Home
%3CLINGO-SUB%20id%3D%22lingo-sub-837781%22%20slang%3D%22en-US%22%3EASP.NET%20Core%20gRPC%20and%20WPF%20on%20.NET%20Core%20with%20Azure%20AD%20Authorization%2FAuthentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-837781%22%20slang%3D%22en-US%22%3E%3CP%3EOn%20ASP.NET%20Core%203.0(Still%20preview%209%20now)%2C%20there%20is%20a%20great%20RPC%20feature%20that%20is%20gRPC%20on%20ASP.NET%20Core!%3C%2FP%3E%0A%3CP%3EHere%20is%20a%20document%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Faspnet%2Fcore%2Fgrpc%2F%3Fview%3Daspnetcore-3.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EIntroduction%20to%20gRPC%20on%20ASP.NET%20Core%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIts%20programming%20experience%20is%20really%20cool.%20Because%20it%20is%20type%20safe(I%20love%20it.)%3C%2FP%3E%0A%3CP%3ESo%2C%20we%20can%20use%20code%20complement%20feature%20to%20call%20gRPC%20services.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130164i71C2DE3285E25E8B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20.NET%20Core%203.0%20supports%20developing%20desktop%20apps%20feature.%3C%2FP%3E%0A%3CP%3EYou%20can%20develop%20both%20of%20server%20side(with%20type%20safe%20by%20gRPC!)%20and%20client%20side(I%20love%20WPF!%20Type%20safe%20also!)%20using%20.NET%20Core%203.0.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EgRPC%20on%20ASP.NET%20Core%20can%20use%20authentication%2Fauthorization%20features%20of%20ASP.NET%20Core.%3C%2FP%3E%0A%3CP%3EIt%20means%20you%20can%20protect%20gRPC%20using%20Azure%20AD%20and%20more.%20Authentication%20and%20authorization%20are%20important%20all%20of%20apps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%2C%20in%20this%20article%2C%20I%20will%20write%20about%20gRPC%20on%20ASP.NET%20Core%20and%20WPF%20on%20.NET%20Core%2C%20and%20protecting%20the%20apps%20using%20Azure%20AD%20Authentication%2FAuthorization.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1820053025%22%20id%3D%22toc-hId-1820053025%22%20id%3D%22toc-hId-1820053025%22%20id%3D%22toc-hId-1820053025%22%20id%3D%22toc-hId-1820053025%22%3ELet's%20create%20a%20simple%20gRPC%20service%3C%2FH2%3E%0A%3CP%3EgRPC%20services%20are%20defined%20as%20a%20.proto%20file.%3C%2FP%3E%0A%3CP%3EPlease%20read%20a%20following%20document%20about%20defails%20of%20.proto%20file%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Faspnet%2Fcore%2Fgrpc%2Fbasics%3Fview%3Daspnetcore-3.0%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EgRPC%20services%20with%20C%23%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECreate%20a%20solution%2C%20and%20create%20Sample.proto%20file%20at%20same%20location%20of%20solution%20folder.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Esyntax%20%3D%20%22proto3%22%3B%0A%0Aoption%20csharp_namespace%20%3D%20%22GrpcSampleApp%22%3B%0A%0Aimport%20%22google%2Fprotobuf%2Fempty.proto%22%3B%0A%0Apackage%20GrpcSample%3B%0A%0Aservice%20Employees%20%7B%0A%20%2F%2F%20for%20all%20users%0A%20rpc%20GetEmployees(google.protobuf.Empty)%20returns%20(GetEmployeeReply)%3B%0A%20%2F%2F%20for%20writer%20users%0A%20rpc%20AddEmployee(Employee)%20returns%20(AddEmployeeReply)%3B%0A%20%2F%2F%20for%20admin%20users%0A%20rpc%20DeleteEmployee(DeleteEmployeeRequest)%20returns%20(DeleteEmployeeReply)%3B%0A%7D%0A%0Amessage%20GetEmployeeReply%20%7B%0A%20repeated%20Employee%20employees%20%3D%201%3B%0A%7D%0A%0Amessage%20AddEmployeeReply%20%7B%0A%20bool%20succeed%20%3D%201%3B%0A%7D%0A%0Amessage%20DeleteEmployeeRequest%20%7B%0A%20string%20id%20%3D%201%3B%0A%7D%0A%0Amessage%20DeleteEmployeeReply%20%7B%0A%20bool%20succeed%20%3D%201%3B%0A%7D%0A%0Amessage%20Employee%20%7B%0A%20string%20id%20%3D%201%3B%0A%20string%20name%20%3D%202%3B%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20create%20a%20project%20that%20type%20is%20gRPC%20Service%2C%20and%20then%20modify%20a%20Protobuf%20tag%20of%20the%20project%20file%20like%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%3CPROTOBUF%20include%3D%22..%5CSample.proto%22%20grpcservices%3D%22Server%22%3E%3C%2FPROTOBUF%3E%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDelete%20Services%2FGreetService.cs%20file%2C%20and%20create%20Services%2FEmployeeService.cs%20to%20implement%20the%20service%20logic.%3C%2FP%3E%0A%3CP%3EAnt%20then%2C%20write%20a%20code%20to%20the%20file%20like%20following%20link%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Frunceel%2FgRPCSampleApps%2Fblob%2F0a3d51da6f297cad0656a446c06b002716c14827%2FGrpcServiceApp%2FServices%2FEmployeeService.cs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EEmployeeService.cs%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E%20(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3EThe%20server%20program%20has%20to%20run%20without%20IIS%20Express.%3CBR%20%2F%3EPlease%20make%20sure%20Launch%20item%20of%20debug%20option%20at%20project%20settings%20to%20%22Project.%22%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130173i8E74CE87E8A67162%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3EThe%20server%20program%20has%20to%20run%20without%20IIS%20Express.Please%20make%20sure%20Launch%20item%20of%20debug%20option%20at%20project%20settings%20to%20%22Project.%22%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%0A%3CP%3EFinal%20step!%20Change%20Configure%20method%20of%20Startup.cs%20to%20register%20the%20EmployeeService.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Epublic%20void%20Configure(IApplicationBuilder%20app%2C%20IWebHostEnvironment%20env)%0A%7B%0A%20%20%20%20if%20(env.IsDevelopment())%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20app.UseDeveloperExceptionPage()%3B%0A%20%20%20%20%7D%0A%0A%20%20%20%20app.UseRouting()%3B%0A%0A%20%20%20%20app.UseEndpoints(endpoints%20%3D%26gt%3B%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%2F%2F%20endpoints.MapGrpcService()%3B%0A%20%20%20%20%20%20%20%20endpoints.MapGrpcService()%3B%0A%0A%20%20%20%20%20%20%20%20endpoints.MapGet(%22%2F%22%2C%20async%20context%20%3D%26gt%3B%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20await%20context.Response.WriteAsync(%22Communication%20with%20gRPC%20endpoints%20must%20be%20made%20through%20a%20gRPC%20client.%20To%20learn%20how%20to%20create%20a%20client%2C%20visit%3A%20%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2086909%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2086909%3C%2FA%3E%22)%3B%0A%20%20%20%20%20%20%20%20%7D)%3B%0A%20%20%20%20%7D)%3B%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--928617441%22%20id%3D%22toc-hId--928617441%22%20id%3D%22toc-hId--928617441%22%20id%3D%22toc-hId--928617441%22%20id%3D%22toc-hId--928617441%22%3EKestrel%20HTTP%2F2%20Configuration%3C%2FH3%3E%0A%3CP%3EgRPC%20is%20over%20HTTP%2F2.%20So%2C%20if%20we%20didn't%20create%20a%20project%20from%20gRPC%20Service%20project%20template%2C%20then%20we%20would%20have%20to%20configure%20appsettins.json%20to%20use%20HTTP%2F2.