revamped dample

Author: Kalyan Krishna

2-WebApp-graph-user/2-1-Call-MSGraph/AspnetCoreWebApp-calls-Microsoft-Graph.sln

@@ -1,25 +1,25 @@
-
+
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 16
-VisualStudioVersion = 16.0.30413.136
+VisualStudioVersion = 16.0.31205.134
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebApp-OpenIDConnect-DotNet-graph", "WebApp-OpenIDConnect-DotNet-graph.csproj", "{76F9C1E5-3CF7-4C9A-A0EC-D15B5F11022D}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebApp-OpenIDConnect-DotNet-graph", "WebApp-OpenIDConnect-DotNet-graph.csproj", "{CD439522-E7A5-4E3D-ABB8-C1CBD75C20F4}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{76F9C1E5-3CF7-4C9A-A0EC-D15B5F11022D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{76F9C1E5-3CF7-4C9A-A0EC-D15B5F11022D}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{76F9C1E5-3CF7-4C9A-A0EC-D15B5F11022D}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{76F9C1E5-3CF7-4C9A-A0EC-D15B5F11022D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{CD439522-E7A5-4E3D-ABB8-C1CBD75C20F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CD439522-E7A5-4E3D-ABB8-C1CBD75C20F4}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CD439522-E7A5-4E3D-ABB8-C1CBD75C20F4}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CD439522-E7A5-4E3D-ABB8-C1CBD75C20F4}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {AB49E34F-5B62-4F54-BAEA-C6473483C761}
+		SolutionGuid = {758B6E79-7674-4FEE-9D22-CAB21B4284CB}
 	EndGlobalSection
 EndGlobal

2-WebApp-graph-user/2-1-Call-MSGraph/Controllers/HomeController.cs

@@ -1,4 +1,7 @@
-using CallMSGraph.Models;
+using Azure;
+using Azure.Identity;
+using Azure.Security.KeyVault.Secrets;
+using CallMSGraph.Helpers;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Configuration;
@@ -9,8 +12,9 @@
 using System.Diagnostics;
 using System.IO;
 using System.Threading.Tasks;
+using WebApp_OpenIDConnect_DotNet_graph.Models;
 
-namespace CallMSGraph.Controllers
+namespace WebApp_OpenIDConnect_DotNet_graph.Controllers
 {
     [Authorize]
     public class HomeController : Controller
@@ -38,8 +42,6 @@ public HomeController(ILogger<HomeController> logger,
         [AuthorizeForScopes(ScopeKeySection = "DownstreamApi:Scopes")]
         public IActionResult Index()
         {
-            ViewData["ApiResult"] = HttpContext.User.Identity.Name;
-
             return View();
         }
 
@@ -69,22 +71,23 @@ public async Task<IActionResult> Profile()
                         _consentHandler.HandleException(ex2);
                     }
                 }
+            }
 
-                try
-                {
-                    // Get user photo
-                    using (var photoStream = await _graphServiceClient.Me.Photo.Content.Request().GetAsync())
-                    {
-                        byte[] photoByte = ((MemoryStream)photoStream).ToArray();
-                        ViewData["Photo"] = Convert.ToBase64String(photoByte);
-                    }
-                }
-                catch (Exception pex)
+            try
+            {
+                // Get user photo
+                using (var photoStream = await _graphServiceClient.Me.Photo.Content.Request().GetAsync())
                 {
-                    Console.WriteLine($"{pex}");
-                    ViewData["Photo"] = null;
+                    byte[] photoByte = ((MemoryStream)photoStream).ToArray();
+                    ViewData["Photo"] = Convert.ToBase64String(photoByte);
                 }
             }
+            catch (Exception pex)
+            {
+                Console.WriteLine($"{pex}");
+                ViewData["Photo"] = null;
+            }
+
             ViewData["Me"] = currentUser;
             return View();
         }
@@ -100,5 +103,15 @@ public IActionResult Error()
         {
             return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
         }
+
+        private string GetSecretFromKeyVault()
+        {
+            string uri = Environment.GetEnvironmentVariable("KEY_VAULT_URI");
+            SecretClient client = new SecretClient(new Uri(uri), new DefaultAzureCredential());
+
+            Response<KeyVaultSecret> secret = client.GetSecretAsync("Graph-App-Secret").Result;
+
+            return secret.Value.Value;
+        }
     }
 }

