Skip to content

Commit f5ad5bf

Browse files
authored
Merge pull request #7 from Azure-Samples/release/1.7
MIP SDK 1.7 and MSAL updates.
2 parents acac8cc + e8ac58a commit f5ad5bf

5 files changed

Lines changed: 59 additions & 60 deletions

File tree

README.md

Lines changed: 32 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ The application demonstrates the following:
2929
### Prerequisites
3030

3131
- Visual Studio 2015 or later with Visual C++ development features installed
32-
- Python 2.7 installed and in the system path
32+
- Python 2.7 or greater installed and in the system path
3333

3434
### Sample Setup
3535

@@ -50,40 +50,42 @@ Authentication against the Azure AD tenant requires creating a native applicatio
5050
> Skip this step if you've already created a registration for previous sample. You may continue to use that client ID.
5151
5252
1. Go to https://portal.azure.com and log in as a global admin.
53-
> Your tenant may permit standard users to register applications. If you aren't a global admin, you can attempt these steps, but may need to work with a tenant administrator to have an application registered or be granted access to register applications.
54-
2. Click Azure Active Directory, then **App Registrations** in the menu blade.
55-
3. Click **View all applications**
56-
4. Click **New Applications Registration**
57-
5. For name, enter **MipSdk-Sample-Apps**
58-
6. Set **Application Type** to **Native**
59-
7. For Redirect URI, enter **mipsdk-auth-sample://authorize**
60-
> Note: This can be anything you'd like, but should be unique in the tenant.
61-
8. Click **Create**
62-
63-
The **Registered app** blade should now be displayed.
64-
65-
1. Click **Settings**
66-
2. Click **Required Permissions**
67-
3. Click **Add**
68-
4. Click **Select an API**
69-
5. Select **Microsoft Rights Management Services** and click **Select**
70-
6. Under **Select Permissions** select **Create and access protected content for users**
71-
7. Click **Select** then **Done**
72-
8. Click **Add**
73-
9. Click **Select an API**
74-
10. In the search box, type **Microsoft Information Protection Sync Service** then select the service and click **Select**
75-
11. Under **Select Permissions** select **Read all unified policies a user has access to.**
76-
12. Click **Select** then **Done**
77-
13. In the **Required Permissions** blade, click **Grant Permissions** and confirm.
53+
> Your tenant may permit standard users to register applications. If you aren't a global admin, you can attempt these steps, but may need to work with a tenant administrator to have an application registered or be granted access to register applications.
54+
2. Select Azure Active Directory, then **App Registrations** on the left side menu.
55+
3. Select **New registration**
56+
4. For name, enter **MipSdk-Sample-Apps**
57+
5. Under **Supported account types** set **Accounts in this organizational directory only**
58+
> Optionally, set this to **Accounts in any organizational directory**.
59+
6. Select **Register**
60+
61+
The **Application registration** screen should now be displaying your new application.
62+
63+
### Add API Permissions
64+
65+
1. Select **API Permissions**
66+
2. Select **Add a permission**
67+
3. Select **Azure Rights Management Services**
68+
4. Select **Delegated permissions**
69+
5. Check **user_impersonation** and select **Add permissions** at the bottom of the screen.
70+
6. In the **API permissions** menu, select **Grant admin consent for <TENANT NAME>** and confirm.
71+
72+
### Set Redirect URI
73+
74+
1. Select **Authentication**.
75+
2. Select **Add a platform**.
76+
3. Select **Mobile and desktop applications**
77+
4. Select the default native client redirect URI, which should look similar to **https://login.microsoftonline.com/common/oauth2/nativeclient**.
78+
5. Under **Advanced settings** set **Treat as a public client** to **yes**.
79+
> This is required only for the MIP SDK sample apps using MSAL for Python.
80+
6. Select **configure** and be sure to save and changes if required.
7881

7982
### Update Client ID, Username, and Password
8083

8184
1. Open up **main.cpp**.
82-
2. Find line 62 and replace **YOUR CLIENT ID HERE** with the client ID copied from the AAD App Registration.
83-
3. Update the strings for application name and version on line 62.
84-
4. Find line 69 and enter your test username and password.
85+
2. Replace **YOUR CLIENT ID HERE** with the client ID copied from the AAD App Registration.
86+
3. Find the tokens for **YOUR USERNAME HERE** and **YOUR PASSWORD HERE** and insert test user credentials.
8587

86-
> Hard coding a username and password isn't recommended. For the scope of this sample, it's an easier way to abstract auth. We'll update this soon, but for now this is a good cross-platform example.
88+
> DO NOT hard code a production username and password.
8789
8890
## Run the Sample
8991

mipsdk-protectionapi-cpp-sample-basic/auth.py

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
import sys
3030
import json
3131
import re
32-
from adal import AuthenticationContext
32+
from msal import PublicClientApplication
3333

