ID' of your Microsoft Entra instance - this value is a GUID
TenantId = "",

// 'Application (client) ID' of app registration in Azure portal - this value is a GUID
Expand Down
Binary file modified desktop-wpf/app.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
10 changes: 6 additions & 4 deletions spa-blazor-wasm/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ urlFragment: ms-identity-docs-code-spa-blazor-wasm-csharp

# ASP.NET Core 8.0 Blazor WebAssembly | standalone app | user sign-in, protected web API access (Microsoft Graph) | Microsoft identity platform

The standalone app in this scenario is created using the ASP.NET Core 8.0 Blazor WebAssembly template and modified to allow sign-in with a Microsoft Entra ID account. It uses the [Microsoft.Authentication.WebAssembly.Msal](https://www.nuget.org/packages/Microsoft.Authentication.WebAssembly.Msal) package to authenticate users and obtain tokens for calling protected APIs. In other words, the app adds an authentication layer that allows users to sign in with their Work and school accounts and make web API calls to protected resources on their behalf.
The standalone app in this scenario is created using the ASP.NET Core 8.0 Blazor WebAssembly template and modified to allow sign-in with a Microsoft Entra account. It uses the [Microsoft.Authentication.WebAssembly.MSAL](https://www.nuget.org/packages/Microsoft.Authentication.WebAssembly.Msal) package to authenticate users and obtain tokens for calling protected APIs. In other words, the app adds an authentication layer that allows users to sign in with their Work and school accounts and make web API calls to protected resources on their behalf.

> Note: This code sample uses the Microsoft.Authentication.WebAssembly.Msal package, which is a modified version of the Microsoft.Identity.Client library.
> Note: This code sample uses the Microsoft.Authentication.WebAssembly.MSAL package, which is a modified version of the Microsoft.Identity.Client library.
![A screenshot of an ASP.NET Core 8.0 Blazor WebAssembly application displaying a response from Microsoft Graph.](./media/app-signedin.png)

Expand All @@ -28,7 +28,9 @@ The standalone app in this scenario is created using the ASP.NET Core 8.0 Blazor

## Setup

### 1. Register the web API application in your Azure Active Directory
<a name='1-register-the-web-api-application-in-your-azure-active-directory'></a>

### 1. Register the web API application in your Microsoft Entra ID

First, complete the steps in [Register an application with the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) to register the sample app.

Expand Down Expand Up @@ -85,7 +87,7 @@ For more information, please refer to [.NET WebAssembly build tools](https://lea

## About the code

This ASP.NET Core Web App is created using .NET Blazor WebAssembly. The app has two main routes, one is public while the another one is requiring the user to be authenticated in Azure Active Directory.
This ASP.NET Core Web App is created using .NET Blazor WebAssembly. The app has two main routes, one is public while the another one is requiring the user to be authenticated in Microsoft Entra ID.

When a user logs out, their browser is redirected to a public route confirming the user signed-out. After signing in, and if they've not previously done so, the user is asked to consent to the app's request for permission to access their data.

Expand Down
Binary file modified spa-blazor-wasm/media/app-signedin.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion spa-blazor-wasm/wwwroot/appsettings.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"AzureAd": {
"Authority": "https://login.microsoftonline.com/Enter the tenant ID obtained from the Microsoft Entra admin center",
"Authority": "https://login.microsoftonline.com/<Enter the tenant ID obtained from the Microsoft Entra admin center>",
"ClientId": "Enter the client ID obtained from the Microsoft Entra admin center",
"ValidateAuthority": true
}
Expand Down
6 changes: 3 additions & 3 deletions web-api-azure-function/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Hello, world. You were able to access this because you provided a valid access t
## Prerequisites

- Azure Active Directory (Azure AD) tenant and the permissions or role required for managing app registrations in the tenant.
- Microsoft Entra tenant and the permissions or role required for managing app registrations in the tenant.
- [.NET 6.0 SDK](https://dotnet.microsoft.com/download/dotnet/6.0)
- An empty [C# Azure function (v4)](https://docs.microsoft.com/azure/azure-functions/create-first-function-cli-csharp) deployed to Azure, and the permissions or role required to modify its settings.
- [Azure Functions Core Tools](https://docs.microsoft.com/azure/azure-functions/functions-run-local)
Expand All @@ -55,7 +55,7 @@ Use these settings in your app registration.
### 2. Enable Function app authentication

Next, complete the steps in [Enable Azure Active Directory in your App Service app](https://docs.microsoft.com/azure/app-service/configure-authentication-provider-aad?toc=/azure/azure-functions/toc.json#-enable-azure-active-directory-in-your-app-service-app) to add Azure Active Directory as an identity provider for your API.
Next, complete the steps in [Enable Microsoft Entra ID in your App Service app](https://docs.microsoft.com/azure/app-service/configure-authentication-provider-aad?toc=/azure/azure-functions/toc.json#-enable-azure-active-directory-in-your-app-service-app) to add Microsoft Entra ID as an identity provider for your API.

Use these settings in your identity provider configuration.

