| title | description | author | ms:date | pnp.series.title | pnp.series.prev | pnp.series.next |
|---|---|---|---|---|---|---|
About the Tailspin Surveys application |
Tailspin Surveys application overview |
MikeWasson |
07/21/2017 |
Manage Identity in Multitenant Applications |
index |
authenticate |
Sample codeTailspin is a fictitious company that is developing a SaaS application named Surveys. This application enables organizations to create and publish online surveys.
- An organization can sign up for the application.
- After the organization is signed up, users can sign into the application with their organizational credentials.
- Users can create, edit, and publish surveys.
Note
To get started with the application, see Run the Surveys application.
An authenticated user can view all the surveys that he or she has created or has contributor rights to, and create new surveys. Notice that the user is signed in with his organizational identity, [email protected].
This screenshot shows the Edit Survey page:
Users can also view any surveys created by other users within the same tenant.
When a user creates a survey, he or she can invite other people to be contributors on the survey. Contributors can edit the survey, but cannot delete or publish it.
A user can add contributors from other tenants, which enables cross-tenant sharing of resources. In this screenshot, Bob ([email protected]) is adding Alice ([email protected]) as a contributor to a survey that Bob created.
When Alice logs in, she sees the survey listed under "Surveys I can contribute to".
Note that Alice signs into her own tenant, not as a guest of the Contoso tenant. Alice has contributor permissions only for that survey — she cannot view other surveys from the Contoso tenant.
The Surveys application consists of a web front end and a web API backend. Both are implemented using ASP.NET Core.
The web application uses Azure Active Directory (Azure AD) to authenticate users. The web application also calls Azure AD to get OAuth 2 access tokens for the Web API. Access tokens are cached in Azure Redis Cache. The cache enables multiple instances to share the same token cache (e.g., in a server farm).