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-javascript%22%3E%3CCODE%3E%7B%0A%20%20%22Logging%22%3A%20%7B%0A%20%20%20%20%22LogLevel%22%3A%20%7B%0A%20%20%20%20%20%20%22Default%22%3A%20%22Warning%22%2C%0A%20%20%20%20%20%20%22Microsoft.Hosting.Lifetime%22%3A%20%22Information%22%0A%20%20%20%20%7D%0A%20%20%7D%2C%0A%20%20%22AllowedHosts%22%3A%20%22*%22%2C%0A%20%20%22Kestrel%22%3A%20%7B%0A%20%20%20%20%22EndpointDefaults%22%3A%20%7B%0A%20%20%20%20%20%20%22Protocols%22%3A%20%22Http2%22%0A%20%20%20%20%7D%0A%20%20%7D%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20this%20case%2C%20the%20configuration%20is%20already%20included%20by%20gRPC%20Service%20project%20template.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1010706399%22%20id%3D%22toc-hId-1010706399%22%20id%3D%22toc-hId-1010706399%22%20id%3D%22toc-hId-1010706399%22%20id%3D%22toc-hId-1010706399%22%3ELet's%20call%20the%20service%20from%20WPF%20on%20.NET%20Core%3C%2FH2%3E%0A%3CP%3ECreate%20a%20Class%20Library(.NET%20Core)%20project%20to%20generate%20client%20side%20code%20as%20GrpcServiceApp.ClientLib.%3C%2FP%3E%0A%3CP%3EAnd%20add%20three%20packages%20from%20NuGet%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EGoogle.Protobuf%3C%2FLI%3E%0A%3CLI%3EGrpc.Net.Client%20(latest%20preview%20version)%3C%2FLI%3E%0A%3CLI%3EGrpc.Tools%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EAt%20next%2C%20add%20a%20Protobuf%20tag%20to%20GrpcServiceApp.ClientLib%20project%20file%20like%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%3CPROJECT%20sdk%3D%22Microsoft.NET.Sdk%22%3E%0A%0A%20%20%3CPROPERTYGROUP%3E%0A%20%20%20%20%3CTARGETFRAMEWORK%3Enetcoreapp3.0%3C%2FTARGETFRAMEWORK%3E%0A%20%20%3C%2FPROPERTYGROUP%3E%0A%0A%20%20%3CITEMGROUP%3E%0A%20%20%20%20%3CPACKAGEREFERENCE%20include%3D%22Google.Protobuf%22%20version%3D%223.9.1%22%3E%3C%2FPACKAGEREFERENCE%3E%0A%20%20%20%20%3CPACKAGEREFERENCE%20include%3D%22Grpc.Net.Client%22%20version%3D%220.2.23-pre1%22%3E%3C%2FPACKAGEREFERENCE%3E%0A%20%20%20%20%3CPACKAGEREFERENCE%20include%3D%22Grpc.Tools%22%20version%3D%222.23.0%22%3E%0A%20%20%20%20%20%20%3CPRIVATEASSETS%3Eall%3C%2FPRIVATEASSETS%3E%0A%20%20%20%20%20%20%3CINCLUDEASSETS%3Eruntime%3B%20build%3B%20native%3B%20contentfiles%3B%20analyzers%3B%20buildtransitive%3C%2FINCLUDEASSETS%3E%0A%20%20%20%20%3C%2FPACKAGEREFERENCE%3E%0A%20%20%3C%2FITEMGROUP%3E%0A%0A%20%20%3CITEMGROUP%3E%0A%20%20%20%20%3CPROTOBUF%20include%3D%22..%5CSample.proto%22%20grpcservices%3D%22Client%22%3E%3C%2FPROTOBUF%3E%0A%20%20%3C%2FITEMGROUP%3E%0A%0A%3C%2FPROJECT%3E%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EImportant%20classes%20to%20call%20the%20service%20are%20GrpcChannel%20class%20and%20%5BYour%20service%20name%5D.%5BYour%20service%20name%5DClient%20class.%3C%2FP%3E%0A%3CP%3EIn%20this%20case%2C%20I%20defined%20Employees%20service%20to%20Sample.proto%20file.%20So%2C%20the%20name%20is%20Employees.EmployeesClient.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAt%20first%2C%20create%20GrpcChannel%20class%20from%20a%20server%20endpoint%20uri%2C%20and%20create%20Employees.EmployeesClient%20class%20using%20the%20GrpcChannel%20instance.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3E%2F%2F%20create%20GrpcChannel%20from%20uri%0Avar%20channel%20%3D%20GrpcChannel.ForAddress(%22https%3A%2F%2Flocalhost%3A5001%22)%3B%0A%2F%2F%20create%20a%20client%20using%20the%20channel%20instance.%0Avar%20client%20%3D%20new%20Employees.EmployeesClient(channel)%3B%0A%2F%2F%20call%20some%20apis%0Avar%20result%20%3D%20await%20client.GetEmployeesAsync(new%20Empty())%3B%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20implemented%20employees%20management%20client%20using%20the%20Employees.EmployeesClient%20class.%3C%2FP%3E%0A%3CP%3EIt%20is%20plane%20WPF%20app%2C%20for%20to%20easy%20to%20read%2Funderstand%2C%20I%20didn't%20use%20MVVM%20pattern%2C%20all%20logic%20are%20written%20at%20MainWindow.xaml.cs.%3C%2FP%3E%0A%3CP%3ESource%20code%20can%20be%20looked%20from%20following%20link%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Frunceel%2FgRPCSampleApps%2Fblob%2F2dc3b48ac1a136207036978bd5dcce7bdc5a7f66%2FGrpcServiceApp.Client%2FMainWindow.xaml%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMainWindow.xaml%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Frunceel%2FgRPCSampleApps%2Fblob%2F2dc3b48ac1a136207036978bd5dcce7bdc5a7f66%2FGrpcServiceApp.Client%2FMainWindow.xaml.cs%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMainWindow.xaml.cs%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThe%20app%20works%20like%20following%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130183i253F4437F31C172B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22app.gif%22%20title%3D%22app.gif%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EIt%20doesn't%20have%20authentication%2Fauthorization%20feature%2C%20yet.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1541450562%22%20id%3D%22toc-hId--1541450562%22%20id%3D%22toc-hId--1541450562%22%20id%3D%22toc-hId--1541450562%22%20id%3D%22toc-hId--1541450562%22%3ELet's%20add%20authentication%2Fauthorization%20feature!%3C%2FH2%3E%0A%3CP%3EWe%20learned%20how%20to%20create%20gRPC%20service%20and%20how%20to%20call%20gRPC%20service.%20At%20the%20next%20step%2C%26nbsp%3B%20we%20learn%20how%20to%20add%20authentication%2Fauthorization%20using%20Azure%20AD.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECreate%20two%20apps%20to%20Azure%20AD%20tenant.%3C%2FP%3E%0A%3CP%3EFirst%20one%20is%20for%20server%20app%2C%20second%20one%20is%20for%20client%20app.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-4846268%22%20id%3D%22toc-hId-4846268%22%20id%3D%22toc-hId-4846268%22%20id%3D%22toc-hId-4846268%22%20id%3D%22toc-hId-4846268%22%3ECreate%20an%20app%20for%20server%20side%3C%2FH3%3E%0A%3CP%3EOpen%20Azure%20portal%20and%20then%20select%20Azure%20Active%20Directory.%20Select%20%22App%20registrations%22%20-%26gt%3B%20%22New%20registration%22.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130186i5ACF8ADAED020D35%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EEnter%20an%20app%20name%20like%20%22gRPC%20server%22%2C%20and%20then%20select%20a%20%22Register%22%20button.%20After%20created%20the%20app%2C%20would%20select%20%22Expose%20an%20API%22%20-%26gt%3B%20%22Add%20a%20scope%22.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130188i43B314DCD69049E1%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_2.png%22%20title%3D%22clipboard_image_2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EIf%20you%20haven't%20create%20Applicatin%20ID%20URL%2C%20then%20would%20display%20a%20pane%20to%20create%20it.%20In%20this%20case%2C%20please%20select%20%22Save%20and%20continue%22%20button.%3C%2FP%3E%0A%3CP%3EAnd%20input%20scope%20information%2C%20then%20select%20%22Add%20scope%22%20button.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130195iEA6082CF204E4BCF%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAnd%20memo%20following%20items%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EApplication%20ID%3C%2FLI%3E%0A%3CLI%3EScope%20uri(api%3A%2F%2Fapplication%20id%2Fscope%20name)%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EAt%20next%2C%20create%20roles%20to%20the%20app.%20Select%20%22manifest%22%20menu%20at%20left%20pane.