Merge pull request #12 from AzureADQuickStarts/updateInstructions

jmprieur · web-flow · commit e4e846b2cd39 · 2019-04-12T07:51:11.000+02:00
Updating README.md
diff --git a/README.md b/README.md
@@ -32,56 +32,94 @@ You can clone this sample from your shell or command line:
 
 ### Step 2: Register your Web API - *TodoListService* in the *Application registration portal*
 
-1. Sign in to the [Application registration portal](https://apps.dev.microsoft.com/portal/register-app) either using a personal Microsoft account (live.com or hotmail.com) or work or school account.
-1. Give a name to your Application, such as `AppModelv2-NativeClient-DotNet-TodoListService`. Make sure that the *Guided Setup* option is **Unchecked** then press **Create**. The portal will assign your app a globally unique *Application ID* that you'll use later in your code.
-1. Click **Add Platform**, and select **Web API**
-1. Click **Save**
-
-> Note: When you add a *Web API* the Application registration portal, it adds a pre-defined App Id URI and Scope, using the format *api://{Application Id}/{Scope Name}* named **access_as_user** (you can review it by clicking 'Edit' button). This sample code uses this default scope.
-
-### Step 3: Configure your *TodoListService* and *TodoListClient* projects to match the Web API you just registered
+#### Choose the Azure AD tenant where you want to create your applications
+
+If you want to register your apps manually, as a first step you'll need to:
+
+1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account or a personal Microsoft account.
+1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory**.
+   Change your portal session to the desired Azure AD tenant.
+
+#### Register the service app (TodoListService)
+
+1. Navigate to the Microsoft identity platform for developers [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) page.
+1. Select **New registration**.
+1. When the **Register an application page** appears, enter your application's registration information:
+   - In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `AppModelv2-NativeClient-DotNet-TodoListService`.
+   - Change **Supported account types** to **Accounts in any organizational directory**.
+   - Select **Register** to create the application.
+
+1. On the app **Overview** page, find the **Application (client) ID** value and record it for later. You'll need it to configure the Visual Studio configuration file for this project (`ClientId` in `TodoListService\Web.config`).
+1. Select the **Expose an API** section, and:
+   - Select **Add a scope**
+   - accept the proposed Application ID URI (api://{clientId}) by selecting **Save and Continue**
+   - Enter the following parameters:
+     - for **Scope name** use `access_as_user`
+     - Ensure the **Admins and users** option is selected for **Who can consent**
+     - in **Admin consent display name** type `Access TodoListService as a user`
+     - in **Admin consent description** type `Accesses the TodoListService Web API as a user`
+     - in **User consent display name** type `Access TodoListService as a user`
+     - in **User consent description** type `Accesses the TodoListService Web API as a user`
+     - Keep **State** as **Enabled**
+     - Select **Add scope**
+
+#### Configure your *TodoListService* and *TodoListClient* projects to match the Web API you just registered
 
 1. Open the solution in Visual Studio and then open the **Web.config** file under the root of **TodoListService** project.
-1. Replace the value of `ida:ClientId` parameter with the **Application Id** from the application you just registered in the Application Registration Portal.
+1. Replace the value of `ida:ClientId` parameter with the **Client ID (Application Id)** from the application you just registered in the Application Registration Portal.
 
-#### Step 3.1: Add the new scope to the *TodoListClient*`s app.config
+#### Add the new scope to the *TodoListClient*`s app.config
 
-1. Open the **app.config** file located in **TodoListClient** project's root folder and then paste **Application Id** from the application you just registered for your *TodoListService* under `TodoListServiceScope` parameter, replacing the string `{Enter the Application Id of your TodoListService from the app registration portal}`. 
+1. Open the **app.config** file located in **TodoListClient** project's root folder and then paste **Application Id** from the application you just registered for your *TodoListService* under `TodoListServiceScope` parameter, replacing the string `{Enter the Application Id of your TodoListService from the app registration portal}`.
 
     > Note: Make sure it uses has the format `api://{TodoListService-Application-Id}/access_as_user` (where {TodoListService-Application-Id} is the Guid representing the Application Id for your TodoListService).
 
