Update 3.1 to follow BASHER and Zero Trust guidelines #182

derisen · 2022-07-06T17:07:56Z

Purpose

...

Does this introduce a breaking change?

[ ] Yes
[ ] No

Pull Request Type

What kind of change does this Pull Request introduce?

[ ] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

Get the code

git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install

Test the code

What to Check

Verify that the following are valid

...

Other Information

kalyankrishna1 · 2022-07-12T18:00:29Z

Angular single-page application using MSAL Angular to sign-in users with Azure Active Directory and call a .NET Core web API

nit:An Angular SPA using MSAL Angular to sign-in users with Azure Active Directory and call a protected .NET Core web API

In reply to: 1182140157

Refers to: 3-Authorization-II/1-call-api/README.md:1 in 4a60819. [](commit_id = 4a60819, deletion_comment = False)

3-Authorization-II/1-call-api/AppCreationScripts/sample.json

3-Authorization-II/1-call-api/AppCreationScripts/README_STEPS.md

3-Authorization-II/1-call-api/README.md

kalyankrishna1 · 2022-07-12T18:10:43Z

An Azure AD tenant. For more information see: How to get an Azure AD tenant

this is an outdated link

In reply to: 1182164196

Refers to: 3-Authorization-II/1-call-api/README.md:40 in 4a60819. [](commit_id = 4a60819, deletion_comment = False)

kalyankrishna1 · 2022-07-12T18:11:37Z

3-Authorization-II/1-call-api/README.md

-| `API/appsettings.json`              | Authentication parameters for API project reside here.     |
-| `API/Startup.cs`                    | Microsoft.Identity.Web is initialized here.                |
+| `API/TodoListAPI/appsettings.json`  | Authentication parameters for API project reside here.     |
+| `API/TodoListAPI/Startup.cs`        | Microsoft.Identity.Web is initialized here.                |


Microsoft.Identity.Web is initialized here.

Microsoft.Identity.Web is initialized to protect the web API here. #Closed

kalyankrishna1 · 2022-07-12T18:12:10Z

3-Authorization-II/1-call-api/README.md

@@ -30,8 +31,9 @@ This sample demonstrates an Angular single-page application (SPA) calling a ASP.
 |-------------------------------------|------------------------------------------------------------|
 | `SPA/src/app/auth-config.ts`        | Authentication parameters for SPA project reside here.     |
 | `SPA/src/app/app.module.ts`         | MSAL Angular is initialized here.                          |


MSAL Angular is initialized here

MSAL Angular to sign-in user is initialized here #Closed

3-Authorization-II/1-call-api/README.md

kalyankrishna1 · 2022-07-12T18:20:23Z

3-Authorization-II/1-call-api/README.md


 ## We'd love your feedback!

 Were we successful in addressing your learning objective? Consider taking a moment to [share your experience with us](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpUOU5PNlM4MzRRV0lETkk2ODBPT0NBTEY5MCQlQCN0PWcu).

 ## About the code

-### Access token validation
+### CORS settings


CORS settings

very good section, please add to Code gen too #Closed

3-Authorization-II/1-call-api/README.md

kalyankrishna1 · 2022-07-12T18:35:20Z

A user account in your Azure AD tenant. This sample will not work with a personal Microsoft account. Therefore, if you signed in to the Azure portal with a personal account and have never created a user account in your directory before, you need to do that now.

add tow lines,

get latest NPM
get latest .NET core

In reply to: 1182223110

Refers to: 3-Authorization-II/1-call-api/README.md:41 in 4a60819. [](commit_id = 4a60819, deletion_comment = False)

kalyankrishna1 · 2022-07-12T18:43:00Z

3-Authorization-II/1-call-api/README.md

-In your controller, add [Authorize] decorator, which will make sure all incoming requests have an authentication bearer:
+For validation and debugging purposes, developers can decode **JWT**s (*JSON Web Tokens*) using [jwt.ms](https://jwt.ms).
+
+### Verifying permissions


brilliant, put this section in Codegen too ! #Closed

salman90

Looks good!

3-Authorization-II/1-call-api/SPA/src/app/auth-config.ts

3-Authorization-II/1-call-api/README.md

v-michaelmi · 2022-07-12T19:01:35Z

Aside from a couple of nits LGTM 👍

kalyankrishna1

derisen added 3 commits July 6, 2022 08:28

update package-lock

e4afe6b

update package-lock

0e8091a

update angular spa to 14

6efdbe1

derisen changed the title ~~Update 2.1 to follow BASHER and Zero Trust guidelines~~ Update 3.1 to follow BASHER and Zero Trust guidelines Jul 6, 2022

derisen marked this pull request as draft July 6, 2022 17:08

derisen and others added 6 commits July 6, 2022 10:17

bump workflow node version

78efd62

update ui, scripts

c4b5ae4

update dotnet version, add scripts

6464b24

update service

42c734f

update nuget packages

e58d9ff

update service, readme

ff8638d

derisen marked this pull request as ready for review July 12, 2022 17:37

derisen requested review from salman90, kalyankrishna1, aremo-ms, v-michaelmi and tonyYuhaoYangMcrS July 12, 2022 17:38

derisen added 4 commits July 12, 2022 10:40

update scope names

4a60819

update protectedResources object

95ae809

typo in todo.service.ts

ce21823

config

ddcf723