%20So%2C%20you%20can%20see%20json.%3C%2FP%3E%0A%3CP%3EThere%20is%20%22appRoles%22%20property%20that%20is%20to%20define%20roles%20in%20an%20app.%3C%2FP%3E%0A%3CP%3EThe%20scheme%20of%20under%20the%20%22appRoles%22%20is%20as%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-javascript%22%3E%3CCODE%3E%7B%0A%20%20%20%20%22allowedMemberTypes%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%22User%22%0A%20%20%20%20%5D%2C%0A%20%20%20%20%22description%22%3A%20%22Administrators.%22%2C%0A%20%20%20%20%22displayName%22%3A%20%22Admins%22%2C%0A%20%20%20%20%22id%22%3A%20%22fc998089-b40c-40c1-af3c-161382ac6422%22%2C%0A%20%20%20%20%22isEnabled%22%3A%20true%2C%0A%20%20%20%20%22value%22%3A%20%22Admins%22%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20read%20a%20following%20document%20for%20details%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fhowto-add-app-roles-in-azure-ad-apps%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EHow%20to%3A%20Add%20app%20roles%20in%20your%20application%20and%20receive%20them%20in%20the%20token%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdded%20three%20roles%20for%20Users%2C%20Writers%20and%20Administrators.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-javascript%22%3E%3CCODE%3E%22appRoles%22%3A%20%5B%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%22allowedMemberTypes%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22User%22%0A%20%20%20%20%20%20%20%20%5D%2C%0A%20%20%20%20%20%20%20%20%22description%22%3A%20%22For%20users.%22%2C%0A%20%20%20%20%20%20%20%20%22displayName%22%3A%20%22Users%22%2C%0A%20%20%20%20%20%20%20%20%22id%22%3A%20%22927b2607-9226-4fbb-bc11-3ae7f90fdc84%22%2C%0A%20%20%20%20%20%20%20%20%22isEnabled%22%3A%20true%2C%0A%20%20%20%20%20%20%20%20%22value%22%3A%20%22Users%22%0A%20%20%20%20%7D%2C%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%22allowedMemberTypes%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22User%22%0A%20%20%20%20%20%20%20%20%5D%2C%0A%20%20%20%20%20%20%20%20%22description%22%3A%20%22For%20writers.%22%2C%0A%20%20%20%20%20%20%20%20%22displayName%22%3A%20%22Writer%22%2C%0A%20%20%20%20%20%20%20%20%22id%22%3A%20%22e0947d03-8281-4e91-b8c4-0b8a57e8211d%22%2C%0A%20%20%20%20%20%20%20%20%22isEnabled%22%3A%20true%2C%0A%20%20%20%20%20%20%20%20%22value%22%3A%20%22Writer%22%0A%20%20%20%20%7D%2C%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%22allowedMemberTypes%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22User%22%0A%20%20%20%20%20%20%20%20%5D%2C%0A%20%20%20%20%20%20%20%20%22description%22%3A%20%22For%20administrators.%22%2C%0A%20%20%20%20%20%20%20%20%22displayName%22%3A%20%22Administrators%22%2C%0A%20%20%20%20%20%20%20%20%22id%22%3A%20%22788389c8-0b68-4e90-b903-ea9add7ccd72%22%2C%0A%20%20%20%20%20%20%20%20%22isEnabled%22%3A%20true%2C%0A%20%20%20%20%20%20%20%20%22value%22%3A%20%22Administrators%22%0A%20%20%20%20%7D%0A%5D%2C%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20select%20a%20%22Save%22%20button.%3C%2FP%3E%0A%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E%20(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3ETo%20get%20a%20new%20GUID%2C%20the%20easy%20way%20is%20just%20type%20%22New-GUID%22%20on%20PowerShell%20or%20PowerShell%20Core.%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3ETo%20get%20a%20new%20GUID%2C%20the%20easy%20way%20is%20just%20type%20%22New-GUID%22%20on%20PowerShell%20or%20PowerShell%20Core.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%0A%3CP%3EAfter%20that%2C%20assign%20roles%20to%20user%20using%20Azure%20AD%20enterprise%20applications%20setting%20page.%20Select%20%22Azure%20Active%20Directory%22%20-%26gt%3B%20%22Enterprise%20applications%22%20-%26gt%3B%20%22Your%20server%20side%20app%22%20-%26gt%3B%20%22Users%20and%20groups%22.%3C%2FP%3E%0A%3CP%3EIn%20my%20case%2C%20I%20assigned%20three%20users%20like%20following%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130408iA349FD4B7F925D1F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22clipboard_image_3.png%22%20title%3D%22clipboard_image_3.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1747656603%22%20id%3D%22toc-hId-1747656603%22%20id%3D%22toc-hId-1747656603%22%20id%3D%22toc-hId-1747656603%22%20id%3D%22toc-hId-1747656603%22%3ECreate%20an%20app%20for%20client%20side%3C%2FH3%3E%0A%3CP%3EAdd%20an%20app%20for%20client%20side%20with%20Redirect%20URI%20that%20category%20and%20value%20are%20%22Public%20Client%20(mobile%20%26amp%3B%20desktop)%22%20and%20%22http%3A%2F%2Flocalhost%22.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130200iFF421C8C79C83B0B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAfter%20create%20the%20app%2C%20select%20%22API%20permissions%22%20-%26gt%3B%20%22Add%20a%20permission%22.%20And%20select%20%22Call.API%22%20permission%20of%20%22gRPC%20server%22%20app%20on%20%22APIs%20my%20organization%20uses%22%20tab.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130201i66E757F719DA4A4D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22clipboard_image_1.png%22%20title%3D%22clipboard_image_1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAnd%20copy%20Application%20ID%20of%20client%20app%20and%20Directory(tenant)%20ID%20at%20Overview%20page%20of%20the%20app.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--804500358%22%20id%3D%22toc-hId--804500358%22%20id%3D%22toc-hId--804500358%22%20id%3D%22toc-hId--804500358%22%20id%3D%22toc-hId--804500358%22%3EImplement%20Authentication%20and%20Authorization%20to%20the%20server%20side%3C%2FH3%3E%0A%3CP%3EAdd%20latest%20preview%20version's%20%22Microsoft.AspNetCore.Authentication.JwtBearer%22%20NuGet%20package%20to%20use%20authentication%20and%20authorization%20features%20using%20JWT%20of%20ASP.NET%20Core%203.0.%3C%2FP%3E%0A%3CP%3EAnd%20add%20a%20few%20lines%20to%20Startup.cs%20to%20enable%20Authentication%20and%20Authorization%20like%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Epublic%20void%20ConfigureServices(IServiceCollection%20services)%0A%7B%0A%20%20%20%20services.AddGrpc()%3B%0A%0A%20%20%20%20%2F%2F%20for%20auth%0A%20%20%20%20services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)%0A%20%20%20%20%20%20%20%20.AddJwtBearer(options%20%3D%26gt%3B%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20_configuration.Bind(%22AzureAd%22%2C%20options)%3B%0A%20%20%20%20%20%20%20%20%7D)%3B%0A%20%20%20%20services.AddAuthorization(options%20%3D%26gt%3B%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%2F%2F%20define%20policies%0A%20%20%20%20%20%20%20%20options.AddPolicy(%22Users%22%2C%20policy%20%3D%26gt%3B%20policy.RequireClaim(%22%3CA%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%3C%2FA%3E%22%2C%20%22Administrators%22%2C%20%22Writer%22%2C%20%22Users%22))%3B%0A%20%20%20%20%20%20%20%20options.AddPolicy(%22Writer%22%2C%20policy%20%3D%26gt%3B%20policy.RequireClaim(%22%3CA%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%3C%2FA%3E%22%2C%20%22Administrators%22%2C%20%22Writer%22))%3B%0A%20%20%20%20%20%20%20%20options.AddPolicy(%22Admins%22%2C%20policy%20%3D%26gt%3B%20policy.RequireClaim(%22%3CA%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%3C%2FA%3E%22%2C%20%22Administrators%22))%3B%0A%20%20%20%20%7D)%3B%0A%7D%0A%0Apublic%20void%20Configure(IApplicationBuilder%20app%2C%20IWebHostEnvironment%20env)%0A%7B%0A%20%20%20%20if%20(env.IsDevelopment())%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20app.UseDeveloperExceptionPage()%3B%0A%20%20%20%20%7D%0A%0A%20%20%20%20app.UseRouting()%3B%0A%0A%20%20%20%20%2F%2F%20for%20auth%0A%20%20%20%20app.UseAuthentication()%3B%0A%20%20%20%20app.UseAuthorization()%3B%0A%0A%20%20%20%20app.UseEndpoints(endpoints%20%3D%26gt%3B%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%2F%2F%20endpoints.MapGrpcService()%3B%0A%20%20%20%20%20%20%20%20endpoints.MapGrpcService()%3B%0A%0A%20%20%20%20%20%20%20%20endpoints.MapGet(%22%2F%22%2C%20async%20context%20%3D%26gt%3B%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20await%20context.Response.WriteAsync(%22Communication%20with%20gRPC%20endpoints%20must%20be%20made%20through%20a%20gRPC%20client.