nzpcmad/Client - MainWindow.xaml.cs

## Client - app.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
  <appSettings>
     <!--Added ADFS 4.0 code-->
    <!--<add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />-->
    <!--<add key="ida:ClientId" value="[Enter client ID as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />-->
    <add key="ida:ClientId" value="46cfcdbf-edf6-...d8f6" />
    <!--<add key="ida:RedirectUri" value="[Enter redirect URI as entered in Azure Portal, e.g. http://TodoListClient]" />-->
    <add key="ida:RedirectUri" value="http://TodoListClient" />
    <!-- <add key="todo:TodoListResourceId" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService]" />-->
    <add key="todo:TodoListResourceId" value="https://localhost:44324/NativeTodoListService" />
    <!--<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />-->
    <add key="todo:TodoListBaseAddress" value="https://localhost:44324/NativeTodoListService" />
  </appSettings>
</configuration>

## Client - MainWindow.xaml.cs
        // ADFS 4.0
        /*private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);

        private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);*/

        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);

        ...

        InitializeComponent();

            //
            // As the application starts, try to get an access token without prompting the user.  If one exists, populate the To Do list.  If not, continue.
            //
            // ADFS 4.0

            //authContext = new AuthenticationContext(authority, new FileCache());
            authContext = new AuthenticationContext("https://my-adfs/adfs/", false);

## List - Startup.Auth.cs
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.ActiveDirectory;
using Owin;

namespace TodoListService
{
    public partial class Startup
    {
        // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
        public void ConfigureAuth(IAppBuilder app)
        {
            /*app.UseWindowsAzureActiveDirectoryBearerAuthentication(
                new WindowsAzureActiveDirectoryBearerAuthenticationOptions
                {
                    Audience = ConfigurationManager.AppSettings["ida:Audience"],
                    Tenant = ConfigurationManager.AppSettings["ida:Tenant"]
                });*/

            // Added ADFS 4.0 code
            app.UseActiveDirectoryFederationServicesBearerAuthentication(
                new ActiveDirectoryFederationServicesBearerAuthenticationOptions
                {
                    Audience = "https://localhost:44324/NativeTodoListService",
                    MetadataEndpoint = "https://my-adfs/FederationMetadata/2007-06/FederationMetadata.xml"
                });
        }
    }
}

## List - TodoListController.cs
//----------------------------------------------------------------------------------------------
//    Copyright 2014 Microsoft Corporation
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.
//----------------------------------------------------------------------------------------------

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;

// The following using statements were added for this sample.
using System.Collections.Concurrent;
using TodoListService.Models;
using System.Security.Claims;

namespace TodoListService.Controllers
{
    [Authorize]
    public class TodoListController : ApiController
    {
        //
        // To Do items list for all users.  Since the list is stored in memory, it will go away if the service is cycled.
        //
        static ConcurrentBag<TodoItem> todoBag = new ConcurrentBag<TodoItem>();

        // GET api/todolist
        public IEnumerable<TodoItem> Get()
        {
            //
            // The Scope claim tells you what permissions the client application has in the service.
            // In this case we look for a scope value of user_impersonation, or full access to the service as the user.
            //
            // ADFS 4.0
            /*if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value != "user_impersonation")
            {
                throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'user_impersonation' or scope claim not found" });
            }*/

            // A user's To Do list is keyed off of the NameIdentifier claim, which contains an immutable, unique identifier for the user.
            Claim subject = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier);

            return from todo in todoBag
                   where todo.Owner == subject.Value
                   select todo;
        }

        // POST api/todolist
        public void Post(TodoItem todo)
        {
            // ADFS 4.0
            /*if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value != "user_impersonation")
            {
                throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'user_impersonation' or scope claim not found" });
            }*/

            if (null != todo && !string.IsNullOrWhiteSpace(todo.Title))
            {
                todoBag.Add(new TodoItem { Title = todo.Title, Owner = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value });
            }
        }
    }
}

