Skip to content

Commit

Permalink
a codegen refresh
Browse files Browse the repository at this point in the history
  • Loading branch information
Kalyan Krishna committed Sep 2, 2022
1 parent 4b88455 commit 77ba4ff
Show file tree
Hide file tree
Showing 7 changed files with 440 additions and 430 deletions.
7 changes: 4 additions & 3 deletions 2-WebApp-graph-user/2-3-Multi-Tenant/AppCreationScripts/Configure.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,19 +192,20 @@ Function ConfigureApplications
Write-Host "Getting access from 'webApp' to 'Microsoft Graph'"
$requiredPermissions = GetRequiredPermissions -applicationDisplayName "Microsoft Graph" `
-requiredDelegatedPermissions "User.Read.All" `


$requiredResourcesAccess.Add($requiredPermissions)
Update-MgApplication -ApplicationId $webAppAadApplication.Id -RequiredResourceAccess $requiredResourcesAccess
Write-Host "Granted permissions."

Write-Host "Successfully registered and configured that app registration for 'WebApp-MultiTenant-v2' at" -ForegroundColor Green
$webAppPortalUrl

# Update config file for 'webApp'
# $configFile = $pwd.Path + "\..\appsettings.json"
$configFile = $(Resolve-Path ($pwd.Path + "\..\appsettings.json"))

$dictionary = @{ "ClientId" = $webAppAadApplication.AppId;"TenantId" = 'organizations';"Domain" = $tenantName;"ClientSecret" = $webAppAppKey };

Write-Host "Updating the sample code ($configFile) with the following config values"
Write-Host "Updating the sample config '$configFile' with the following config values"
$dictionary

UpdateTextFile -configFilePath $configFile -dictionary $dictionary
Expand Down
125 changes: 63 additions & 62 deletions 3-WebApp-multi-APIs/AppCreationScripts/AppCreationScripts.md
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,37 @@
# Registering the Azure Active Directory applications and updating the configuration files for this sample using PowerShell scripts
# Registering sample apps with the Microsoft identity platform and updating configuration files using PowerShell

## Overview

### Quick summary

1. On Windows run PowerShell and navigate to the root of the cloned directory
1. On Windows, run PowerShell as **Administrator** and navigate to the root of the cloned directory
1. In PowerShell run:

```PowerShell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
```
1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. (Other ways of running the scripts are described below)

1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.

```PowerShell
cd .\AppCreationScripts\
.\Configure.ps1
cd .\AppCreationScripts\
.\Configure.ps1 -TenantId "your test tenant's id" -AzureEnvironmentName "[Optional] - Azure environment, defaults to 'Global'"
```
1. Open the Visual Studio solution and click start

### More details

The following paragraphs:
- [Goal of the provided scripts](#goal-of-the-provided-scripts)
- [Presentation of the scripts](#presentation-of-the-scripts)
- [Usage pattern for tests and DevOps scenarios](#usage-pattern-for-tests-and-DevOps-scenarios)
- [How to use the app creation scripts?](#how-to-use-the-app-creation-scripts)
- [Pre-requisites](#pre-requisites)
- [Run the script and start running](#run-the-script-and-start-running)
- [Four ways to run the script](#four-ways-to-run-the-script)
- [Option 1 (interactive)](#option-1-interactive)
- [Option 2 (Interactive, but create apps in a specified tenant)](#option-3-Interactive-but-create-apps-in-a-specified-tenant)
- [Running the script on Azure Sovereign clouds](#running-the-script-on-Azure-Sovereign-clouds)

- [Present the scripts](#presentation-of-the-scripts) and explain their [usage patterns](#usage-pattern-for-tests-and-devops-scenarios) for test and DevOps scenarios.
- Explain the [pre-requisites](#pre-requisites)
- Explain [four ways of running the scripts](#four-ways-to-run-the-script):
- [Interactively](#option-1-interactive) to create the app in your home tenant
- [Passing credentials](#option-2-non-interactive) to create the app in your home tenant
- [Interactively in a specific tenant](#option-3-interactive-but-create-apps-in-a-specified-tenant)
- [Passing credentials in a specific tenant](#option-4-non-interactive-and-create-apps-in-a-specified-tenant)

## Goal of the scripts
## Goal of the provided scripts

### Presentation of the scripts

Expand All @@ -37,92 +40,85 @@ This sample comes with two PowerShell scripts, which automate the creation of th
These scripts are:

- `Configure.ps1` which:
- creates Azure AD applications and their related objects (permissions, dependencies, secrets),
- changes the configuration files in the C# and JavaScript projects.
- creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles),
- changes the configuration files in the sample projects.
- creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created:
- the identifier of the application
- the AppId of the application
- the url of its registration in the [Azure portal](https://portal.azure.com).

- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, git reset).
- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).

### Usage pattern for tests and DevOps scenarios

The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.

