You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -114,12 +114,12 @@ In this step, you configure your *TodoListClient* project by registering a new a
114
114
115
115
### Step 5: Pre-authorize your client application
116
116
117
-
One of the ways to allow users from other directories to access your Web API is by *pre-authorizing* the client applications to access your Web API by adding the Application Ids from client applications in the list of **Authorized client applications** for your Web API. By adding a pre-authorized client, you will not require user to consent to use your Web API. Follow the steps below to pre-authorize your Web Application:
117
+
One of the ways to allow users from other directories to access your Web API is by *pre-authorizing* the client applications to access your Web API by adding the Application Ids from client applications in the list of *pre-authorized*applications for your Web API. By adding a pre-authorized client, you will not require user to consent to use your Web API. Follow the steps below to pre-authorize your Web Application::
118
118
119
119
1. Go back to the *Application registration portal* and open the properties of your **TodoListService**.
120
-
1. In the **Expose an API** section, select **Add a client application** under the *Pre-authorized applications* section.
121
-
1. In the **Client ID** field, paste the application (Client) ID of the `TodoListClient` application.
122
-
1. In the **Authorized Scopes** field, check the scope for this Web API `api://<Application ID>/access_as_user`.
120
+
1. In the **Expose an API** section, click on **Add a client application** under the *Authorized client applications* section.
121
+
1. In the *Client ID* field, paste the application ID of the `TodoListClient` application.
122
+
1. In the *Authorized scopes* section, select the scope for this Web API `api://<Application ID>/access_as_user`.
123
123
1. Press the **Add application** button at the bottom of the page.
124
124
125
125
### Step 6: Run your project
@@ -137,8 +137,9 @@ To restrict who can sign in to your application, use one of the options:
137
137
138
138
You can restrict sign-in access for your application to only user accounts that are in a single Azure AD tenant - including *guest accounts* of that tenant. This scenario is a common for *line-of-business applications*:
139
139
140
+
1. Open **App_Start\Startup.Auth** file, and change the value of the metadata endpoint that's passed into the OpenIdConnectSecurityTokenProvider to "https://login.microsoftonline.com/{Tenant ID}/v2.0/.well-known/openid-configuration" (you can also use Tenant Name, such as contoso.onmicrosoft.com).
140
141
1. In the **web.config** file of your **TodoListService**, change the value for the `Tenant` parameter from `Common` to the tenant name of the organization, such as `contoso.onmicrosoft.com` or the *Tenant Id*.
141
-
2.Open **App_Start\Startup.Auth**file and set the `ValidateIssuer` argument to `true`.
142
+
2.In the same file, set the ValidIssuer property on the TokenValidationParameters to "https://sts.windows.net/{Tenant Id}/"the `ValidateIssuer` argument to `true`.
142
143
143
144
#### Option 2: Use a custom method to validate issuers
0 commit comments