2-WebApp-graph-user/2-1-Call-MSGraph/Models/AuthenticationHeaderHelper.cs renamed to 2-WebApp-graph-user/2-1-Call-MSGraph/Helpers/AuthenticationHeaderHelper.cs

@@ -4,8 +4,11 @@
 using System.Threading.Tasks;
 using System.Net.Http.Headers;
 
-namespace CallMSGraph.Models
+namespace CallMSGraph.Helpers
 {
+    /// <summary>
+    /// Helper methods to work with data in WWW-Authentication header
+    /// </summary>
     public class AuthenticationHeaderHelper
     {
         /// <summary>

2-WebApp-graph-user/2-1-Call-MSGraph/Models/ErrorViewModel.cs

@@ -1,4 +1,6 @@
-namespace CallMSGraph.Models
+using System;
+
+namespace WebApp_OpenIDConnect_DotNet_graph.Models
 {
     public class ErrorViewModel
     {

2-WebApp-graph-user/2-1-Call-MSGraph/Program.cs

@@ -1,7 +1,13 @@
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
 
-namespace CallMSGraph
+namespace WebApp_OpenIDConnect_DotNet_graph
 {
     public class Program
     {

2-WebApp-graph-user/2-1-Call-MSGraph/Properties/launchSettings.json

@@ -1,20 +1,27 @@
-{
+{
   "iisSettings": {
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
-      "applicationUrl": "http://localhost:3110/",
+      "applicationUrl": "http://localhost:47464",
       "sslPort": 44321
     }
   },
-    "profiles": {
-      "WebApp_OpenIDConnect_DotNet": {
-        "commandName": "Project",
-        "launchBrowser": true,
-        "environmentVariables": {
-          "ASPNETCORE_ENVIRONMENT": "Development"
-        },
-            "applicationUrl": "https://localhost:44321;http://localhost:3110"
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "WebApp_OpenIDConnect_DotNet_graph": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "applicationUrl": "https://localhost:44321;http://localhost:5000",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
-}
+  }
+}

2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.json

@@ -11,7 +11,7 @@ urlFragment: active-directory-aspnetcore-webapp-openidconnect-v2
 description: "This sample demonstrates a ASP.NET Core Web App calling the Microsoft Graph"
 ---
 
-# # Enable your ASP.NET Core web app to sign in users and call Microsoft Graph with the Microsoft identity platform
+# Enable your ASP.NET Core web app to sign in users and call Microsoft Graph with the Microsoft identity platform
 
  1. [Overview](#overview)
  1. [Scenario](#scenario)
@@ -40,7 +40,6 @@ This sample demonstrates an ASP.NET Core web app that calls the Microsoft Graph
 
 ![Sign in with the Microsoft identity platform and call Graph](ReadmeFiles/sign-in.png)
 
-
 ## Prerequisites
 
 - Either [Visual Studio](https://visualstudio.microsoft.com/downloads/) or [Visual Studio Code](https://code.visualstudio.com/download) and [.NET Core SDK](https://www.microsoft.com/net/learn/get-started)
@@ -192,7 +191,7 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
 
 1. In this aspnetcore web project, first the packages `Microsoft.Identity.Web` and `Microsoft.Identity.Web.UI` were added from NuGet. These libraries are used to simplify the process of signing-in a user and acquiring tokens for Microsoft Graph.
 
-1. In the **Startup.cs** file :
+1. Staring with the **Startup.cs** file :
 
    - at the top of the file, the following two using directives were added:
 
@@ -357,5 +356,4 @@ To provide feedback on or suggest features for Azure Active Directory, visit [Us
 
 If you'd like to contribute to this sample, see [CONTRIBUTING.MD](/CONTRIBUTING.md).
 
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [[email protected]](mailto:[email protected]) with any additional questions or comments.
-
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [[email protected]](mailto:[email protected]) with any additional questions or comments.

