Azure-Samples
diff --git a/‎.gitignore
+1 b/‎.gitignore
+1
diff --git a/‎2-WebApp-graph-user/2-1-Call-MSGraph/AspnetCoreWebApp-calls-Microsoft-Graph.sln
+1-1 b/‎2-WebApp-graph-user/2-1-Call-MSGraph/AspnetCoreWebApp-calls-Microsoft-Graph.sln
+1-1
diff --git a/‎2-WebApp-graph-user/2-1-Call-MSGraph/Controllers/HomeController.cs
+21-38 b/‎2-WebApp-graph-user/2-1-Call-MSGraph/Controllers/HomeController.cs
+21-38
diff --git a/‎2-WebApp-graph-user/2-1-Call-MSGraph/Models/AuthenticationHeaderHelper.cs
+4-34 b/‎2-WebApp-graph-user/2-1-Call-MSGraph/Models/AuthenticationHeaderHelper.cs
+4-34
diff --git a/‎2-WebApp-graph-user/2-1-Call-MSGraph/Models/ErrorViewModel.cs
+1-1 b/‎2-WebApp-graph-user/2-1-Call-MSGraph/Models/ErrorViewModel.cs
+1-1
diff --git a/‎2-WebApp-graph-user/2-1-Call-MSGraph/Models/WebApiMsalUiRequiredException.cs
-37 b/‎2-WebApp-graph-user/2-1-Call-MSGraph/Models/WebApiMsalUiRequiredException.cs
-37
diff --git a/‎2-WebApp-graph-user/2-1-Call-MSGraph/Program.cs
+1-1 b/‎2-WebApp-graph-user/2-1-Call-MSGraph/Program.cs
+1-1
@@ -132,3 +132,4 @@ packages
 /4-WebApp-your-API/4-2-B2C/TodoListService/obj
 /4-WebApp-your-API/4-2-B2C/Client/bin
 /4-WebApp-your-API/4-2-B2C/TodoListService/bin
+/2-WebApp-graph-user/2-1-Call-MSGraph/.vscode
@@ -3,7 +3,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 16
 VisualStudioVersion = 16.0.30413.136
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebApp-OpenIDConnect-DotNet", "WebApp-OpenIDConnect-DotNet.csproj", "{76F9C1E5-3CF7-4C9A-A0EC-D15B5F11022D}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebApp-OpenIDConnect-DotNet-graph", "WebApp-OpenIDConnect-DotNet-graph.csproj", "{76F9C1E5-3CF7-4C9A-A0EC-D15B5F11022D}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 
@@ -1,6 +1,7 @@
-using _2_1_Call_MSGraph.Models;
+using CallMSGraph.Models;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
 using Microsoft.Graph;
 using Microsoft.Identity.Web;
@@ -9,7 +10,7 @@
 using System.IO;
 using System.Threading.Tasks;
 
-namespace _2_1_Call_MSGraph.Controllers
+namespace CallMSGraph.Controllers
 {
     [Authorize]
     public class HomeController : Controller
@@ -20,13 +21,18 @@ public class HomeController : Controller
 
         private readonly MicrosoftIdentityConsentAndConditionalAccessHandler _consentHandler;
 
+        private string[] _graphScopes = new[] { "user.read" };
+
         public HomeController(ILogger<HomeController> logger,
-                          GraphServiceClient graphServiceClient,
-                          MicrosoftIdentityConsentAndConditionalAccessHandler consentHandler)
+                            IConfiguration configuration,
+                            GraphServiceClient graphServiceClient,
+                            MicrosoftIdentityConsentAndConditionalAccessHandler consentHandler)
         {
             _logger = logger;
             _graphServiceClient = graphServiceClient;
             this._consentHandler = consentHandler;
+
+            _graphScopes = configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
         }
 
         [AuthorizeForScopes(ScopeKeySection = "DownstreamApi:Scopes")]
@@ -40,52 +46,30 @@ public IActionResult Index()
         [AuthorizeForScopes(ScopeKeySection = "DownstreamApi:Scopes")]
         public async Task<IActionResult> Profile()
         {
-            Microsoft.Graph.User currentUser = null;
+            User currentUser = null;
 