%20To%20learn%20how%20to%20create%20a%20client%2C%20visit%3A%20%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2086909%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2086909%3C%2FA%3E%22)%3B%0A%20%20%20%20%20%20%20%20%7D)%3B%0A%20%20%20%20%7D)%3B%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdd%20couple%20settings%20to%20appsettings.json%20for%20options%20of%20AddAuthentication%20method.%3C%2FP%3E%0A%3CP%3EIts%20values%20are%20Authority(URI%20that%20included%20Azure%20AD%20Tenant%20ID)%20and%20Audience(Application%20ID%20URI)%20like%20following%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-javascript%22%3E%3CCODE%3E%7B%0A%20%20%22Logging%22%3A%20%7B%0A%20%20%20%20%22LogLevel%22%3A%20%7B%0A%20%20%20%20%20%20%22Default%22%3A%20%22Warning%22%2C%0A%20%20%20%20%20%20%22Microsoft.Hosting.Lifetime%22%3A%20%22Information%22%0A%20%20%20%20%7D%0A%20%20%7D%2C%0A%20%20%22AllowedHosts%22%3A%20%22*%22%2C%0A%20%20%22Kestrel%22%3A%20%7B%0A%20%20%20%20%22EndpointDefaults%22%3A%20%7B%0A%20%20%20%20%20%20%22Protocols%22%3A%20%22Http2%22%0A%20%20%20%20%7D%0A%20%20%7D%2C%0A%20%20%22AzureAd%22%3A%20%7B%0A%20%20%20%20%22Authority%22%3A%20%22%3CA%20href%3D%22https%3A%2F%2Flogin.microsoftonline.com%2F%7BYour%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flogin.microsoftonline.com%2F%7BYour%3C%2FA%3E%20Azure%20AD%20Tenant%20ID%7D%2F%22%2C%0A%20%20%20%20%22Audience%22%3A%20%22Your%20server%20side%20Application%20ID%20URI(api%3A%2F%2Fappid)%22%0A%20%20%7D%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20want%20to%20know%20more%20details%20about%20those%20methods%2C%20please%20read%20following%20documents%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Faspnet%2Fcore%2Fsecurity%2Fauthentication%2Fazure-active-directory%2F%3Fview%3Daspnetcore-3.0%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Active%20Directory%20with%20ASP.NET%20Core%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Faspnet%2Fcore%2Fsecurity%2Fauthorization%2Fclaims%3Fview%3Daspnetcore-3.0%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EClaims-based%20authorization%20in%20ASP.NET%20Core%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3ESo%2C%20let's%20add%20AuthrizeAttribute%20to%20the%20gRPC%20service%20class%20for%20adding%20authorization.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Epublic%20class%20EmployeeService%20%3A%20GrpcSampleApp.Employees.EmployeesBase%0A%7B%0A%20%20%20%20private%20static%20List%20Employees%20%7B%20get%3B%20%7D%20%3D%20new%20List()%3B%0A%20%20%20%20%5BAuthorize(%22Users%22)%5D%0A%20%20%20%20public%20override%20Task%20GetEmployees(Empty%20request%2C%20ServerCallContext%20context)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%2F%2F%20snip...%0A%20%20%20%20%7D%0A%0A%20%20%20%20%5BAuthorize(%22Writer%22)%5D%0A%20%20%20%20public%20override%20Task%20AddEmployee(Employee%20request%2C%20ServerCallContext%20context)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%2F%2F%20snip...%0A%20%20%20%20%7D%0A%0A%20%20%20%20%5BAuthorize(%22Admins%22)%5D%0A%20%20%20%20public%20override%20Task%20DeleteEmployee(DeleteEmployeeRequest%20request%2C%20ServerCallContext%20context)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%2F%2F%20snip...%0A%20%20%20%20%7D%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAfter%20that%2C%20the%20client%20app%20will%20not%20able%20to%20call%20those%20APIs%20with%20401%20error.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130394i6A63ECCBAD469C4F%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-938309977%22%20id%3D%22toc-hId-938309977%22%20id%3D%22toc-hId-938309977%22%20id%3D%22toc-hId-938309977%22%20id%3D%22toc-hId-938309977%22%3EImplement%20sign%20in%20feature%20to%20the%20client%20side%20app%3C%2FH3%3E%0A%3CP%3EAdd%20MSAL.NET%20that%20package%20name%20is%20Microsoft.Identity.Client%20to%20the%20project%20of%20client%20side%20to%20implement%20sign%20in%20feature.%20And%20Microsoft.Extensions.Configuration.Binder(latest%20preview%20version)%20package%20to%20use%20Bind%20method%20of%20IConfiguration%20interface.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAt%20first%2C%20we%20have%20to%20create%20an%20instance%20of%20PublicClientApplication.%20To%20create%20it%2C%20we%20have%20to%20prepare%20three%20information%20that%20are%20Client%20ID(The%20client%20side%20app%20id%20registered%20to%20Azure%20AD)%2C%20RedirectUri(http%3A%2F%2Flocalhost)%20and%20Tenant%20ID.%20I%20write%20those%20values%20to%20appsettings.json%20at%20the%20client%20side%20project.%20And%20also%2C%20add%20a%20value%20of%20passing%20to%20as%20scopes%20when%20sign%20in%2C%20it%20is%20%22api%3A%2F%2Fyou%20server%20app%20id%2FCall.API%22(It%20was%20defined%20to%20the%20server%20side%20app%20on%20Azure%20AD.)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-javascript%22%3E%3CCODE%3E%7B%0A%20%20%22ServerEndpoint%22%3A%20%22https%3A%2F%2Flocalhost%3A5001%22%2C%0A%20%20%22AzureAd%22%3A%20%7B%0A%20%20%20%20%22ClientId%22%3A%20%22Azure%20AD%20client%20app%20id.%22%2C%0A%20%20%20%20%22RedirectUri%22%3A%20%22http%3A%2F%2Flocalhost%22%2C%0A%20%20%20%20%22TenantId%22%3A%20%22Your%20Azure%20AD%20tenant%20id.%22%0A%20%20%7D%2C%0A%20%20%22Scopes%22%3A%20%5B%0A%20%20%20%20%22api%3A%2F%2Fyour%20server%20app%20id%2FCall.API%22%0A%20%20%5D%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20create%20an%20instance%20of%20PublicClientApplication%20class%20that%20provided%20from%20MSAL.NET%2C%20I%20create%20CreatePublicClientApplication%20method%20to%20MainWindow.xaml.cs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Eprivate%20IPublicClientApplication%20CreatePublicClientApplication()%0A%7B%0A%20%20%20%20var%20options%20%3D%20new%20PublicClientApplicationOptions()%3B%0A%20%20%20%20_configuration.Bind(%22AzureAd%22%2C%20options)%3B%0A%20%20%20%20return%20PublicClientApplicationBuilder.CreateWithApplicationOptions(options)%0A%20%20%20%20%20%20%20%20.Build()%3B%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20instance%20is%20stored%20a%20_publicClientApplication%20field%20of%20MainWindow%20class.