2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.local.json

@@ -1,15 +1,21 @@
+using Azure;
+using Azure.Identity;
+using Azure.Security.KeyVault.Secrets;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.Identity.Web;
-using Microsoft.Identity.Web.UI;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using Microsoft.Identity.Web;
+using Microsoft.Identity.Web.UI;
+using System;
+using System.Diagnostics;
+using System.Threading.Tasks;
 
-namespace CallMSGraph
+namespace WebApp_OpenIDConnect_DotNet_graph
 {
     public class Startup
     {
@@ -26,37 +32,14 @@ public void ConfigureServices(IServiceCollection services)
             string[] initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
 
             services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
-                .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
+                .AddMicrosoftIdentityWebApp(Configuration)
                 .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
                 .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
                 .AddInMemoryTokenCaches();
 
-            /*
-               // or use a distributed Token Cache by adding 
-                    .AddDistributedTokenCaches();
-
-               // and then choose your implementation. 
-               // See https://docs.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-2.2#distributed-memory-cache
-
-               // For instance the distributed in memory cache
-                services.AddDistributedMemoryCache()
-
-               // Or a Redis cache
-               services.AddStackExchangeRedisCache(options =>
-                    {
-                        options.Configuration = "localhost";
-                        options.InstanceName = "SampleInstance";
-                    });
-
-               // Or even a SQL Server token cache
-               services.AddDistributedSqlServerCache(options =>
-                {
-                    options.ConnectionString = 
-                        _config["DistCache_ConnectionString"];
-                    options.SchemaName = "dbo";
-                    options.TableName = "TestCache";
-                });
-            */
+            // client secret is picked from KeyVault
+            services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme,
+                options => { options.ClientSecret = GetSecretFromKeyVault(); });
 
             services.AddControllersWithViews(options =>
             {
@@ -65,8 +48,9 @@ public void ConfigureServices(IServiceCollection services)
                     .Build();
                 options.Filters.Add(new AuthorizeFilter(policy));
             });
+
             services.AddRazorPages()
-                    .AddMicrosoftIdentityUI();
+                  .AddMicrosoftIdentityUI();
 
             // Add the UI support to handle claims challenges
             services.AddServerSideBlazor()
@@ -102,5 +86,22 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                 endpoints.MapRazorPages();
             });
         }
+
+        /// <summary>
+        /// Gets the secret from key vault via an enabled Managed Identity.
+        /// </summary>
+        /// <remarks>https://github.com/Azure-Samples/app-service-msi-keyvault-dotnet/blob/master/README.md</remarks>
+        /// <returns></returns>
+        private string GetSecretFromKeyVault()
+        {
+            // this should point to your vault's URI, like https://<yourkeyvault>.vault.azure.net/
+            string uri = Environment.GetEnvironmentVariable("KEY_VAULT_URI");
+            SecretClient client = new SecretClient(new Uri(uri), new DefaultAzureCredential());
+
+            // The secret name, for example if the full url to the secret is https://<yourkeyvault>.vault.azure.net/secrets/Graph-App-Secret
+            Response<KeyVaultSecret> secret = client.GetSecretAsync("Graph-App-Secret").Result;
+
+            return secret.Value.Value;
+        }
     }
-}
+}

2-WebApp-graph-user/2-1-Call-MSGraph/README.md

@@ -2,11 +2,15 @@
     ViewData["Title"] = "Home Page";
 }
 
-<h1>
-    Integrating Azure AD V2 into an ASP.NET Core web app and calling the Microsoft Graph API on behalf of the user
-</h1>
-<p>
-    This sample shows how to build a .NET Core 3.1 MVC Web app that uses OpenID Connect to sign in users. Users can use personal accounts (including outlook.com, live.com, and others) as well as work and school accounts from any company or organization that has integrated with Azure Active Directory. It leverages the ASP.NET Core OpenID Connect middleware.
-</p>
-<img src="https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/raw/master/2-WebApp-graph-user/2-1-Call-MSGraph/ReadmeFiles/sign-in.png
-"/>
+<div class="text-center">
+    <h1 class="display-4">Welcome</h1>
+    <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
+</div>
+
+<div class="text-center"><p>
+    <h5 class="display-5">Enable your ASP.NET Core web app to sign in users and call Microsoft Graph with the Microsoft identity platform </h5>
+    </p>
+    <img src="https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/raw/master/2-WebApp-graph-user/2-1-Call-MSGraph/ReadmeFiles/sign-in.png" />
+    <p>Integrate an ASP.NET Core web app with the Microsoft Identity platform and calls Microsoft Graph API for the signed-in user</p>
+</div>
+

2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs

@@ -1,4 +1,4 @@
-@{
+@{
     ViewData["Title"] = "Privacy Policy";
 }
 <h1>@ViewData["Title"]</h1>