Laura Kokkarinen LauraKokkarinen

## bulk-cancel-logic-app-runs.ps1
$tenantId = "your-tenant-guid-92ca-a9b3993e45aa"
$subscriptionId = "your-subscription-guid-8cc2-bf3751b1e868"
$resourceGroupName = "your-resource-group-name"
$logicAppName = "your-logic-app-name"
# The hour value should be given in UTC, which is probably different from the one you see on Azure Portal
$startTimeFrom = (Get-Date -Day 16 -Month 5 -Year 2024).Date.AddHours(7).AddMinutes(00).AddSeconds(00)
$startTimeTo = (Get-Date -Day 16 -Month 5 -Year 2024).Date.AddHours(8).AddMinutes(36).AddSeconds(10)

# If the script seems to hang, uncomment the -DeviceCode flag
Connect-AzAccount -TenantId $tenantId -Subscription $subscriptionId #-DeviceCode

## GetAccessTokenForUserAsync.cs
protected readonly HttpClient _httpClient;
protected readonly ITokenAcquisition _tokenAcquisition;
protected readonly string _baseUrl = string.Empty;
protected readonly string[] _scopes = Array.Empty<string>();

public ApiService(IConfiguration configuration, ITokenAcquisition tokenAcquisition, HttpClient httpClient)
{
    _httpClient = httpClient;
    _tokenAcquisition = tokenAcquisition;
    _baseUrl = configuration["WebApi:BaseUrl"];

## appsettings.json
{
  "WebApp": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "284b2a9f-82d1-44fc-8ce5-4b406667aa1d",
    "ClientId": "bcb979aa-8e47-4431-ae2d-724d72b44e5e",
    "ClientSecret": "**sanitized**"
  },
  "WebApi": {
    "TenantId": "284b2a9f-82d1-44fc-8ce5-4b406667aa1d",
    "ClientId": "dac84b69-faef-4e4b-b203-91b2ea90e510",

## getAccessToken.ts
import { InteractionRequiredAuthError, IPublicClientApplication } from "@azure/msal-browser";

let msalInstance: IPublicClientApplication;

export const setMsalInstance = async (instance: IPublicClientApplication) => {
  msalInstance = instance;
  await msalInstance.initialize();
}

const getAccessToken = async (scopes: string[]): Promise<string | null> => {

## msalConfig.ts
export const msalConfig = {
  auth: {
    clientId: `${process.env.REACT_APP_UI_CLIENT_ID}`,
    // Defaults to "https://login.microsoftonline.com/common"
    authority: `https://login.microsoftonline.com/${process.env.REACT_APP_UI_TENANT_ID}`,
    // You must register this URI on the Entra app registration
    redirectUri: `${process.env.REACT_APP_UI_REDIRECT_URI}`,
    // The page to navigate after logout
    postLogoutRedirectUri: `${process.env.REACT_APP_UI_REDIRECT_URI}`,
    // If "true", will navigate back to the original request location before processing the auth code response

## App.tsx
import { BrowserRouter } from "react-router-dom";

import { MsalAuthenticationTemplate, MsalProvider } from "@azure/msal-react";
import { PublicClientApplication, InteractionType } from '@azure/msal-browser';

import { loginRequest } from "./msalConfig";

interface AppProps {
  instance: PublicClientApplication;
}

## Program.cs
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;

var builder = WebApplication.CreateBuilder(args);

var services = builder.Services;
var configuration = builder.Configuration;

## GetAccessToken_OnBehalfOfCredential.cs
using Azure.Identity;

public async Task<string> GetAccessTokenAsync(string resourceUrl, string tenantId, string clientId, string clientSecret, string userAssertion, CancellationToken cancellationToken)
{
    // userAssertion is the access token this API received from its caller
    // You can also use a certificate instead of client secret
    var credential = new OnBehalfOfCredential(tenantId, clientId, clientSecret, userAssertion);

    // The passed in cancellation token can be used by the caller to cancel the request
    var accessToken = await credential.GetTokenAsync(new TokenRequestContext(scopes: [resourceUrl + "/.default"]) { }, cancellationToken);

## GetAccessToken_ClientCertificateCredential.cs
public async Task<string> GetAccessTokenAsync(string resourceUrl, string tenantId, string clientId, string pfxCertDirPath, string pfxCertPassword)
{
    var clientCertificate = new X509Certificate2(pfxCertDirPath, pfxCertPassword);

    var credential = new ClientCertificateCredential(tenantId, clientId, clientCertificate);

    var accessToken = await credential.GetTokenAsync(new TokenRequestContext(scopes: [resourceUrl + "/.default"]) { });

    return accessToken.Token;
}

## GetAccessToken_UsernamePasswordCredential.cs
using Azure.Identity;

public async Task<string> GetAccessTokenAsync(string resourceUrl, string tenantId, string clientId, string username, string password)
{
    var credential = new UsernamePasswordCredential(username, password, tenantId, clientId);

    var accessToken = await credential.GetTokenAsync(new TokenRequestContext(scopes: [resourceUrl + "/.default"]) { });

    return accessToken.Token;
}
	$tenantId = "your-tenant-guid-92ca-a9b3993e45aa"
	$subscriptionId = "your-subscription-guid-8cc2-bf3751b1e868"
	$resourceGroupName = "your-resource-group-name"
	$logicAppName = "your-logic-app-name"
	# The hour value should be given in UTC, which is probably different from the one you see on Azure Portal
	$startTimeFrom = (Get-Date -Day 16 -Month 5 -Year 2024).Date.AddHours(7).AddMinutes(00).AddSeconds(00)
	$startTimeTo = (Get-Date -Day 16 -Month 5 -Year 2024).Date.AddHours(8).AddMinutes(36).AddSeconds(10)