%20Using%20it%2C%20implements%20a%20click%20event%20handler%20of%20%22Sign%20In%22%20button!%20There%20are%20important%20below%20methods%20of%20MSAL.NET.%20Please%20check%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fbs-latn-ba%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-net-acquire-token-silently%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethe%20documentation%3C%2FA%3Eto%20understand%20how%20to%20use%20those%20methods.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EGetAccountsAsync%3C%2FLI%3E%0A%3CLI%3EAcquireTokenSilent%3C%2FLI%3E%0A%3CLI%3EAcquireTokenInteractive%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EFollowing%20code%20snippet%20is%20a%20typical%20implementation%20to%20get%20access%20token%20to%20call%20APIs%20protected%20by%20Azure%20AD.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Eprivate%20async%20Task%3CAUTHENTICATIONRESULT%3E%20AcquireTokenAsync()%0A%7B%0A%20%20%20%20var%20scopes%20%3D%20_configuration.GetSection(%22Scopes%22).Get%3CSTRING%3E()%3B%0A%20%20%20%20var%20account%20%3D%20(await%20_publicClientApplication.GetAccountsAsync()).FirstOrDefault()%3B%0A%20%20%20%20try%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20return%20await%20_publicClientApplication.AcquireTokenSilent(scopes%2C%20account)%0A%20%20%20%20%20%20%20%20%20%20%20%20.ExecuteAsync()%3B%0A%20%20%20%20%7D%0A%20%20%20%20catch%20(MsalUiRequiredException%20ex)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20Debug.WriteLine(ex)%3B%0A%20%20%20%20%20%20%20%20try%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20using%20(var%20cancellationTokenSource%20%3D%20new%20CancellationTokenSource())%0A%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20var%20signInTask%20%3D%20_publicClientApplication.AcquireTokenInteractive(scopes)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.WithSystemWebViewOptions(new%20SystemWebViewOptions%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20OpenBrowserAsync%20%3D%20SystemWebViewOptions.OpenWithChromeEdgeBrowserAsync%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.ExecuteAsync(cancellationTokenSource.Token)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if%20(signInTask%20!%3D%20await%20Task.WhenAny(signInTask%2C%20Task.Delay(TimeSpan.FromMinutes(2))))%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20cancellationTokenSource.Cancel()%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20MessageBox.Show(%22Timeout.%22)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20null%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20await%20signInTask%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20catch%20(MsalException%20msalEx)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20Debug.WriteLine(msalEx)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20null%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%7D%0A%3C%2FSTRING%3E%3C%2FAUTHENTICATIONRESULT%3E%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E%20(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3EMSAL.NET%20implementation%20for%20.NET%20Core%20assume%20the%20platform%20doesn't%20have%20embedded%20web%20view.%20Because%2C%20MSAL.NET%20is%20for%20.NET%20Core%202.2%20or%20earlier.%20Yes%2C%20it%20doesn't%20have%20any%20features%20to%20develop%20GUI%20applications.%3CBR%20%2F%3ESo%2C%20in%20this%20sample%20app%2C%20I%20decided%20using%20system%20web%20browser.%3CBR%20%2F%3E%3CBR%20%2F%3EAfter%20release%20.NET%20Core%203.0%2C%20I%20guess%20we%20will%20be%20able%20to%20use%20embedded%20web%20view%20options.%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3EMSAL.NET%20implementation%20for%20.NET%20Core%20assume%20the%20platform%20doesn't%20have%20embedded%20web%20view.%20Because%2C%20MSAL.NET%20is%20for%20.NET%20Core%202.2%20or%20earlier.%20Yes%2C%20it%20doesn't%20have%20any%20features%20to%20develop%20GUI%20applications.So%2C%20in%20this%20sample%20app%2C%20I%20decided%20using%20system%20web%20browser.After%20release%20.NET%20Core%203.0%2C%20I%20guess%20we%20will%20be%20able%20to%20use%20embedded%20web%20view%20options.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%0A%3CP%3ERun%20the%20app!%20So%2C%20the%20%22Sign%20in%22%20button%20is%20work.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20330px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130403i1D28AD876DEE0BB2%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EAccepting%20permissions%20page%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAfter%20signed%20in%2C%20the%20user%20name%20is%20shown.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130405iEF502DF594DFDC79%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EWe%20can%20get%20sign%20in%20feature%2C%20however%20we%20can't%20call%20APIs%20with%20401%20error%20yet.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130410i289170C843FF4FD9%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22clipboard_image_4.png%22%20title%3D%22clipboard_image_4.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3ENeed%20Authorization%20HTTP%20header%2C%20it%20can%20be%20add%20using%20a%20metadata%20argument%20of%20every%20gRPC%20service%20methods.%3C%2FP%3E%0A%3CP%3EDefine%20a%20method%20to%20create%20a%20Metadata%20instance%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Eprivate%20async%20Task%26lt%3Bmetadata%26gt%3B%20CreateAuthMetadataAsync()%0A%7B%0A%20%20%20%20var%20r%20%3D%20await%20AcquireTokenAsync()%3B%0A%20%20%20%20if%20(r%20%3D%3D%20null)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20return%20null%3B%0A%20%20%20%20%7D%0A%0A%20%20%20%20return%20new%20Metadata%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%7B%20%22Authorization%22%2C%20%24%22Bearer%20%7Br.AccessToken%7D%22%20%7D%2C%0A%20%20%20%20%7D%3B%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20add%20code%20to%20use%20it%20before%20call%20APIs%20like%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Eprivate%20async%20void%20GetEmployeesButton_Click(object%20sender%2C%20RoutedEventArgs%20e)%0A%7B%0A%20%20%20%20%2F%2F%20Get%20and%20check%20accessToken%0A%20%20%20%20var%20headers%20%3D%20await%20CreateAuthMetadataAsync()%3B%0A%20%20%20%20if%20(headers%20%3D%3D%20null)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20MessageBox.Show(%22Couldn't%20get%20accessToken.%22)%3B%0A%20%20%20%20%20%20%20%20return%3B%0A%20%20%20%20%7D%0A%0A%20%20%20%20var%20r%20%3D%20await%20_client.GetEmployeesAsync(new%20Empty()%2C%20headers)%3B%20%2F%2F%20add%20headers%20argument%0A%20%20%20%20_employees.Clear()%3B%0A%20%20%20%20foreach%20(var%20emp%20in%20r.Employees)%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20_employees.Add(emp)%3B%0A%20%20%20%20%7D%0A%7D%0A%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdd%20same%20code%20snippet%20to%20all%20location%20where%20call%20APIs.%3C%2FP%3E%0A%3CP%3EAfter%20that%2C%20be%20able%20to%20call%20gRPC%20services%20from%20client%20app%20with%20access%20token.%20Of%20couse%2C%20not%20allowed%20users%20can't%20call%20APIs.