3434
def printUsage():
3535
print('auth.py -u <username> -p <password> -a <authority> -r <resource> -c <clientId>')
@@ -67,16 +67,24 @@ def main(argv):
6767
printUsage()
6868
sys.exit(-1)
6969

70-
# Find everything after the last '/' and replace it with 'token'
71-
if not authority.endswith('token'):
72-
regex = re.compile('^(.*[\/])')
73-
match = regex.match(authority)
74-
authority = match.group()
75-
authority = authority + username.split('@')[1]
70+
# ONLY FOR DEMO PURPOSES AND MSAL FOR PYTHON
71+
# This shouldn't be required when using proper auth flows in production.
72+
if authority.find('common') > 1:
73+
authority = authority.split('/common')[0] + "/organizations"
74+
75+
app = PublicClientApplication(client_id=clientId, authority=authority)
76+
77+
result = None
7678

77-
auth_context = AuthenticationContext(authority)
78-
token = auth_context.acquire_token_with_username_password(resource, username, password, clientId)
79-
print(token["accessToken"])
79+
if resource.endswith('/'):
80+
resource += ".default"
81+
else:
82+
resource += "/.default"
83+
84+
# *DO NOT* use username/password authentication in production system.
85+
# Instead, consider auth code flow and using a browser to fetch the token.
86+
result = app.acquire_token_by_username_password(username=username, password=password, scopes=[resource])
87+
print(result['access_token'])
8088

8189
if __name__ == '__main__':
8290
main(sys.argv[1:])

mipsdk-protectionapi-cpp-sample-basic/main.cpp

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -54,17 +54,19 @@ int main()
5454
string plaintext;
5555
string ciphertext;
5656
string decryptedText;
57+
58+
// Client ID should be the client ID registered in Azure AD for your custom application.
5759
std::string clientId = "YOUR CLIENT ID";
58-
std::string appName = "YOUR APP NAME";
59-
std::string appVersion = "YOUR APP VERSION";
60-
std::string userName = "YOUR TEST USER";
61-
std::string password = "YOUR TEST USER PASSWORD";
6260

61+
// Username and password are required in this sample as the oauth2 token is obtained via Python script and MSAL auth.
62+
// DO NOT embed credentials for administrative or production accounts.
63+
std::string userName = "YOUR TEST USER NAME";
64+
std::string password = "YOUR TEST PASSWORD";
6365

6466
// Create the mip::ApplicationInfo object.
65-
// Client ID should be the client ID registered in Azure AD for your custom application.
67+
6668
// Friendly Name should be the name of the application as it should appear in reports.
67-
mip::ApplicationInfo appInfo{ clientId, appName, appVersion };
69+
mip::ApplicationInfo appInfo{ clientId, "MIP SDK Protection Sample for C++", "1.7.0" };
6870

6971
// All actions for this tutorial project are implemented in samples::policy::Action
7072
// Source files are Action.h/cpp.

mipsdk-protectionapi-cpp-sample-basic/mipsdk-protectionapi-cpp-sample-basic.vcxproj

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -55,9 +55,7 @@
5555
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
5656
<ImportGroup Label="ExtensionSettings">
5757
</ImportGroup>
58-
<ImportGroup Label="Shared">
59-
<Import Project="..\packages\Microsoft.InformationProtection.Protection.1.6.103\build\native\Microsoft.InformationProtection.Protection.targets" Condition="Exists('..\packages\Microsoft.InformationProtection.Protection.1.6.103\build\native\Microsoft.InformationProtection.Protection.targets')" />
60-
</ImportGroup>
58+
<ImportGroup Label="Shared" />
6159
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
6260
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
6361
</ImportGroup>
@@ -174,13 +172,6 @@
174172
</ItemGroup>
175173
<ItemGroup>
176174
<None Include="auth.py" />
177-
<None Include="packages.config" />
178175
</ItemGroup>
179176
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
180-
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
181-
<PropertyGroup>
182-
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
183-
</PropertyGroup>
184-
<Error Condition="!Exists('..\packages\Microsoft.InformationProtection.Protection.1.6.103\build\native\Microsoft.InformationProtection.Protection.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.InformationProtection.Protection.1.6.103\build\native\Microsoft.InformationProtection.Protection.targets'))" />
185-
</Target>
186177
</Project>

mipsdk-protectionapi-cpp-sample-basic/packages.config

Lines changed: 0 additions & 4 deletions
This file was deleted.

0 commit comments

Comments
 (0)