What happened to my MVC project (Visual Studio Azure Active Directory connected service)?

Applies to: Visual Studio Visual Studio for Mac

Note

This article applies to Visual Studio 2017. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here

• Getting Started
• What Happened

This article identifies the exact changes made to an ASP.NET MVC project when adding the Azure Active Directory connected service using Visual Studio.

For information on working with the connected service, see Getting Started.

Added references

Affects the project file (*.NET references) and packages.config (NuGet references).

Type	Reference
.NET; NuGet	Microsoft.IdentityModel.Protocol.Extensions
.NET; NuGet	Microsoft.Owin
.NET; NuGet	Microsoft.Owin.Host.SystemWeb
.NET; NuGet	Microsoft.Owin.Security
.NET; NuGet	Microsoft.Owin.Security.Cookies
.NET; NuGet	Microsoft.Owin.Security.OpenIdConnect
.NET; NuGet	Owin
.NET	System.IdentityModel
.NET; NuGet	System.IdentityModel.Tokens.Jwt
.NET	System.Runtime.Serialization

Additional references if you selected the Read directory data option:

Type	Reference
.NET; NuGet	EntityFramework
.NET	EntityFramework.SqlServer (Visual Studio 2015 only)
.NET; NuGet	Microsoft.Azure.ActiveDirectory.GraphClient
.NET; NuGet	Microsoft.Data.Edm
.NET; NuGet	Microsoft.Data.OData
.NET; NuGet	Microsoft.Data.Services.Client
.NET; NuGet	Microsoft.IdentityModel.Clients.ActiveDirectory
.NET	Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms (Visual Studio 2015 only)
.NET; NuGet	System.Spatial

The following references are removed (ASP.NET 4 projects only, as in Visual Studio 2015):

Type	Reference
.NET; NuGet	Microsoft.AspNet.Identity.Core
.NET; NuGet	Microsoft.AspNet.Identity.EntityFramework
.NET; NuGet	Microsoft.AspNet.Identity.Owin

Project file changes

• Set the property IISExpressSSLPort to a distinct number.
• Set the property WebProject_DirectoryAccessLevelKey to 0, or 1 if you selected the Read directory data option.
• Set the property IISUrl to https://localhost:<port>/ where <port> matches the IISExpressSSLPort value.

web.config or app.config changes

• Added the following configuration entries:

  <appSettings>
      <add key="ida:ClientId" value="<ClientId from the new Azure AD app>" />
      <add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
      <add key="ida:Domain" value="<your selected Azure domain>" />
      <add key="ida:TenantId" value="<the Id of your selected Azure AD tenant>" />
      <add key="ida:PostLogoutRedirectUri" value="<project start page, such as https://localhost:44335>" />
  </appSettings>
  

• Added <dependentAssembly> elements under the <runtime><assemblyBinding> node for System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.Protocol.Extensions.

Additional changes if you selected the Read directory data option:

• Added the following configuration entry under <appSettings>:

  <add key="ida:ClientSecret" value="<Azure AD app's new client secret>" />
  

• Added the following elements under <configuration>; values for the project-mdf-file and project-catalog-id will vary:

  <configSections>
    <!-- For more information on Entity Framework configuration, visit https://go.microsoft.com/fwlink/?LinkID=237468 -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  </configSections>
  
  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=(localdb)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\<project-mdf-file>.mdf;Initial Catalog=<project-catalog-id>;Integrated Security=True" providerName="System.Data.SqlClient" />
  </connectionStrings>
  
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="mssqllocaldb" />
      </parameters>
    </defaultConnectionFactory>
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
  

• Added <dependentAssembly> elements under the <runtime><assemblyBinding> node for Microsoft.Data.Services.Client, Microsoft.Data.Edm, and Microsoft.Data.OData.

Code changes and additions

• Added the [Authorize] attribute to Controllers/HomeController.cs and any other existing controllers.

• Added an authentication startup class, App_Start/Startup.Auth.cs, containing startup logic for Azure AD authentication. If you selected the Read directory data option, this file also contains code to receive an OAuth code and exchange it for an access token.

• Added a controller class, Controllers/AccountController.cs, containing SignIn and SignOut methods.

• Added a partial view, Views/Shared/_LoginPartial.cshtml, containing an action link for SignIn and SignOut.

• Added a partial view, Views/Account/SignoutCallback.cshtml, containing HTML for sign-out UI.

• Updated the Startup.Configuration method to include a call to ConfigureAuth(app) if the class already existed; otherwise added a Startup class that includes calls the method.

• Added Connected Services/AzureAD/ConnectedService.json (Visual Studio 2017) or Service References/Azure AD/ConnectedService.json (Visual Studio 2015), containing information that Visual Studio uses to track the addition of the connected service.

• If you selected the Read directory data option, added Models/ADALTokenCache.cs and Models/ApplicationDbContext.cs to support token caching. Also added an additional controller and view to illustrate accessing user profile information using Azure graph APIs: Controllers/UserProfileController.cs, Views/UserProfile/Index.cshtml, and Views/UserProfile/Relogin.cshtml

File backup (Visual Studio 2015)

When adding the connected service, Visual Studio 2015 backs up changed and removed files. All affected files are saved in the folder Backup/AzureAD. Visual Studio 2017 and later does not create backups.

• Startup.cs
• App_Start\IdentityConfig.cs
• App_Start\Startup.Auth.cs
• Controllers\AccountController.cs
• Controllers\ManageController.cs
• Models\IdentityModels.cs
• Models\ManageViewModels.cs
• Views\Shared\_LoginPartial.cshtml

Changes on Azure

• Created an Azure AD Application in the domain that you selected when adding the connected service.
• Updated the app to include the Read directory data permission if that option was selected.

Learn more about Azure Active Directory.

Next steps

• Authentication scenarios for Azure Active Directory
• Add sign-in with Microsoft to an ASP.NET web app