%20For%20example%3A%20Users%20role%20user%20can't%20call%20API%20for%20Admins%20user.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFinal%20step!!%20Add%20check%20role%20in%20client%20side%20feature.%20It%20is%20really%20easy%20with%20System.IdentityModel.Token.Jwt%20NuGet%20package.%3C%2FP%3E%0A%3CP%3EAdd%20the%20package%20to%20the%20client%20side%20app%2C%20it%20is%20really%20easy%20to%20use%2C%20just%20pass%20JWT%20access%20token%20to%20constructor%20of%20JwtSecurityToken%20class.%20After%20creating%20an%20instance%2C%20access%20claims%20by%20Claims%20property%2C%20like%20following%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Evar%20claims%20%3D%20new%20JwtSecurityToken(r.AccessToken)%3B%0Avar%20roleName%20%3D%20claims.Claims.FirstOrDefault(x%20%3D%26gt%3B%20x.Type%20%3D%3D%20%22roles%22)%3F.Value%20%3F%3F%20%22Users%22%3B%20%2F%2F%20default%20is%20users%20role%0AtextBlockSiginStatus.Text%20%3D%20%24%22Signed%20in%3A%20%7Br.Account.Username%7D(Role%3A%20%7BroleName%7D)%22%3B%0A%0AtabItemAddEmployee.IsEnabled%20%3D%20roleName%20%3D%3D%20%22Writer%22%20%7C%7C%20roleName%20%3D%3D%20%22Administrators%22%3B%0AIsInAdminsRole%20%3D%20roleName%20%3D%3D%20%22Administrators%22%3B%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20this%20case%2C%20There%20is%20a%20role%20name%20at%20%22roles%22%20of%20type%20of%20Claim.%20In%20client%20side%2C%20we%20can%20control%20visible%2Fcolappse%2C%20enabled%2Fdisabled%2C%20etc...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFollowing%20picture%20is%20sign%20in%20as%20Users%20role%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130418i381016E225BFD430%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EDisable%20a%20%22Add%20employee%22%20tab%20and%20%22Delete%22%20buttons.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESign%20in%20as%20Writer%20role%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130419i6DF18D0AD577A7EA%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_1.png%22%20title%3D%22clipboard_image_1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EEnable%20a%20%22Add%20employee%22%20tab%2C%20however%20%22Delete%22%20buttons%20are%20disabled.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESign%20in%20as%20Administrators%20role%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130420iFBC07E5CD8E61AFB%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_2.png%22%20title%3D%22clipboard_image_2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAll%20features%20are%20available!%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1417333479%22%20id%3D%22toc-hId--1417333479%22%20id%3D%22toc-hId--1417333479%22%20id%3D%22toc-hId--1417333479%22%20id%3D%22toc-hId--1417333479%22%3EWrap%20up%3C%2FH2%3E%0A%3CP%3EASP.NET%20Core%20gRPC%20is%20a%20great%20RPC%20feature.%20It%20is%20type%20safe.%3C%2FP%3E%0A%3CP%3EAnd%20it%20can%20use%20Authentication%2FAuthorization%20feature%20of%20ASP.NET%20Core.%20It%20is%20easy%20to%20call%20from%20WPF%20on%20.NET%20Core.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20think%20combination%20to%20WPF%20on%20.NET%20Core%20and%20ASP.NET%20Core%20gRPC%20is%20an%20one%20of%20good%20choice%20for%20LOB%20apps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20source%20code%20is%20on%20my%20GitHub%20repository%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Frunceel%2FgRPCSampleApps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Frunceel%2FgRPCSampleApps%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E%20(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3EUnfortunately%2C%20Azure%20App%20Service%20doesn't%20support%20to%20host%20gRPC%20Service%20yet.%3CBR%20%2F%3EPlease%20check%20a%20following%20GitHub%20issue%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Faspnet%2FAspNetCore%2Fissues%2F9020%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Faspnet%2FAspNetCore%2Fissues%2F9020%3C%2FA%3E%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3EUnfortunately%2C%20Azure%20App%20Service%20doesn't%20support%20to%20host%20gRPC%20Service%20yet.Please%20check%20a%20following%20GitHub%20issue%3A%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Faspnet%2FAspNetCore%2Fissues%2F9020%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Faspnet%2FAspNetCore%2Fissues%2F9020%3C%2FA%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3CLINGO-SUB%20id%3D%22lingo-sub-841955%22%20slang%3D%22en-US%22%3ERe%3A%20ASP.NET%20Core%20gRPC%20and%20WPF%20on%20.NET%20Core%20with%20Azure%20AD%20Authorization%2FAuthentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-841955%22%20slang%3D%22en-US%22%3E%3CP%3EgRPC%20reminds%20me%20of%20the%20old%20SOAP%20web%20services%20which%20I%20really%20liked%20better%20than%20WCF%20because%20of%20its%20simplicity.%26nbsp%3B%20GRPC%20seems%20really%20promising%20and%20could%20simplify%20inter-organization%20RPCs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-841961%22%20slang%3D%22en-US%22%3ERe%3A%20ASP.NET%20Core%20gRPC%20and%20WPF%20on%20.NET%20Core%20with%20Azure%20AD%20Authorization%2FAuthentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-841961%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20trying%20to%20replicate%20your%20example%20I%20realize%20that%20we%20have%20python%20and%20java%20clients.%26nbsp%3B%20Would%20it%20be%20possible%20for%20you%20to%20create%20a%20sample%20for%20a%20python%20or%20java%20client%3F%26nbsp%3B%20Nothing%20fancy%2C%20just%20text%2Fconsole%20based%20to%20demonstrate%20that%20gRPC%20with%20Azure-auth%20could%20work%20across%20platforms.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-843333%22%20slang%3D%22en-US%22%3ERe%3A%20ASP.NET%20Core%20gRPC%20and%20WPF%20on%20.NET%20Core%20with%20Azure%20AD%20Authorization%2FAuthentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843333%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F404975%22%20target%3D%22_blank%22%3E%40jod_651%3C%2FA%3E%26nbsp%3BThank%20you%20for%20comments.%3C%2FP%3E%0A%3CP%3EI%20can't%20take%20time%20for%20implementing%20client%20of%20other%20languages%20now.%3C%2FP%3E%0A%3CP%3EHowever%2C%20I%20believe%20that%20other%20languages%20can%20be%20also%20did.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20MSAL%20for%20python%20and%20Java.%20(Still%20preview)%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzureAD%2Fmicrosoft-authentication-library-for-python%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzureAD%2Fmicrosoft-authentication-library-for-python%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzureAD%2Fmicrosoft-authentication-library-for-java%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzureAD%2Fmicrosoft-authentication-library-for-java%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20think%20you%20can%20get%20an%20access%20token%20using%20those%20libraries.%3C%2FP%3E%0A%3CP%3EAfter%20that%2C%20you%20can%20call%20gRPC%20Service%20with%20the%20access%20token.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20I%20had%20a%20time%2C%20I%20would%20try%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