-### Step 4: Register the *TodoListClient* application in the *Application registration portal*
+### Step 3:  Register the client app (TodoListClient)
+
+In this step, you configure your *TodoListClient* project by registering a new application in the Application registration portal. In the cases where the client and server are considered *the same application* you may also just reuse the same application registered in the 'Step 2.'. Using the same application is actually needed if you want users to sign-in with Microsoft personal accounts
 
-In this step, you configure your *TodoListClient* project by registering a new application in the Application registration portal. In the cases where the client and server are considered *the same application* you may also just reuse the same application registered in the 'Step 2.'.
+#### Register the *TodoListClient* application in the *Application registration portal*
 
-1. Go back to [Application registration portal](https://apps.dev.microsoft.com/portal/register-app) to register a new application
-1. Give a name to your Application, such as `NativeClient-DotNet-TodoListClient`, make sure that the *Guided Setup* option is **Unchecked** then press **Create**.
-1. Click **Add Platform**, and select **Native**.
-1. Click **Save**
+1. Navigate to the Microsoft identity platform for developers [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) page.
+1. Select **New registration**.
+1. When the **Register an application page** appears, enter your application's registration information:
+   - In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `NativeClient-DotNet-TodoListClient`.
+   - Change **Supported account types** to **Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com)**.
+   - Select **Register** to create the application.
+1. On the app **Overview** page, find the **Application (client) ID** value and record it for later. You'll need it to configure the Visual Studio configuration file for this project (`ida:ClientId` in `TodoListClient\App.Config`).
+1. From the app's Overview page, select the **Authentication** section.
+   - In the **Redirect URLs** | **Suggested Redirect URLs for public clients (mobile, desktop)** section, check **urn:ietf:wg:oauth:2.0:oob**
+   - Select **Save**.
+1. Select the **API permissions** section
+   - Click the **Add a permission** button and then,
+   - Ensure that the **My APIs** tab is selected
+   - In the list of APIs, select the `AppModelv2-NativeClient-DotNet-TodoListService API`, or the name you entered for the Web API.
+   - In the **Delegated permissions** section, ensure that the right permissions are checked: **access_as_user**. Use the search box if necessary.
+   - Select the **Add permissions** button
 
-### Step 5: Configure your *TodoListClient* project
+#### Configure your *TodoListClient* project
 
 1. In the *Application registration portal*, copy the value of the **Application Id**
 1. Open the **app.config** file located in the **TodoListClient** project's root folder and then paste the value in the `ida:ClientId` parameter value
 
-### Step 6: Run your project
+### Step 4: Run your project
 
 1. Press `<F5>` to run your project. Your *TodoListClient* should open.
 1. Select **Sign in** in the top right and sign in with the same user you have used to register your aplication, or a user in the same directory.
 1. At this point, if you are signing in for the first time, you may be prompted to consent to *TodoListService* Web Api.
 1. The sign-in also request the access token to the *access_as_user* scope to access *TodoListService* Web Api and manipulate the *To-Do* list.
 
-### Step 7: Pre-authorize your client application
+### Step 5: Pre-authorize your client application
 
 One of the ways to allow users from other directories to acces your Web API is by *pre-authorizing* the client applications to access your Web API by adding the Application Ids from client applications in the list of *pre-authorized* applications for your Web API. By adding a pre-authorized client, you will not require user to consent to use your Web API. Follow the steps below to pre-authorize your Web Application::
 
 1. Go back to the *Application registration portal* and open the properties of your **TodoListService**.
-1. In the **Web API platform**, click on **Add application** under the *Pre-authorized applications* section.
+1. In the **Expose an API** section, click on **Add application** under the *Pre-authorized applications* section.
 1. In the *Application ID* field, paste the application ID of the `TodoListClient` application.
 1. In the *Scope* field, click on the **Select** combo box and select the scope for this Web API `api://<Application ID>/access_as_user`.
 1. Press the **Save** button at the bottom of the page.
 
-### Step 8: Run your project
+### Step 6:  Run your project
 
 1. Press `<F5>` to run your project. Your *TodoListClient* should open.
 1. Select **Sign in** in the top right (or Clear Cache/Sign-in) and then sign-in either using a personal Microsoft account (live.com or hotmail.com) or work or school account.
