/active-directory-javascript-singlepageapp-dotnet-webapi-v2

A JavaScript based single page app with a .NET backend that authenticates users for AzureAD, Microsoft personal and work accounts, and more, and calls the backend web api using access tokens, without using any Single Page Application framework

Primary LanguageC#MIT LicenseMIT

services platforms author page_type languages products description
active-directory
dotnet (backend), JavaScript (frontend)
jmprieur
sample
javascript
azure
azure-active-directory
aspnet
office-ms-graph
Demonstrates how a JavaScript single-page app with an ASP.NET backend gets a token and calls a web API using MSAL.JS.

JavaScript Single Page Application with an ASP.NET backend, using msal.js

Getting Started Library Docs Support Protocol

Table of contents

Introduction

The MSAL preview library for JavaScript gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. This sample us a JavaScript Single Page with an ASP.NET backend. It demonstrates all the normal lifecycles your application should experience, including:

  • How to get a token
  • How to refresh a token
  • How to call a backend Web API
  • How to sign a user out of your application

Prerequisites

To use this sample, you will need :

Register the application

  1. Sign in to the Azure Portal to register an application.

  2. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant.

  3. From the left hand navigation pane, choose Azure Active Directory.

  4. Click on App registrations and choose New registration.

  5. When the Register an application page appears, enter a name for your application.

  6. Under Supported account types, select Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com).

  7. Select the Web platform under the Redirect URI section and set the value to https://localhost:44302/.

  8. When finished, select Register. On the app Overview page, note down the Application ID value.

  9. This quickstart requires the Implicit grant flow to be enabled. In the left-hand navigation pane of the registered application, select Authentication.

  10. In Advanced settings, under Implicit grant, enable both ID tokens and Access tokens checkboxes. ID tokens and Access tokens are required since this app needs to sign in users and call an API.

  11. Select Save.

Build and run the sample

  1. Download or clone the repository for this sample.

  2. Using your favorite IDE, open app.js in App/scripts.

  3. Replace the clientId GUID with the application ID of your registered Azure application that you pasted in the clipboard.

  4. open Web.config in the root of the application.

  5. Replace the value of the Ida::Audience application setting with the application ID of your registered Azure application (same GUID that you pasted to the clipboard). Note that Ida::Tenant is not currently set in the Web.config as all Microsoft identity platform web APIs are currently multi-tenant.

  6. Run the application in Visual Studio, for choose, from the toolback under the main menubar, which browser to use and use the Debug | Start without debugging command. The browser opens, navigating to http://localhost:44302.

  7. When the page gets displayed, click on the Login button.

  8. When the popup window appears, sign-in with your personal or work or school account and grant the requested permissions.

  9. Click on User to see information about the Signed-in user, and TodoList to edit the todo list (you can add, delete, edit new items)

The sample was tested with Chrome, Edge and Internet Explorer. For Internet explorer, be sure to read the msal.js FAQ Using msal.js with Internet Explorer

About the code.

  • The creation of the user agent application is done in app.js, configured by the clientID.

  • when the user presses the login button (sign-in happens, in app.js by a call to loginPopup().

  • when the user presses Todo, the list is fetched from the ASP.NET backend. this happens in todoListCtrl.js, by attempting to call acquireTokenSilent, and then, if it fails calling acquireTokenPopup. The access token is then used to call the backend (which has the same clientID as the JavaScript front-end). This happens in getTodoList.

  • when the user presses the logout button (sign-out happens, in app.js through a call to logout().

Community Help and Support

We use Stack Overflow with the community to provide support. We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [msal.js].

If you find and bug or have a feature request, please raise the issue on GitHub Issues.

To provide a recommendation, visit our User Voice page.

Contributing

If you'd like to contribute to this sample, see CONTRIBUTING.MD.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Security Library

This library controls how users sign-in and access services. We recommend you always take the latest version of our library in your app when possible.

Security Reporting

If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");