Merge pull request #13 from AzureADQuickStarts/jmprieur/updateToMsal3x

Jmprieur/update to msal3x

Author: jmprieur

README.md

@@ -72,7 +72,11 @@ If you want to register your apps manually, as a first step you'll need to:
 
 1. Open the **app.config** file located in **TodoListClient** project's root folder and then paste **Application Id** from the application you just registered for your *TodoListService* under `TodoListServiceScope` parameter, replacing the string `{Enter the Application Id of your TodoListService from the app registration portal}`.
 
-    > Note: Make sure it uses has the format `api://{TodoListService-Application-Id}/access_as_user` (where {TodoListService-Application-Id} is the Guid representing the Application Id for your TodoListService).
+   > Note: Make sure it uses the following format:
+   >
+   > `api://{TodoListService-Application-Id}/access_as_user` 
+   >
+   >(where {TodoListService-Application-Id} is the Guid representing the Application Id for your TodoListService).
 
 ### Step 3:  Register the client app (TodoListClient)
 
@@ -84,34 +88,33 @@ In this step, you configure your *TodoListClient* project by registering a new a
 1. Select **New registration**.
 1. When the **Register an application page** appears, enter your application's registration information:
    - In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `NativeClient-DotNet-TodoListClient`.
-   - Change **Supported account types** to **Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com)**.
+   - Change **Supported account types** to **Accounts in any organizational directory**.
    - Select **Register** to create the application.
-1. On the app **Overview** page, find the **Application (client) ID** value and record it for later. You'll need it to configure the Visual Studio configuration file for this project (`ida:ClientId` in `TodoListClient\App.Config`).
 1. From the app's Overview page, select the **Authentication** section.
    - In the **Redirect URLs** | **Suggested Redirect URLs for public clients (mobile, desktop)** section, check **urn:ietf:wg:oauth:2.0:oob**
    - Select **Save**.
 1. Select the **API permissions** section
    - Click the **Add a permission** button and then,
-   - Ensure that the **My APIs** tab is selected
+   - Select the **My APIs** tab.
    - In the list of APIs, select the `AppModelv2-NativeClient-DotNet-TodoListService API`, or the name you entered for the Web API.
-   - In the **Delegated permissions** section, ensure that the right permissions are checked: **access_as_user**. Use the search box if necessary.
+   - Check the **access_as_user** permission if it's not already checked. Use the search box if necessary.
    - Select the **Add permissions** button
 
 #### Configure your *TodoListClient* project
 
-1. In the *Application registration portal*, copy the value of the **Application Id**
+1. In the *Application registration portal*, in the **Overview** page copy the value of the **Application (client) Id**
 1. Open the **app.config** file located in the **TodoListClient** project's root folder and then paste the value in the `ida:ClientId` parameter value
 
 ### Step 4: Run your project
 
 1. Press `<F5>` to run your project. Your *TodoListClient* should open.
-1. Select **Sign in** in the top right and sign in with the same user you have used to register your aplication, or a user in the same directory.
+1. Select **Sign in** in the top right and sign in with the same user you have used to register your application, or a user in the same directory.
 1. At this point, if you are signing in for the first time, you may be prompted to consent to *TodoListService* Web Api.
 1. The sign-in also request the access token to the *access_as_user* scope to access *TodoListService* Web Api and manipulate the *To-Do* list.
 
 ### Step 5: Pre-authorize your client application
 
-One of the ways to allow users from other directories to acces your Web API is by *pre-authorizing* the client applications to access your Web API by adding the Application Ids from client applications in the list of *pre-authorized* applications for your Web API. By adding a pre-authorized client, you will not require user to consent to use your Web API. Follow the steps below to pre-authorize your Web Application::
+One of the ways to allow users from other directories to access your Web API is by *pre-authorizing* the client applications to access your Web API by adding the Application Ids from client applications in the list of *pre-authorized* applications for your Web API. By adding a pre-authorized client, you will not require user to consent to use your Web API. Follow the steps below to pre-authorize your Web Application::
 
 1. Go back to the *Application registration portal* and open the properties of your **TodoListService**.
 1. In the **Expose an API** section, click on **Add application** under the *Pre-authorized applications* section.

