Registering the sample apps with Microsoft identity platform and updating the configuration files using PowerShell scripts
- On Windows run PowerShell and navigate to the root of the cloned directory
- In PowerShell run:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
- Run the script to create your Azure AD application and configure the code of the sample application accordingly. (Other ways of running the scripts are described below)
cd .\AppCreationScripts\ .\Configure.ps1
- Open the Visual Studio solution and click start
The following paragraphs:
- Present the scripts and explain their usage patterns for test and DevOps scenarios.
- Explain the pre-requisites
- Explain four ways of running the scripts:
- Interactively to create the app in your home tenant
- Passing credentials to create the app in your home tenant
- Interactively in a specific tenant
- Passing credentials in a specific tenant
- Passing environment name, for Sovereign clouds
This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
These scripts are:
-
Configure.ps1
which:- creates Azure AD applications and their related objects (permissions, dependencies, secrets),
- changes the configuration files in the C# and JavaScript projects.
- creates a summary file named
createdApps.html
in the folder from which you ran the script, and containing, for each Azure AD application it created:- the identifier of the application
- the AppId of the application
- the url of its registration in the Azure portal.
-
Cleanup.ps1
which cleans-up the Azure AD objects created byConfigure.ps1
. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, git reset).
The Configure.ps1
will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run Cleanup.ps1
just before Configure.ps1
. This is what is shown in the steps below.
- Open PowerShell (On Windows, press
Windows-R
and typePowerShell
in the search window) - Navigate to the root directory of the project.
- Until you change it, the default Execution Policy for scripts is usually
Restricted
. In order to run the PowerShell script you need to set the Execution Policy toRemoteSigned
. You can set this just for the current PowerShell process by running the command:Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
The scripts install the required PowerShell module (AzureAD) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps:
-
If you have never done it already, in the PowerShell window, install the AzureAD PowerShell modules. For this:
-
Open PowerShell as admin (On Windows, Search Powershell in the search bar, right click on it and select Run as administrator).
-
Type:
Install-Module AzureAD
or if you cannot be administrator on your machine, run:
Install-Module AzureAD -Scope CurrentUser
-
- Go to the
AppCreationScripts
sub-folder. From the folder where you cloned the repo,cd AppCreationScripts
- Run the scripts. See below for the four options to do that.
- Open the Visual Studio solution, and in the solution's context menu, choose Set Startup Projects.
- select Start for the projects
You're done. this just works!
We advise four ways of running the script:
- Interactive: you will be prompted for credentials, and the scripts decide in which tenant to create the objects,
- non-interactive: you will provide credentials, and the scripts decide in which tenant to create the objects,
- Interactive in specific tenant: you will provide the tenant in which you want to create the objects and then you will be prompted for credentials, and the scripts will create the objects,
- non-interactive in specific tenant: you will provide tenant in which you want to create the objects and credentials, and the scripts will create the objects.
Here are the details on how to do this.
- Just run
. .\Configure.ps1
, and you will be prompted to sign-in (email address, password, and if needed MFA). - The script will be run as the signed-in user and will use the tenant in which the user is defined.
Note that the script will choose the tenant in which to create the applications, based on the user. Also to run the Cleanup.ps1
script, you will need to re-sign-in.
When you know the identity and credentials of the user in the name of whom you want to create the applications, you can use the non-interactive approach. It's more adapted to DevOps. Here is an example of script you'd want to run in a PowerShell Window
$secpasswd = ConvertTo-SecureString "[Password here]" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("[login@tenantName here]", $secpasswd)
. .\Cleanup.ps1 -Credential $mycreds
. .\Configure.ps1 -Credential $mycreds
Of course, in real life, you might already get the password as a SecureString
. You might also want to get the password from KeyVault.
if you want to create the apps in a particular tenant, you can use the following option:
- open the Azure portal
- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window)
- Find the "Active Directory" object in this tenant
- Go to Properties and copy the content of the Directory Id property
- Then use the full syntax to run the scripts:
$tenantId = "yourTenantIdGuid"
. .\Cleanup.ps1 -TenantId $tenantId
. .\Configure.ps1 -TenantId $tenantId
This option combines option 2 and option 3: it creates the application in a specific tenant. See option 3 for the way to get the tenant Id. Then run:
$secpasswd = ConvertTo-SecureString "[Password here]" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("[login@tenantName here]", $secpasswd)
$tenantId = "yourTenantIdGuid"
. .\Cleanup.ps1 -Credential $mycreds -TenantId $tenantId
. .\Configure.ps1 -Credential $mycreds -TenantId $tenantId
All the four options listed above, can be used on any Azure Sovereign clouds. By default, the script targets AzureCloud
, but it can be changed using the parameter -AzureEnvironmentName
.
The acceptable values for this parameter are:
- AzureCloud
- AzureChinaCloud
- AzureUSGovernment
- AzureGermanyCloud
Example:
. .\Cleanup.ps1 -AzureEnvironmentName "AzureGermanyCloud"
. .\Configure.ps1 -AzureEnvironmentName "AzureGermanyCloud"