Merge pull request #3 from AzureADQuickStarts/desktopCallingAnotherV2WebApi

Improving the App.Config to explain all the possibilities

Author: jmprieur

TodoListClient/App.config

@@ -4,12 +4,21 @@
         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
     </startup>
   <appSettings>
+    <!-- ida:Client is a GUID representing the Application Id for the TodoListClient app that you copied from
+         the App Registration Portal (https://apps.dev.microsoft.com) -->
     <add key="ida:ClientId" value="{Enter the Application Id that you copied from the App Registration Portal.}" />
+
+    <!-- todo:Scope is either:
+     - the same as ida:ClientId, as V2 apps enable several platforms for a same application (a GUID)
+     - or otherwise the scope of the Web API created with aht App Registration portal, for instance api://[V2-WebApi-AppId]/access_as_user
+       where [V2-WebApi-AppId] is a GUID representing the Application ID of the Web API.
+     - or otherwise this can be the scope of a V1 Web API (created with https://portal.azure.com) for instance [V1_WebApi-AppId]/user_impersonation
+       where [V1-WebApi-AppId] is a GUID representing the Application ID (also named Client ID) of the V1 Web API created in https://portal.azure.com.
+       In that case (V1 app), the Authority used to build the PubliClientApplication in MainWindow.xaml.cs should be set to 
+       "https://login.microsoftonline.com/organizations/" instead of "https://login.microsoftonline.com/common/"
+    -->
     <add key="todo:Scope" value="{Enter the scope of the Web API, as copied from the App Registration Portal, for instance api://[WebApi-AppId]/access_as_user where [WebApi-AppId] is a GUID" />
-    <!-- 
-       Note that the [WebAPI-AppId], which is the Application Id of the called Web API can be the same as the ida:ClientId 
-       as V2 apps enable several platforms for a same application. But this can also be a different applications
-       -->
+  
     <add key="todo:TodoListBaseAddress" value="https://localhost:44321/" />
   </appSettings>
 </configuration>

TodoListService/App_Start/Startup.Auth.cs

@@ -13,23 +13,17 @@ namespace TodoListService
 {
     public partial class Startup
     {
-        private static string clientId = ConfigurationManager.AppSettings["ida:Audience"];
+        private static string audience = ConfigurationManager.AppSettings["ida:Audience"];
 
         public void ConfigureAuth(IAppBuilder app)
         {
             var tvps = new TokenValidationParameters
             {
-                // In this app, the TodoListClient and TodoListService
-                // are represented using the same Application Id - we use
-                // the Application Id to represent the audience, or the
-                // intended recipient of tokens.
-
-                ValidAudience = clientId,
+                ValidAudience = audience,
 
                 // In a real applicaiton, you might use issuer validation to
                 // verify that the user's organization (if applicable) has 
                 // signed up for the app.  Here, we'll just turn it off.
-
                 ValidateIssuer = false,
             };