Azure-Samples/active-directory-dotnetcore-daemon-v2

Sample is incomplete. Missing TodoListService Implementation.

Closed this issue · 10 comments

AlphaCreativeDev commented

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ x] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

Sample should include TodoListService like the old samples did.

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

The following sample had links to this sample that says "There's a newer version of this sample! Check it out: https://github.com/azure-samples/ms-identity-dotnetcore-daemon-console" However this newer sample does not include the TodoListService.

Old Sample:
https://github.com/Azure-Samples/active-directory-dotnet-daemon

Thanks! We'll be in touch soon.

jmprieur commented

@alphacreative. This sample calls the Microsoft Graph
But I see your point. There are complexities in securing the service for a Web API. We'll transform this sample into an incrementl tutorial:

  1. call the Microsoft Graph
  2. call your own Web API

Would that work for you?

AlphaCreativeDev commented

Yes that would be beneficial. Basically we are trying to implement the same flow that is defined in the old sample where the TodoListService is hosted in Azure.
image

Here is our full scenario: We have a private API that we want to host in Azure that will probably only ever be called by Azure Function Apps. Is there a simpler way to secure the API in this scenario than what these samples show or am I on the write track looking into these samples?

thilankascentic commented

@jmprieur

For protected Web APIs: you have 2 samples from here: https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code#web-apis

these examples required a user to sign in to AD and then generating token right?
in my scenario, i have a .net core web API instead of a graph API, so im looking for a solution to authenticate client application without a user interaction (service to service), hope you can point out some samples or guide to achieve that?

TiagoBrenck commented

@thilankascentic let me see if I understood you correctly. Do you have a daemon app that needs to call your own web api, and you want the daemon to send an AD token to your API and it should validate beforehand? Is that your case?

thilankascentic commented

@thilankascentic let me see if I understood you correctly. Do you have a daemon app that needs to call your own web api, and you want the daemon to send an AD token to your API and it should validate beforehand? Is that your case?

@TiagoBrenck , yes exactly.
looking for a complete guide (noobie here)

TiagoBrenck commented

@thilankascentic I will add this to my list, but you basically have all the pieces in separate repos.
So, for you daemon app, this repo is your guidance. The only change will be on Program.cs line 107, to call your own api (maybe the Display method also need to be modified):

await apiCaller.CallWebApiAndProcessResultASync("https://your-web-api", result.AccessToken, Display);

For the web api, you can literally copy this TodoListService WebAPI since it deals with the protection and bearer token authentication.

jmprieur commented

PR is #32

  • 👍1
TiagoBrenck commented

PR merged.

  • 👍1