TodoListClient/App.config

@@ -5,7 +5,7 @@
     </startup>
   <appSettings>
     <!-- ida:Client is a GUID representing the Application Id for the TodoListClient app that you copied from
-         the App Registration Portal (https://apps.dev.microsoft.com) -->
+         the App Registration Portal ((https://go.microsoft.com/fwlink/?linkid=2083908) -->
 
     <add key="ida:ClientId" value="{Enter the Application Id that you copied from the App Registration Portal.}" />
 
@@ -19,7 +19,7 @@
        "https://login.microsoftonline.com/organizations/" instead of "https://login.microsoftonline.com/common/"
     -->
 
-    <add key="TodoListServiceScope" value="{Enter the Application Id of your TodoListService from the app registration portal}" />
+    <add key="TodoListServiceScope" value="api://{Enter the Application Id of your TodoListService from the app registration portal}/access_as_user" />
     <add key="TodoListServiceBaseAddress" value="https://localhost:44321/" />
 
   </appSettings>

TodoListClient/MainWindow.xaml.cs

@@ -48,7 +48,7 @@ public partial class MainWindow : Window
 
 
         private HttpClient httpClient = new HttpClient();
-        private PublicClientApplication app = null;
+        private IPublicClientApplication app = null;
 
         private string[] Scopes = null;
 
@@ -59,8 +59,11 @@ protected override async void OnInitialized(EventArgs e)
             Scopes = new string[] {todoListServiceScope};
 
             // Initialize the PublicClientApplication
-            app = new PublicClientApplication(clientId, "https://login.microsoftonline.com/common/v2.0", TokenCacheHelper.GetUserCache());
-            AuthenticationResult result = null;
+            app = PublicClientApplicationBuilder.Create(clientId)
+                .Build();
+				
+			TokenCacheHelper.EnableSerialization(app.UserTokenCache);
+
 
             // TODO: Check if the user is already signed in. 
             // As the app starts, we want to check to see if the user is already signed in.
@@ -70,7 +73,8 @@ protected override async void OnInitialized(EventArgs e)
             try
             {
                 var accounts = await app.GetAccountsAsync();
-                result = await app.AcquireTokenSilentAsync(Scopes, accounts.FirstOrDefault());
+                var result = await app.AcquireTokenSilent(Scopes, accounts.FirstOrDefault())
+			                      .ExecuteAsync();
                 // If we got here, a valid token is in the cache - or MSAL was able to get a new oen via refresh token.
                 // Proceed to fetch the user's tasks from the TodoListService via the GetTodoList() method.
 
@@ -121,7 +125,9 @@ private async Task GetTodoList()
                 // without invoking any UI prompt.  AcquireTokenSilentAsync forces
                 // MSAL to throw an exception if it cannot get a token silently.
                 var accounts = await app.GetAccountsAsync();
-                result = await app.AcquireTokenSilentAsync(Scopes, accounts.FirstOrDefault());
+                result = await app.AcquireTokenSilent(Scopes, accounts.FirstOrDefault())
+                    .ExecuteAsync()
+                    .ConfigureAwait(false);
             }
             catch (MsalException ex)
             {
@@ -186,7 +192,9 @@ private async void AddTodoItem(object sender, RoutedEventArgs e)
             try
             {
                 var accounts = await app.GetAccountsAsync();
-                result = await app.AcquireTokenSilentAsync(Scopes, accounts.FirstOrDefault());
+                result = await app.AcquireTokenSilent(Scopes, accounts.FirstOrDefault())
+                    .ExecuteAsync()
+                    .ConfigureAwait(false);
             }
             catch (MsalException ex)
             {
@@ -231,11 +239,11 @@ private async void AddTodoItem(object sender, RoutedEventArgs e)
         /// <param name="app"></param>
         private async Task ClearCache(IPublicClientApplication app)
         {
-            var accounts = await app.GetAccountsAsync();
+            var accounts = (await app.GetAccountsAsync()).ToList();
             while (accounts.Any())
             {
                 await app.RemoveAsync(accounts.First());
-                accounts = await app.GetAccountsAsync();
+                accounts = (await app.GetAccountsAsync()).ToList();
             }
         }
         private async void SignIn(object sender = null, RoutedEventArgs args = null)
@@ -261,10 +269,18 @@ private async void SignIn(object sender = null, RoutedEventArgs args = null)
             // MSAL will get a token for the TodoListService and cache it for you.
 
             AuthenticationResult result = null;
+            var accounts = await app.GetAccountsAsync();
             try
             {
-                result = await app.AcquireTokenAsync(Scopes);
-                SignInButton.Content = "Clear Cache";
+                result = await app.AcquireTokenInteractive(Scopes)
+                    .WithAccount(accounts.FirstOrDefault())
+                    .WithPrompt(Prompt.SelectAccount)
+                    .ExecuteAsync()
+                    .ConfigureAwait(false);
+                Dispatcher.Invoke(() =>
+                {
+                    SignInButton.Content = "Clear Cache";
+                });
                 GetTodoList();
             }
             catch (MsalException ex)