             try
             {
                 currentUser = await _graphServiceClient.Me.Request().GetAsync();
             }
-            catch (System.Exception ex)
+            catch (System.Exception ex) // Catch CAE exception from Graph SDK
             {
-                if (ex is WebApiMsalUiRequiredException || (ex is ServiceException && ex.Message.Trim().Contains("Continuous access evaluation resulted in claims challenge")))
+                if (ex is ServiceException && ex.Message.Trim().Contains("Continuous access evaluation resulted in claims challenge"))
                 {
-                    if (ex is WebApiMsalUiRequiredException)
+                    try
                     {
-                        try
-                        {
-                            WebApiMsalUiRequiredException hex = ex as WebApiMsalUiRequiredException;
-                            Console.WriteLine($"{hex}");
-
-                            var claimChallenge = AuthenticationHeaderHelper.ExtractHeaderValues(hex);
-                            _consentHandler.ChallengeUser(new string[] { "user.read" }, claimChallenge);
-
-                            return new EmptyResult();
-                        }
-                        catch (Exception ex2)
-                        {
-                            _consentHandler.HandleException(ex2);
-                        }
+                        ServiceException svcex = ex as ServiceException;
+                        Console.WriteLine($"{svcex}");
+                        var claimChallenge = AuthenticationHeaderHelper.ExtractClaimChallengeFromHttpHeader(svcex.ResponseHeaders);
+                        _consentHandler.ChallengeUser(_graphScopes, claimChallenge);
+                        return new EmptyResult();
                     }
-
-                    if (ex is ServiceException)
+                    catch (Exception ex2)
                     {
-                        try
-                        {
-                            ServiceException svcex = ex as ServiceException;
-                            Console.WriteLine($"{svcex}");
-                            var claimChallenge = AuthenticationHeaderHelper.ExtractHeaderValues(svcex.ResponseHeaders);
-                            _consentHandler.ChallengeUser(new string[] { "user.read" }, claimChallenge);
-                            return new EmptyResult();
-                        }
-                        catch (Exception ex2)
-                        {
-                            _consentHandler.HandleException(ex2);
-                        }
+                        _consentHandler.HandleException(ex2);
                     }
                 }
 
-
                 try
                 {
                     // Get user photo
@@ -100,7 +84,6 @@ public async Task<IActionResult> Profile()
                     Console.WriteLine($"{pex}");
                     ViewData["Photo"] = null;
                 }
-               
             }
             ViewData["Me"] = currentUser;
             return View();
 
@@ -4,46 +4,16 @@
 using System.Threading.Tasks;
 using System.Net.Http.Headers;
 
-namespace _2_1_Call_MSGraph.Models
+namespace CallMSGraph.Models
 {
     public class AuthenticationHeaderHelper
     {
         /// <summary>
-        /// Extract claims from WwwAuthenticate header and returns the value.
+        /// Extracts the claim challenge from HTTP header.
         /// </summary>
-        /// <param name="response"></param>
+        /// <param name="httpResponseHeaders">The HTTP response headers.</param>
         /// <returns></returns>
-        internal static string ExtractHeaderValues(WebApiMsalUiRequiredException response)
-        {
-            if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized && response.Headers.WwwAuthenticate.Any())
-            {
-                AuthenticationHeaderValue bearer = response.Headers.WwwAuthenticate.First(v => v.Scheme == "Bearer");
-                IEnumerable<string> parameters = bearer.Parameter.Split(',').Select(v => v.Trim()).ToList();
-                var errorValue = GetParameterValue(parameters, "error");
-
-                try
-                {
-                    // read the header and checks if it conatins error with insufficient_claims value.
-                    if (null != errorValue && "insufficient_claims" == errorValue)
-                    {
-                        var claimChallengeParameter = GetParameterValue(parameters, "claims");
-                        if (null != claimChallengeParameter)
-                        {
-                            var claimChallenge = ConvertBase64String(claimChallengeParameter);
-
-                            return claimChallenge;
-                        }
-                    }
-                }
-                catch (Exception ex)
-                {
-                    throw ex;
-                }
-            }
-            return null;
-        }
-
-        internal static string ExtractHeaderValues(HttpResponseHeaders httpResponseHeaders)
+        internal static string ExtractClaimChallengeFromHttpHeader(HttpResponseHeaders httpResponseHeaders)
         {
             if (httpResponseHeaders.WwwAuthenticate.Any())
             {
 
@@ -1,4 +1,4 @@
-namespace _2_1_Call_MSGraph.Models
+namespace CallMSGraph.Models
 {
     public class ErrorViewModel
     {
 
@@ -1,7 +1,7 @@
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Hosting;
 
-namespace _2_1_Call_MSGraph
+namespace CallMSGraph
 {
     public class Program
     {
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-namespace _2_1_Call_MSGraph.Models`
	`1`	`+namespace CallMSGraph.Models`
`2`	`2`	`{`
`3`	`3`	`public class ErrorViewModel`
`4`	`4`	`{`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`using Microsoft.AspNetCore.Hosting;`
`2`	`2`	`using Microsoft.Extensions.Hosting;`
`3`	`3`
`4`		`-namespace _2_1_Call_MSGraph`
	`4`	`+namespace CallMSGraph`
`5`	`5`	`{`
`6`	`6`	`public class Program`
`7`	`7`	`{`