Merge pull request #74 from Azure-Samples/jennyf/roles

update sample to handle app roles w/new package
Azure-Samples · Jul 13, 2020 · 24277ec · 24277ec
2 parents 42e4104 + 7f72b15
commit 24277ec
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 22 deletions.
diff --git a/2-Call-OwnApi/TodoList-WebApi/Controllers/TodoListController.cs b/2-Call-OwnApi/TodoList-WebApi/Controllers/TodoListController.cs
@@ -5,6 +5,7 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Identity.Web.Resource;
 using Newtonsoft.Json;
 using TodoList_WebApi.Models;
 
@@ -31,9 +32,9 @@ public TodoListController()
 
         // GET: api/todolist
         [HttpGet]
-        [Authorize(Policy = "DaemonAppRole")]
         public IActionResult Get()
         {
+            HttpContext.ValidateAppRole("DaemonAppRole");
             return Ok(TodoStore.Values);
         }
     }

diff --git a/2-Call-OwnApi/TodoList-WebApi/Startup.cs b/2-Call-OwnApi/TodoList-WebApi/Startup.cs
@@ -21,26 +21,8 @@ public Startup(IConfiguration configuration)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
-            // This is required to be instantiated before the OpenIdConnectOptions starts getting configured.
-            // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications.
-            // 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles'
-            // This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token
-            JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
-
-            services.AddProtectedWebApi(Configuration);
-
-            // Additional configuration
-            services.Configure<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
-            {
-                options.TokenValidationParameters.RoleClaimType = "roles";
-            });
-
-            // Creating policies that wraps the authorization requirements.
-            services.AddAuthorization(options =>
-            {
-                // The application should only allow tokens which roles claim contains "DaemonAppRole")
-                options.AddPolicy("DaemonAppRole", policy => policy.RequireRole("DaemonAppRole"));
-            });
+            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                    .AddMicrosoftWebApi(Configuration);
 
             services.AddControllers();
         }

diff --git a/2-Call-OwnApi/TodoList-WebApi/TodoList-WebApi.csproj b/2-Call-OwnApi/TodoList-WebApi/TodoList-WebApi.csproj
@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.3" />
-    <PackageReference Include="Microsoft.Identity.Web" Version="0.1.5-preview" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="0.2.0-localbuild" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="3.1.2" />
   </ItemGroup>