About

Part 2 of Blazor Fullstack.

In this post we’ll register the app in AAD.

Register App in Azure Active Directory

Following the instructions from here goto App Registrations in Azure. Create a New Registration and call it Sample Blazor. Select Single tenant.

Expose the API – server

In Expose an API

1. “Add a scope”
2. leave the Application ID URI as default and “Save and continue”
3. Give it a name “API.Access”
4. Select  “Admins only” for Who can consent.
5. Set “Admin consent display name” to “Access API”
6. Set “Admin consent description” to “Allows the app to access API endpoints”
7. Set “State” to Enabled
8. Click “Add Scope”

Redirect URIs – client

In Authentication select “Add a Platform” and choose Web.

1. Enter https://localhost:5001/authentication/login-callback for the Redirect URI.
2. Leave Logout URL blank.
3. Check both boxes for Access tokens and ID tokens.
4. Click Configure

5001 is the default port for running an app on Kestrel. Return to this section and add another entry after the project is created and you know the port for IIS. And again when deploying to PROD.

API Permissions – client

in “API Permissions” confirm that Microsoft Graph has at least User.Read permissions. NOTE: if JobTitle is required to be shown then replace User.Read with User.Read.All

Add the API.Access by

1. clicking “Add a permission”,
2. select My APIs, 
3. select the name of the app, “Sample Blazor”
4. check API.Access
5. Click “Add permissions”
6. Click “Grant admin consent for Default Directory”

The API permissions page should resemble this:

Record the config settings