	# If the script seems to hang, uncomment the -DeviceCode flag
	Connect-AzAccount -TenantId $tenantId -Subscription $subscriptionId #-DeviceCode
	protected readonly HttpClient _httpClient;
	protected readonly ITokenAcquisition _tokenAcquisition;
	protected readonly string _baseUrl = string.Empty;
	protected readonly string[] _scopes = Array.Empty<string>();

	public ApiService(IConfiguration configuration, ITokenAcquisition tokenAcquisition, HttpClient httpClient)
	{
	_httpClient = httpClient;
	_tokenAcquisition = tokenAcquisition;
	_baseUrl = configuration["WebApi:BaseUrl"];
	{
	"WebApp": {
	"Instance": "https://login.microsoftonline.com/",
	"TenantId": "284b2a9f-82d1-44fc-8ce5-4b406667aa1d",
	"ClientId": "bcb979aa-8e47-4431-ae2d-724d72b44e5e",
	"ClientSecret": "sanitized"
	},
	"WebApi": {
	"TenantId": "284b2a9f-82d1-44fc-8ce5-4b406667aa1d",
	"ClientId": "dac84b69-faef-4e4b-b203-91b2ea90e510",
	import { InteractionRequiredAuthError, IPublicClientApplication } from "@azure/msal-browser";

	let msalInstance: IPublicClientApplication;

	export const setMsalInstance = async (instance: IPublicClientApplication) => {
	msalInstance = instance;
	await msalInstance.initialize();
	}

	const getAccessToken = async (scopes: string[]): Promise<string \| null> => {
	export const msalConfig = {
	auth: {
	clientId: `${process.env.REACT_APP_UI_CLIENT_ID}`,
	// Defaults to "https://login.microsoftonline.com/common"
	authority: `https://login.microsoftonline.com/${process.env.REACT_APP_UI_TENANT_ID}`,
	// You must register this URI on the Entra app registration
	redirectUri: `${process.env.REACT_APP_UI_REDIRECT_URI}`,
	// The page to navigate after logout
	postLogoutRedirectUri: `${process.env.REACT_APP_UI_REDIRECT_URI}`,
	// If "true", will navigate back to the original request location before processing the auth code response
	import { BrowserRouter } from "react-router-dom";

	import { MsalAuthenticationTemplate, MsalProvider } from "@azure/msal-react";
	import { PublicClientApplication, InteractionType } from '@azure/msal-browser';

	import { loginRequest } from "./msalConfig";

	interface AppProps {
	instance: PublicClientApplication;
	}
	using Microsoft.AspNetCore.Authentication.OpenIdConnect;
	using Microsoft.AspNetCore.Authorization;
	using Microsoft.AspNetCore.Mvc.Authorization;
	using Microsoft.Identity.Web;
	using Microsoft.Identity.Web.UI;

	var builder = WebApplication.CreateBuilder(args);

	var services = builder.Services;
	var configuration = builder.Configuration;
	using Azure.Identity;

	public async Task<string> GetAccessTokenAsync(string resourceUrl, string tenantId, string clientId, string clientSecret, string userAssertion, CancellationToken cancellationToken)
	{
	// userAssertion is the access token this API received from its caller
	// You can also use a certificate instead of client secret
	var credential = new OnBehalfOfCredential(tenantId, clientId, clientSecret, userAssertion);

	// The passed in cancellation token can be used by the caller to cancel the request
	var accessToken = await credential.GetTokenAsync(new TokenRequestContext(scopes: [resourceUrl + "/.default"]) { }, cancellationToken);
	public async Task<string> GetAccessTokenAsync(string resourceUrl, string tenantId, string clientId, string pfxCertDirPath, string pfxCertPassword)
	{
	var clientCertificate = new X509Certificate2(pfxCertDirPath, pfxCertPassword);

	var credential = new ClientCertificateCredential(tenantId, clientId, clientCertificate);

	var accessToken = await credential.GetTokenAsync(new TokenRequestContext(scopes: [resourceUrl + "/.default"]) { });

	return accessToken.Token;
	}
	using Azure.Identity;

	public async Task<string> GetAccessTokenAsync(string resourceUrl, string tenantId, string clientId, string username, string password)
	{
	var credential = new UsernamePasswordCredential(username, password, tenantId, clientId);

	var accessToken = await credential.GetTokenAsync(new TokenRequestContext(scopes: [resourceUrl + "/.default"]) { });

	return accessToken.Token;
	}