## How to use the app creation scripts ?
## How to use the app creation scripts?

### Pre-requisites

1. Open PowerShell (On Windows, press `Windows-R` and type `PowerShell` in the search window)
2. Navigate to the root directory of the project.
3. Until you change it, the default [Execution Policy](https:/go.microsoft.com/fwlink/?LinkID=135170) for scripts is usually `Restricted`. In order to run the PowerShell script you need to set the Execution Policy to `RemoteSigned`. You can set this just for the current PowerShell process by running the command:
1. Navigate to the root directory of the project.
1. Until you change it, the default [Execution Policy](https:/go.microsoft.com/fwlink/?LinkID=135170) for scripts is usually `Restricted`. In order to run the PowerShell script you need to set the Execution Policy to `RemoteSigned`. You can set this just for the current PowerShell process by running the command:

```PowerShell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
```
### (Optionally) install AzureAD PowerShell modules
The scripts install the required PowerShell module (AzureAD) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps:
4. If you have never done it already, in the PowerShell window, install the AzureAD PowerShell modules. For this:
### (Optionally) install Microsoft.Graph.Applications PowerShell modules
The scripts install the required PowerShell module (Microsoft.Graph.Applications) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps:
1. Open PowerShell as admin (On Windows, Search Powershell in the search bar, right click on it and select Run as administrator).
1. If you have never done it already, in the PowerShell window, install the Microsoft.Graph.Applications PowerShell modules. For this:
1. Open PowerShell as admin (On Windows, Search Powershell in the search bar, right click on it and select **Run as administrator**).
2. Type:
```PowerShell
Install-Module AzureAD
Install-Module Microsoft.Graph.Applications
```
or if you cannot be administrator on your machine, run:
```PowerShell
Install-Module AzureAD -Scope CurrentUser
Install-Module Microsoft.Graph.Applications -Scope CurrentUser
```
### Run the script and start running
5. Go to the `AppCreationScripts` sub-folder. From the folder where you cloned the repo,
1. Go to the `AppCreationScripts` sub-folder. From the folder where you cloned the repo,
```PowerShell
cd AppCreationScripts
```
6. Run the scripts. See below for the [four options](#four-ways-to-run-the-script) to do that.
7. Open the Visual Studio solution, and in the solution's context menu, choose **Set Startup Projects**.
8. select **Start** for the projects
You're done. this just works!
1. Run the scripts. See below for the [four options](#four-ways-to-run-the-script) to do that.
1. Open the Visual Studio solution, and in the solution's context menu, choose **Set Startup Projects**.
1. select **Start** for the projects
You're done!
### Four ways to run the script
### Two ways to run the script
We advise four ways of running the script:
- Interactive: you will be prompted for credentials, and the scripts decide in which tenant to create the objects,
- non-interactive: you will provide credentials, and the scripts decide in which tenant to create the objects,
- Interactive in specific tenant: you will provide the tenant in which you want to create the objects and then you will be prompted for credentials, and the scripts will create the objects,
- non-interactive in specific tenant: you will provide tenant in which you want to create the objects and credentials, and the scripts will create the objects.
- Interactive in specific tenant: you will provide the tenant in which you want to create the objects and then you will be prompted for credentials, and the scripts will create the objects,
Here are the details on how to do this.
#### Option 1 (interactive)
- Just run ``. .\Configure.ps1``, and you will be prompted to sign-in (email address, password, and if needed MFA).
- Just run ``.\Configure.ps1``, and you will be prompted to sign-in (email address, password, and if needed MFA).
- The script will be run as the signed-in user and will use the tenant in which the user is defined.
Note that the script will choose the tenant in which to create the applications, based on the user. Also to run the `Cleanup.ps1` script, you will need to re-sign-in.
#### Option 2 (non-interactive)
When you know the indentity and credentials of the user in the name of whom you want to create the applications, you can use the non-interactive approach. It's more adapted to DevOps. Here is an example of script you'd want to run in a PowerShell Window
```PowerShell
$secpasswd = ConvertTo-SecureString "[Password here]" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("[login@tenantName here]", $secpasswd)
. .\Cleanup.ps1 -Credential $mycreds
. .\Configure.ps1 -Credential $mycreds
```

Of course, in real life, you might already get the password as a `SecureString`. You might also want to get the password from KeyVault.

#### Option 3 (Interactive, but create apps in a specified tenant)
#### Option 2 (Interactive, but create apps in a specified tenant)
if you want to create the apps in a particular tenant, you can use the following option:
- open the [Azure portal](https://portal.azure.com)
- Open the [Azure portal](https://portal.azure.com)
- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window)
- Find the "Active Directory" object in this tenant
- Go to **Properties** and copy the content of the **Directory Id** property
Expand All @@ -134,14 +130,19 @@ $tenantId = "yourTenantIdGuid"
. .\Configure.ps1 -TenantId $tenantId
```

#### Option 4 (non-interactive, and create apps in a specified tenant)
### Running the script on Azure Sovereign clouds

This option combines option 2 and option 3: it creates the application in a specific tenant. See option 3 for the way to get the tenant Id. Then run:
All the four options listed above can be used on any Azure Sovereign clouds. By default, the script targets `AzureCloud`, but it can be changed using the parameter `-AzureEnvironmentName`.