On ASP.NET Core 3.0(Still preview 9 now), there is a great RPC feature that is gRPC on ASP.NET Core!

Here is a document:

Its programming experience is really cool. Because it is type safe(I love it.)

So, we can use code complement feature to call gRPC services.

clipboard_image_0.png

 

And .NET Core 3.0 supports developing desktop apps feature.

You can develop both of server side(with type safe by gRPC!) and client side(I love WPF! Type safe also!) using .NET Core 3.0. 

gRPC on ASP.NET Core can use authentication/authorization features of ASP.NET Core.

It means you can protect gRPC using Azure AD and more. Authentication and authorization are important all of apps.

 

So, in this article, I will write about gRPC on ASP.NET Core and WPF on .NET Core, and protecting the apps using Azure AD Authentication/Authorization.

Let's create a simple gRPC service

gRPC services are defined as a .proto file.

Please read a following document about defails of .proto file:
gRPC services with C#

 

Create a solution, and create Sample.proto file at same location of solution folder.

 

syntax = "proto3";

option csharp_namespace = "GrpcSampleApp";

import "google/protobuf/empty.proto";

package GrpcSample;

service Employees {
	// for all users
	rpc GetEmployees(google.protobuf.Empty) returns (GetEmployeeReply);
	// for writer users
	rpc AddEmployee(Employee) returns (AddEmployeeReply);
	// for admin users
	rpc DeleteEmployee(DeleteEmployeeRequest) returns (DeleteEmployeeReply);
}

message GetEmployeeReply {
	repeated Employee employees = 1;
}

message AddEmployeeReply {
	bool succeed = 1;
}

message DeleteEmployeeRequest {
	string id = 1;
}

message DeleteEmployeeReply {
	bool succeed = 1;
}

message Employee {
	string id = 1;
	string name = 2;
}

 

And create a project that type is gRPC Service, and then modify a Protobuf tag of the project file like below:

 

<Protobuf Include="..\Sample.proto" GrpcServices="Server" />

 

Delete Services/GreetService.cs file, and create Services/EmployeeService.cs to implement the service logic.

Ant then, write a code to the file like following link:

EmployeeService.cs

Spoiler
The server program has to run without IIS Express.
Please make sure Launch item of debug option at project settings to "Project."
clipboard_image_0.png

Final step! Change Configure method of Startup.cs to register the EmployeeService.

 

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    app.UseRouting();

    app.UseEndpoints(endpoints =>
    {
        // endpoints.MapGrpcService();
        endpoints.MapGrpcService();

        endpoints.MapGet("/", async context =>
        {
            await context.Response.WriteAsync("Communication with gRPC endpoints must be made through a gRPC client. To learn how to create a client, visit: https://go.microsoft.com/fwlink/?linkid=2086909");
        });
    });
}

 

Kestrel HTTP/2 Configuration

gRPC is over HTTP/2. So, if we didn't create a project from gRPC Service project template, then we would have to configure appsettins.json to use HTTP/2.

 

{
  "Logging": {
    "LogLevel": {
      "Default": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "Kestrel": {
    "EndpointDefaults": {
      "Protocols": "Http2"
    }
  }
}

 

In this case, the configuration is already included by gRPC Service project template.

Let's call the service from WPF on .NET Core

Create a Class Library(.NET Core) project to generate client side code as GrpcServiceApp.ClientLib.

And add three packages from NuGet:

  1. Google.Protobuf
  2. Grpc.Net.Client (latest preview version)
  3. Grpc.Tools

At next, add a Protobuf tag to GrpcServiceApp.ClientLib project file like below:

 

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>netcoreapp3.0</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Google.Protobuf" Version="3.9.1" />
    <PackageReference Include="Grpc.Net.Client" Version="0.2.23-pre1" />
    <PackageReference Include="Grpc.Tools" Version="2.23.0">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
  </ItemGroup>

  <ItemGroup>
    <Protobuf Include="..\Sample.proto" GrpcServices="Client" />
  </ItemGroup>

</Project>

 

Important classes to call the service are GrpcChannel class and [Your service name].[Your service name]Client class.

In this case, I defined Employees service to Sample.proto file. So, the name is Employees.EmployeesClient.

 

At first, create GrpcChannel class from a server endpoint uri, and create Employees.EmployeesClient class using the GrpcChannel instance.

 

// create GrpcChannel from uri
var channel = GrpcChannel.ForAddress("https://localhost:5001");
// create a client using the channel instance.
var client = new Employees.EmployeesClient(channel);
// call some apis
var result = await client.GetEmployeesAsync(new Empty());

 

I implemented employees management client using the Employees.EmployeesClient class.

It is plane WPF app, for to easy to read/understand, I didn't use MVVM pattern, all logic are written at MainWindow.xaml.cs.

Source code can be looked from following link:

The app works like following:

app.gif

It doesn't have authentication/authorization feature, yet.

Let's add authentication/authorization feature!

We learned how to create gRPC service and how to call gRPC service. At the next step,  we learn how to add authentication/authorization using Azure AD.

 

Create two apps to Azure AD tenant.

First one is for server app, second one is for client app.

Create an app for server side

Open Azure portal and then select Azure Active Directory. Select "App registrations" -> "New registration".

clipboard_image_0.png

Enter an app name like "gRPC server", and then select a "Register" button. After created the app, would select "Expose an API" -> "Add a scope".

clipboard_image_2.png

If you haven't create Applicatin ID URL, then would display a pane to create it. In this case, please select "Save and continue" button.

And input scope information, then select "Add scope" button.

clipboard_image_0.png

And memo following items:

  • Application ID
  • Scope uri(api://application id/scope name)

At next, create roles to the app. Select "manifest" menu at left pane. So, you can see json.

There is "appRoles" property that is to define roles in an app.

The scheme of under the "appRoles" is as below:

 

{
    "allowedMemberTypes": [
        "User"
    ],
    "description": "Administrators.",
    "displayName": "Admins",
    "id": "fc998089-b40c-40c1-af3c-161382ac6422",
    "isEnabled": true,
    "value": "Admins"
}

 

Please read a following document for details:

How to: Add app roles in your application and receive them in the token

 

Added three roles for Users, Writers and Administrators.

 

"appRoles": [
    {
        "allowedMemberTypes": [
            "User"
        ],
        "description": "For users.",
        "displayName": "Users",
        "id": "927b2607-9226-4fbb-bc11-3ae7f90fdc84",
        "isEnabled": true,
        "value": "Users"
    },
    {
        "allowedMemberTypes": [
            "User"
        ],
        "description": "For writers.",
        "displayName": "Writer",
        "id": "e0947d03-8281-4e91-b8c4-0b8a57e8211d",
        "isEnabled": true,
        "value": "Writer"
    },
    {
        "allowedMemberTypes": [
            "User"
        ],
        "description": "For administrators.",
        "displayName": "Administrators",
        "id": "788389c8-0b68-4e90-b903-ea9add7ccd72",
        "isEnabled": true,
        "value": "Administrators"
    }
],

 

And select a "Save" button.

Spoiler
To get a new GUID, the easy way is just type "New-GUID" on PowerShell or PowerShell Core.

After that, assign roles to user using Azure AD enterprise applications setting page. Select "Azure Active Directory" -> "Enterprise applications" -> "Your server side app" -> "Users and groups".

In my case, I assigned three users like following:

clipboard_image_3.png

Create an app for client side

Add an app for client side with Redirect URI that category and value are "Public Client (mobile & desktop)" and "http://localhost".

clipboard_image_0.png

After create the app, select "API permissions" -> "Add a permission". And select "Call.API" permission of "gRPC server" app on "APIs my organization uses" tab.

clipboard_image_1.png

And copy Application ID of client app and Directory(tenant) ID at Overview page of the app.

Implement Authentication and Authorization to the server side

Add latest preview version's "Microsoft.AspNetCore.Authentication.JwtBearer" NuGet package to use authentication and authorization features using JWT of ASP.NET Core 3.0.

And add a few lines to Startup.cs to enable Authentication and Authorization like below:

 

public void ConfigureServices(IServiceCollection services)
{
    services.AddGrpc();

    // for auth
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            _configuration.Bind("AzureAd", options);
        });
    services.AddAuthorization(options =>
    {
        // define policies
        options.AddPolicy("Users", policy => policy.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Administrators", "Writer", "Users"));
        options.AddPolicy("Writer", policy => policy.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Administrators", "Writer"));
        options.AddPolicy("Admins", policy => policy.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Administrators"));
    });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    app.UseRouting();

    // for auth
    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        // endpoints.MapGrpcService();
        endpoints.MapGrpcService();

        endpoints.MapGet("/", async context =>
        {
            await context.Response.WriteAsync("Communication with gRPC endpoints must be made through a gRPC client. To learn how to create a client, visit: https://go.microsoft.com/fwlink/?linkid=2086909");
        });
    });
}

 

Add couple settings to appsettings.json for options of AddAuthentication method.

Its values are Authority(URI that included Azure AD Tenant ID) and Audience(Application ID URI) like following:

 

{
  "Logging": {
    "LogLevel": {
      "Default": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "Kestrel": {
    "EndpointDefaults": {
      "Protocols": "Http2"
    }
  },
  "AzureAd": {
    "Authority": "https://login.microsoftonline.com/{Your Azure AD Tenant ID}/",
    "Audience": "Your server side Application ID URI(api://appid)"
  }
}

 

If you want to know more details about those methods, please read following documents:

So, let's add AuthrizeAttribute to the gRPC service class for adding authorization.