Expand All @@ -65,7 +65,7 @@ Use these settings in your identity provider configuration.
| **App registration type** | **Provide the details of an existing app registration** | Required value for this sample. |
| **Application (client) ID** | `<client-id>` | Required value for this sample. <br/> 'Application (client) ID' of the API's app registration in Azure portal - this value is a GUID |
| **Client secret (recommended)** | _None_ | Suggested value for this sample. <br/> This sample doesn't require this feature. |
| **Issuer URL** | `https://login.microsoftonline.com/<tenant-id>/v2.0` | Required value for this sample. <br/> Update to include 'Tenant ID' of your Azure AD instance - this value is a GUID |
| **Issuer URL** | `https://login.microsoftonline.com/<tenant-id>/v2.0` | Required value for this sample. <br/> Update to include 'Tenant ID' of your Microsoft Entra instance - this value is a GUID |
| **Allowed token audiences** | `api://<client-id>` | Required value for this sample. <br/> 'Application ID URI' of app registration in Azure portal - this value typically starts with api:// |
| **Restrict access** | **Require authentication** | Required value for this sample. |
| **Unauthenticated requests** | **HTTP 401 Unauthorized: recommended for APIs** | Suggested value for this sample. |
Expand Down
4 changes: 2 additions & 2 deletions web-api-obo-client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@

// <ms_docref_add_msal>
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
// Acquire an access token from Azure AD for this client to access Microsoft Graph based
// on the permissions granted this application in its Azure AD App registration.
// Acquire an access token from Microsoft Entra ID for this client to access Microsoft Graph based
// on the permissions granted this application in its Microsoft Entra App registration.
// The client credential flow will automatically attempt to use or renew any cached
// tokens, without the need to call acquireTokenSilently first.
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
Expand Down
10 changes: 5 additions & 5 deletions web-api-obo-client/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ This ASP.NET Core minimal web API issues a call to a protected web API (Microsof
$ curl https://localhost:5001/api/application
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "537a552c-58b7-4468-abdf-a7cbfa000dde",
"id": "00aa11bb-cc22-dd33-ee44-ff55ee66dd77",
"deletedDateTime": null,
"appId": "5b2c581d-e3ac-415e-a770-7f16254fdbf7",
"appId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"applicationTemplateId": null,
"disabledByMicrosoftStatus": null,
"createdDateTime": "2022-02-23T21:35:20Z",
Expand All @@ -53,7 +53,7 @@ $ curl https://localhost:5001/api/application

## Prerequisites

- An Azure Active Directory (Azure AD) tenant. You can [open an Azure account for free](https://azure.microsoft.com/free) to get an Azure AD instance.
- A Microsoft Entra tenant. You can [open an Azure account for free](https://azure.microsoft.com/free) to get a Microsoft Entra instance.
- [.NET 6.0 SDK](https://dotnet.microsoft.com/download/dotnet/6.0)

## Setup
Expand Down Expand Up @@ -110,9 +110,9 @@ If everything worked, you should receive a response from the downstream web API
$ curl https://localhost:5001/api/application -ki
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity",
"id": "537a552c-58b7-4468-abdf-a7cbfa000dde",
"id": "00aa11bb-cc22-dd33-ee44-ff55ee66dd77",
"deletedDateTime": null,
"appId": "5b2c581d-e3ac-415e-a770-7f16254fdbf7",
"appId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"applicationTemplateId": null,
"disabledByMicrosoftStatus": null,
"createdDateTime": "2022-02-23T21:35:20Z",
Expand Down
12 changes: 8 additions & 4 deletions web-api-obo-user/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,20 +35,22 @@ $ curl https://localhost:5001/api/me -H "Authorization: Bearer {valid-access-tok
"officeLocation": null,
"preferredLanguage": null,
"surname": null,
"id": "cff40dac-17ea-4183-9caf-65f2ee90c562"
"id": "00aa11bb-cc22-dd33-ee44-ff55ee66dd77"
}
```

> :page_with_curl: This sample application backs one or more technical articles on docs.microsoft.com. <!-- TODO: Link to first tutorial in series when published. -->
## Prerequisites

- An Azure Active Directory (Azure AD) tenant. You can [open an Azure account for free](https://azure.microsoft.com/free) to get an Azure AD instance.
- A Microsoft Entra tenant. You can [open an Azure account for free](https://azure.microsoft.com/free) to get a Microsoft Entra instance.
- [.NET 6.0 SDK](https://dotnet.microsoft.com/download/dotnet/6.0)

## Setup

### 1. Register the web API application in Azure Active Directory (Azure AD)
<a name='1-register-the-web-api-application-in-azure-active-directory-azure-ad'></a>

### 1. Register the web API application in Microsoft Entra ID

First, complete the steps in [Configure an application to expose a web API](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) to register the sample API and expose a scope.

Expand All @@ -65,7 +67,9 @@ Use the following settings for your app registration:

> :information_source: **Bold text** in the table matches (or is similar to) a UI element in the Azure portal, while `code formatting` indicates a value you enter into a text box or select in the Azure portal.
### 2. Register a client application in Azure AD
<a name='2-register-a-client-application-in-azure-ad'></a>

### 2. Register a client application in Microsoft Entra ID

Second, complete the steps in [Register an application with the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) to register the client sample app.

Expand Down
6 changes: 3 additions & 3 deletions web-api/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ The sample code provided here has been created using minimal web API in ASP.NET
## Prerequisites

- An Azure Active Directory (Azure AD) tenant. You can [open an Azure account for free](https://azure.microsoft.com/free) to get an Azure AD instance.
- A Microsoft Entra tenant. You can [open an Azure account for free](https://azure.microsoft.com/free) to get a Microsoft Entra instance.
- [.NET 6.0 SDK](https://dotnet.microsoft.com/download/dotnet/6.0)

## Setup
Expand Down Expand Up @@ -61,8 +61,8 @@ In the _./appsettings.json_ file, replace these `{PLACEHOLDER}` values with the
For example:

```json
"ClientId": "00000000-11aa-bbbb-2222-33333ddddddd",
"TenantId": "00000000-11aa-bbbb-2222-33333ddddddd",
"ClientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"TenantId": "dddd5555-eeee-6666-ffff-00001111aaaa",
```

## Run the application
Expand Down
Loading

0 comments on commit 4138329

Please sign in to comment.