```PowerShell
$secpasswd = ConvertTo-SecureString "[Password here]" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("[login@tenantName here]", $secpasswd)
$tenantId = "yourTenantIdGuid"
. .\Cleanup.ps1 -Credential $mycreds -TenantId $tenantId
. .\Configure.ps1 -Credential $mycreds -TenantId $tenantId
```
The acceptable values for this parameter are:

- AzureCloud
- AzureChinaCloud
- AzureUSGovernment

Example:

```PowerShell
. .\Cleanup.ps1 -AzureEnvironmentName "AzureUSGovernment"
. .\Configure.ps1 -AzureEnvironmentName "AzureUSGovernment"
```
101 changes: 63 additions & 38 deletions 3-WebApp-multi-APIs/AppCreationScripts/Cleanup.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,62 +1,87 @@

[CmdletBinding()]
param(
[PSCredential] $Credential,
[Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
[string] $tenantId
[string] $tenantId,
[Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script. Default = Global')]
[string] $azureEnvironmentName
)

if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) {
Install-Module "AzureAD" -Scope CurrentUser
}
Import-Module AzureAD
$ErrorActionPreference = 'Stop'

Function Cleanup
{
<#
.Description
This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
#>
if (!$azureEnvironmentName)
{
$azureEnvironmentName = "Global"
}

<#
.Description
This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
#>

# $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
# into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.

# Login to Azure PowerShell (interactive if credentials are not already provided:
# you'll need to sign-in with creds enabling your to create apps in the tenant)
if (!$Credential -and $TenantId)
# Connect to the Microsoft Graph API
Write-Host "Connecting to Microsoft Graph"
if ($tenantId -eq "") {
Connect-MgGraph -Scopes "Application.ReadWrite.All" -Environment $azureEnvironmentName
$tenantId = (Get-MgContext).TenantId
}
else {
Connect-MgGraph -TenantId $tenantId -Scopes "Application.ReadWrite.All" -Environment $azureEnvironmentName
}

# Removes the applications
Write-Host "Cleaning-up applications from tenant '$tenantId'"

Write-Host "Removing 'webApp' (WebApp) if needed"
try
{
$creds = Connect-AzureAD -TenantId $tenantId
Get-MgApplication -Filter "DisplayName eq 'WebApp'" | ForEach-Object {Remove-MgApplication -ApplicationId $_.Id }
}
else
catch
{
if (!$TenantId)
{
$creds = Connect-AzureAD -Credential $Credential
}
else
{
$creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential
}
$message = $_
Write-Warning $Error[0]
Write-Host "Unable to remove the application 'WebApp'. Error is $message. Try deleting manually." -ForegroundColor White -BackgroundColor Red
}

if (!$tenantId)
Write-Host "Making sure there are no more (WebApp) applications found, will remove if needed..."
$apps = Get-MgApplication -Filter "DisplayName eq 'WebApp'" | Format-List Id, DisplayName, AppId, SignInAudience, PublisherDomain

if ($apps)
{
$tenantId = $creds.Tenant.Id
Remove-MgApplication -ApplicationId $apps.Id
}
$tenant = Get-AzureADTenantDetail
$tenantName = ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name

# Removes the applications
Write-Host "Cleaning-up applications from tenant '$tenantName'"

Write-Host "Removing 'webApp' (WebApp) if needed"
$app=Get-AzureADApplication -Filter "DisplayName eq 'WebApp'"
foreach ($app in $apps)
{
Remove-MgApplication -ApplicationId $app.Id -Debug
Write-Host "Removed WebApp.."
}

if ($app)
# also remove service principals of this app
try
{
Remove-AzureADApplication -ObjectId $app.ObjectId
Write-Host "Removed WebApp."
Get-MgServicePrincipal -filter "DisplayName eq 'WebApp'" | ForEach-Object {Remove-MgServicePrincipal -ServicePrincipalId $_.Id -Confirm:$false}
}
catch
{
$message = $_
Write-Warning $Error[0]
Write-Host "Unable to remove ServicePrincipal 'WebApp'. Error is $message. Try deleting manually from Enterprise applications." -ForegroundColor White -BackgroundColor Red
}
}

if ($null -eq (Get-Module -ListAvailable -Name "Microsoft.Graph.Applications")) {
Install-Module "Microsoft.Graph.Applications" -Scope CurrentUser
}
Import-Module Microsoft.Graph.Applications
$ErrorActionPreference = "Stop"


Cleanup -tenantId $tenantId -environment $azureEnvironmentName

Cleanup -Credential $Credential -tenantId $TenantId
Write-Host "Disconnecting from tenant"
Disconnect-MgGraph
Loading

0 comments on commit 77ba4ff

Please sign in to comment.