 

public class EmployeeService : GrpcSampleApp.Employees.EmployeesBase
{
    private static List Employees { get; } = new List();
    [Authorize("Users")]
    public override Task GetEmployees(Empty request, ServerCallContext context)
    {
        // snip...
    }

    [Authorize("Writer")]
    public override Task AddEmployee(Employee request, ServerCallContext context)
    {
        // snip...
    }

    [Authorize("Admins")]
    public override Task DeleteEmployee(DeleteEmployeeRequest request, ServerCallContext context)
    {
        // snip...
    }
}

 

After that, the client app will not able to call those APIs with 401 error.

clipboard_image_0.png

Implement sign in feature to the client side app

Add MSAL.NET that package name is Microsoft.Identity.Client to the project of client side to implement sign in feature. And Microsoft.Extensions.Configuration.Binder(latest preview version) package to use Bind method of IConfiguration interface.

 

At first, we have to create an instance of PublicClientApplication. To create it, we have to prepare three information that are Client ID(The client side app id registered to Azure AD), RedirectUri(http://localhost) and Tenant ID. I write those values to appsettings.json at the client side project. And also, add a value of passing to as scopes when sign in, it is "api://you server app id/Call.API"(It was defined to the server side app on Azure AD.)

 

{
  "ServerEndpoint": "https://localhost:5001",
  "AzureAd": {
    "ClientId": "Azure AD client app id.",
    "RedirectUri": "http://localhost",
    "TenantId": "Your Azure AD tenant id."
  },
  "Scopes": [
    "api://your server app id/Call.API"
  ]
}

 

To create an instance of PublicClientApplication class that provided from MSAL.NET, I create CreatePublicClientApplication method to MainWindow.xaml.cs.

 

private IPublicClientApplication CreatePublicClientApplication()
{
    var options = new PublicClientApplicationOptions();
    _configuration.Bind("AzureAd", options);
    return PublicClientApplicationBuilder.CreateWithApplicationOptions(options)
        .Build();
}

 

The instance is stored a _publicClientApplication field of MainWindow class. Using it, implements a click event handler of "Sign In" button! There are important below methods of MSAL.NET. Please check the documentation to understand how to use those methods.

  • GetAccountsAsync
  • AcquireTokenSilent
  • AcquireTokenInteractive

Following code snippet is a typical implementation to get access token to call APIs protected by Azure AD.

 

private async Task<AuthenticationResult> AcquireTokenAsync()
{
    var scopes = _configuration.GetSection("Scopes").Get<string[]>();
    var account = (await _publicClientApplication.GetAccountsAsync()).FirstOrDefault();
    try
    {
        return await _publicClientApplication.AcquireTokenSilent(scopes, account)
            .ExecuteAsync();
    }
    catch (MsalUiRequiredException ex)
    {
        Debug.WriteLine(ex);
        try
        {
            using (var cancellationTokenSource = new CancellationTokenSource())
            {
                var signInTask = _publicClientApplication.AcquireTokenInteractive(scopes)
                    .WithSystemWebViewOptions(new SystemWebViewOptions
                    {
                        OpenBrowserAsync = SystemWebViewOptions.OpenWithChromeEdgeBrowserAsync,
                    })
                    .ExecuteAsync(cancellationTokenSource.Token);
                if (signInTask != await Task.WhenAny(signInTask, Task.Delay(TimeSpan.FromMinutes(2))))
                {
                    cancellationTokenSource.Cancel();
                    MessageBox.Show("Timeout.");
                    return null;
                }

                return await signInTask;
            }
        }
        catch (MsalException msalEx)
        {
            Debug.WriteLine(msalEx);
            return null;
        }
    }
}

 

 

Spoiler
MSAL.NET implementation for .NET Core assume the platform doesn't have embedded web view. Because, MSAL.NET is for .NET Core 2.2 or earlier. Yes, it doesn't have any features to develop GUI applications.
So, in this sample app, I decided using system web browser.

After release .NET Core 3.0, I guess we will be able to use embedded web view options.

Run the app! So, the "Sign in" button is work.

 

clipboard_image_0.pngAccepting permissions page

After signed in, the user name is shown.

clipboard_image_0.png

We can get sign in feature, however we can't call APIs with 401 error yet.

clipboard_image_4.png

Need Authorization HTTP header, it can be add using a metadata argument of every gRPC service methods.

Define a method to create a Metadata instance:

 

private async Task<Metadata> CreateAuthMetadataAsync()
{
    var r = await AcquireTokenAsync();
    if (r == null)
    {
        return null;
    }

    return new Metadata
    {
        { "Authorization", $"Bearer {r.AccessToken}" },
    };
}

 

And add code to use it before call APIs like below:

 

private async void GetEmployeesButton_Click(object sender, RoutedEventArgs e)
{
    // Get and check accessToken
    var headers = await CreateAuthMetadataAsync();
    if (headers == null)
    {
        MessageBox.Show("Couldn't get accessToken.");
        return;
    }

    var r = await _client.GetEmployeesAsync(new Empty(), headers); // add headers argument
    _employees.Clear();
    foreach (var emp in r.Employees)
    {
        _employees.Add(emp);
    }
}

 

Add same code snippet to all location where call APIs.

After that, be able to call gRPC services from client app with access token. Of couse, not allowed users can't call APIs. For example: Users role user can't call API for Admins user.

 

Final step!! Add check role in client side feature. It is really easy with System.IdentityModel.Token.Jwt NuGet package.

Add the package to the client side app, it is really easy to use, just pass JWT access token to constructor of JwtSecurityToken class. After creating an instance, access claims by Claims property, like following:

 

var claims = new JwtSecurityToken(r.AccessToken);
var roleName = claims.Claims.FirstOrDefault(x => x.Type == "roles")?.Value ?? "Users"; // default is users role
textBlockSiginStatus.Text = $"Signed in: {r.Account.Username}(Role: {roleName})";

tabItemAddEmployee.IsEnabled = roleName == "Writer" || roleName == "Administrators";
IsInAdminsRole = roleName == "Administrators";

 

In this case, There is a role name at "roles" of type of Claim. In client side, we can control visible/colappse, enabled/disabled, etc...

 

Following picture is sign in as Users role:

clipboard_image_0.png

Disable a "Add employee" tab and "Delete" buttons.

 

Sign in as Writer role:

clipboard_image_1.png

Enable a "Add employee" tab, however "Delete" buttons are disabled.

 

Sign in as Administrators role:

clipboard_image_2.png

All features are available!

Wrap up

ASP.NET Core gRPC is a great RPC feature. It is type safe.

And it can use Authentication/Authorization feature of ASP.NET Core. It is easy to call from WPF on .NET Core.

 

I think combination to WPF on .NET Core and ASP.NET Core gRPC is an one of good choice for LOB apps.

 

The source code is on my GitHub repository:

https://github.com/runceel/gRPCSampleApps

 

Spoiler
Unfortunately, Azure App Service doesn't support to host gRPC Service yet.
Please check a following GitHub issue:
https://github.com/aspnet/AspNetCore/issues/9020

 

3 Comments
Occasional Visitor

gRPC reminds me of the old SOAP web services which I really liked better than WCF because of its simplicity.  GRPC seems really promising and could simplify inter-organization RPCs.

Occasional Visitor

In trying to replicate your example I realize that we have python and java clients.  Would it be possible for you to create a sample for a python or java client?  Nothing fancy, just text/console based to demonstrate that gRPC with Azure-auth could work across platforms.

 

Thanks.

Microsoft

@jod_651 Thank you for comments.

I can't take time for implementing client of other languages now.

However, I believe that other languages can be also did.

 

There are MSAL for python and Java. (Still preview)

https://github.com/AzureAD/microsoft-authentication-library-for-python

https://github.com/AzureAD/microsoft-authentication-library-for-java

 

I think you can get an access token using those libraries.

After that, you can call gRPC Service with the access token.

 

If I had a time, I would try it.