TodoListClient/TodoListClient.csproj

@@ -34,8 +34,8 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="Microsoft.Identity.Client, Version=2.6.2.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae">
-      <HintPath>..\packages\Microsoft.Identity.Client.2.6.2\lib\net45\Microsoft.Identity.Client.dll</HintPath>
+    <Reference Include="Microsoft.Identity.Client, Version=3.0.5.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Identity.Client.3.0.5-preview\lib\net45\Microsoft.Identity.Client.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
@@ -63,8 +63,8 @@
       <Generator>MSBuild:Compile</Generator>
       <SubType>Designer</SubType>
     </ApplicationDefinition>
-    <Compile Include="FileCache.cs" />
     <Compile Include="TodoItem.cs" />
+    <Compile Include="TokenCacheHelper.cs" />
     <Page Include="MainWindow.xaml">
       <Generator>MSBuild:Compile</Generator>
       <SubType>Designer</SubType>
@@ -96,9 +96,7 @@
       <Generator>ResXFileCodeGenerator</Generator>
       <LastGenOutput>Resources.Designer.cs</LastGenOutput>
     </EmbeddedResource>
-    <None Include="packages.config">
-      <SubType>Designer</SubType>
-    </None>
+    <None Include="packages.config" />
     <None Include="Properties\Settings.settings">
       <Generator>SettingsSingleFileGenerator</Generator>
       <LastGenOutput>Settings.Designer.cs</LastGenOutput>

TodoListClient/FileCache.cs TodoListClient/TokenCacheHelper.csTodoListClient/FileCache.cs renamed to TodoListClient/TokenCacheHelper.cs

@@ -34,59 +34,45 @@ namespace TodoListClient
     static class TokenCacheHelper
     {
 
-        /// <summary>
-        /// Get the user token cache
-        /// </summary>
-        /// <returns></returns>
-        public static TokenCache GetUserCache()
-        {
-            if (usertokenCache == null)
-            {
-                usertokenCache = new TokenCache();
-                usertokenCache.SetBeforeAccess(BeforeAccessNotification);
-                usertokenCache.SetAfterAccess(AfterAccessNotification);
-            }
-            return usertokenCache;
-        }
-
-        static TokenCache usertokenCache;
-
         /// <summary>
         /// Path to the token cache
         /// </summary>
-        public static readonly string CacheFilePath = System.Reflection.Assembly.GetExecutingAssembly().Location + ".msalcache.bin";
+        private static readonly string CacheFilePath = System.Reflection.Assembly.GetExecutingAssembly().Location + ".msalcache.bin";
 
         private static readonly object FileLock = new object();
 
-        public static void BeforeAccessNotification(TokenCacheNotificationArgs args)
+        private static void BeforeAccessNotification(TokenCacheNotificationArgs args)
         {
             lock (FileLock)
             {
-                args.TokenCache.Deserialize(File.Exists(CacheFilePath)
+                args.TokenCache.DeserializeMsalV3(File.Exists(CacheFilePath)
                     ? ProtectedData.Unprotect(File.ReadAllBytes(CacheFilePath),
                                               null,
                                               DataProtectionScope.CurrentUser)
                     : null);
             }
         }
 
-        public static void AfterAccessNotification(TokenCacheNotificationArgs args)
+        private static void AfterAccessNotification(TokenCacheNotificationArgs args)
         {
             // if the access operation resulted in a cache update
-            if (args.TokenCache.HasStateChanged)
+            if (args.HasStateChanged)
             {
                 lock (FileLock)
                 {
-                    // reflect changesgs in the persistent store
+                    // reflect changes in the persistent store
                     File.WriteAllBytes(CacheFilePath,
-                                       ProtectedData.Protect(args.TokenCache.Serialize(), 
+                                       ProtectedData.Protect(args.TokenCache.SerializeMsalV3(), 
                                                              null, 
                                                              DataProtectionScope.CurrentUser)
                                       );
-                    // once the write operationtakes place restore the HasStateChanged bit to filse
-                    args.TokenCache.HasStateChanged = false;
                 }
             }
         }
+        internal static void EnableSerialization(ITokenCache tokenCache)
+        {
+            tokenCache.SetBeforeAccess(BeforeAccessNotification);
+            tokenCache.SetAfterAccess(AfterAccessNotification);
+        }
     }
 }

TodoListClient/packages.config

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="Microsoft.Identity.Client" version="2.6.2" allowedVersions="[2,3)" targetFramework="net45" />
+  <package id="Microsoft.Identity.Client" version="3.0.5-preview" allowedVersions="[3,4)" targetFramework="net45" />
 </packages>

TodoListService/App_Start/Startup.Auth.cs

@@ -27,9 +27,11 @@ public void ConfigureAuth(IAppBuilder app)
                     new TokenValidationParameters
                     {
                         // Check if the audience is intended to be this application
-                        ValidAudience = clientId,
+                        ValidAudiences = new [] { clientId, $"api://{clientId}" },
 
                         // Change below to 'true' if you want this Web API to accept tokens issued to one Azure AD tenant only (single-tenant)
+                        // Note that this is a simplification for the quickstart here. You should validate the issuer. For details, 
+                        // see https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore
                         ValidateIssuer = false,
 
                     },