## List - web.config
<appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <!--ADFS 4.0-->
    <!--<add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />
    <add key="ida:Audience" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService]" />-->
  </appSettings>
	<?xml version="1.0" encoding="utf-8" ?>
	<configuration>
	<startup>
	<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
	</startup>
	<appSettings>
	<!--Added ADFS 4.0 code-->
	<!--<add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />-->
	<!--<add key="ida:ClientId" value="[Enter client ID as obtained from Azure Portal, e.g. 82692da5-a86f-44c9-9d53-2f88d52b478b]" />-->
	<add key="ida:ClientId" value="46cfcdbf-edf6-...d8f6" />
	<!--<add key="ida:RedirectUri" value="[Enter redirect URI as entered in Azure Portal, e.g. http://TodoListClient]" />-->
	<add key="ida:RedirectUri" value="http://TodoListClient" />
	<!-- <add key="todo:TodoListResourceId" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService]" />-->
	<add key="todo:TodoListResourceId" value="https://localhost:44324/NativeTodoListService" />
	<!--<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />-->
	<add key="todo:TodoListBaseAddress" value="https://localhost:44324/NativeTodoListService" />
	</appSettings>
	</configuration>
	// ADFS 4.0
	/*private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
	private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
	private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
	Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);

	private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);*/

	private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
	Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);

	...

	InitializeComponent();

	//
	// As the application starts, try to get an access token without prompting the user. If one exists, populate the To Do list. If not, continue.
	//
	// ADFS 4.0

	//authContext = new AuthenticationContext(authority, new FileCache());
	authContext = new AuthenticationContext("https://my-adfs/adfs/", false);
	using System;
	using System.Collections.Generic;
	using System.Configuration;
	using System.Linq;
	using Microsoft.Owin.Security;
	using Microsoft.Owin.Security.ActiveDirectory;
	using Owin;

	namespace TodoListService
	{
	public partial class Startup
	{
	// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
	public void ConfigureAuth(IAppBuilder app)
	{
	/*app.UseWindowsAzureActiveDirectoryBearerAuthentication(
	new WindowsAzureActiveDirectoryBearerAuthenticationOptions
	{
	Audience = ConfigurationManager.AppSettings["ida:Audience"],
	Tenant = ConfigurationManager.AppSettings["ida:Tenant"]
	});*/

	// Added ADFS 4.0 code
	app.UseActiveDirectoryFederationServicesBearerAuthentication(
	new ActiveDirectoryFederationServicesBearerAuthenticationOptions
	{
	Audience = "https://localhost:44324/NativeTodoListService",
	MetadataEndpoint = "https://my-adfs/FederationMetadata/2007-06/FederationMetadata.xml"
	});
	}
	}
	}
	//----------------------------------------------------------------------------------------------
	// Copyright 2014 Microsoft Corporation
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//----------------------------------------------------------------------------------------------

	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Net;
	using System.Net.Http;
	using System.Web.Http;

	// The following using statements were added for this sample.
	using System.Collections.Concurrent;
	using TodoListService.Models;
	using System.Security.Claims;

	namespace TodoListService.Controllers
	{
	[Authorize]
	public class TodoListController : ApiController
	{
	//
	// To Do items list for all users. Since the list is stored in memory, it will go away if the service is cycled.
	//
	static ConcurrentBag<TodoItem> todoBag = new ConcurrentBag<TodoItem>();

	// GET api/todolist
	public IEnumerable<TodoItem> Get()
	{
	//
	// The Scope claim tells you what permissions the client application has in the service.
	// In this case we look for a scope value of user_impersonation, or full access to the service as the user.
	//
	// ADFS 4.0
	/*if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value != "user_impersonation")
	{
	throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'user_impersonation' or scope claim not found" });
	}*/

	// A user's To Do list is keyed off of the NameIdentifier claim, which contains an immutable, unique identifier for the user.
	Claim subject = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier);

	return from todo in todoBag
	where todo.Owner == subject.Value
	select todo;
	}

	// POST api/todolist
	public void Post(TodoItem todo)
	{
	// ADFS 4.0
	/*if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value != "user_impersonation")
	{
	throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'user_impersonation' or scope claim not found" });
	}*/

	if (null != todo && !string.IsNullOrWhiteSpace(todo.Title))
	{
	todoBag.Add(new TodoItem { Title = todo.Title, Owner = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value });
	}
	}
	}
	}
	<appSettings>
	<add key="webpages:Version" value="3.0.0.0" />
	<add key="webpages:Enabled" value="false" />
	<add key="ClientValidationEnabled" value="true" />
	<add key="UnobtrusiveJavaScriptEnabled" value="true" />
	<!--ADFS 4.0-->
	<!--<add key="ida:Tenant" value="[Enter tenant name, e.g. contoso.onmicrosoft.com]" />
	<add key="ida:Audience" value="[Enter App ID URI of TodoListService, e.g. https://contoso.onmicrosoft.com/TodoListService]" />-->
	</appSettings>