This sample shows how to build an ASP.NET Core 2.1 MVC web application that uses Azure AD for sign-in using the OpenID Connect protocol, reads from and writes to an Azure SQL Database, writes to a Queue in Azure Storage, and uses a Redis Cache.

Getting started is simple! To run this sample in Azure Government you will need:

• An Azure Active Directory (Azure AD) tenant in Azure Government. You must have an Azure Government subscription in order to have an AAD tenant in Azure Government. For more information on how to get an Azure AD tenant, please see How to get an Azure AD tenant
• A user account in your Azure AD tenant. This sample will not work with a Microsoft account, so if you signed in to the Azure Government portal with a Microsoft account and have never created a user account in your directory before, you need to do that now.

To run locally you will additionally need:

• Install .NET Core 2.1.0 or later.
• Install Visual Studio 2017 version 15.3 or later with the following workloads:
  • ASP.NET and web development
  • .NET Core cross-platform development

1. Sign in to the Azure Government portal.

2. On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.

3. Click on More Services in the left hand nav, and choose Azure Active Directory.

4. Click on App registrations and choose Add.

5. Enter a friendly name for the application, for example 'Inventory App' and select 'Web Application and/or Web API' as the Application Type. For the sign-on URL, enter a temporary placeholder - for example, https://mywebapp/signin-oidc.

   [!Note] We will change this URL later after creating the web application and deploying to Azure Government.

   Click on Create to create the application.

6. While still in the Azure portal, choose your application, click on Settings and choose Properties.

7. Find the Application ID value and copy it to the clipboard.

8. Find and save your Azure AD Domain name found at the top of the Overview Page under Azure Active Directory.

After clicking on the "Deploy to Azure Gov" button below, you will be prompted with a ARM deployment template in the portal. Fill in the values for your AAD client id and domain name with the values saved in step 7 and 8 in the previous section. Enter the name of your choice for the App plan name parameter, and click create.

1. After your resources have finished deploying, navigate to the web app and copy the url.
2. In the Azure Government portal navigate to Azure Active Directory and click on App Registrations. Click on the App that you have registered for this sample and navigate to Settings -> Reply URLs.
3. Edit the Reply url to be "/signin-oidc".

From your shell or command line:

`git clone https://github.com/Azure-Samples/azure-gov-paas-sample.git

The project in this sample needs to be registered in your Azure AD tenant.

1. Sign in to the Azure Government portal.

2. On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.

3. Click on More Services in the left hand nav, and choose Azure Active Directory.

4. Click on App registrations and choose Add.

5. Enter a friendly name for the application, for example 'Inventory App' and select 'Web Application and/or Web API' as the Application Type. For the sign-on URL, enter the base URL for the sample, which is by default http://localhost:57062/signin-oidc.

   [!Note] We will change this URL later after creating the web application and deploying to Azure Government.

   Click on Create to create the application.

6. While still in the Azure portal, choose your application, click on Settings and choose Properties.

7. Find the Application ID value and copy it to the clipboard.

8. For the App ID URI, enter https://<your_tenant_name>/InventoryApp, replacing <your_tenant_name> with the name of your Azure AD tenant.

The only variation when setting up AAD Authorization on the Azure Government cloud is in the AAD Instance:

• "https://login.microsoftonline.us"

1. Open the solution in Visual Studio 2017.
2. Open the appsettings.json file.
3. Find the Authentication section. We will be filling out the properties with your AAD tenant information.
4. Find the ClientId property and replace the value with the Client ID for the InventoryApp from the Azure Government portal. We can find the Client ID by navigating to AAD -> App Registrations -> InventoryApp -> Application ID.
5. Find the TenantId property and replace the value with the Tenant ID for the InventoryApp from the Azure Government portal. We can find the Tenant ID by navigating to AAD -> Properties -> Directory Id.
6. Find the Domain property and replace the value with ".onmicrosoft.com".
7. Open the startup.cs file.
8. The services.AddAuthentication method is where the AAD authentication is added.

The only variation lies in the endpoint suffix when connecting to your Azure SQL Database:

• "database.usgovcloudapi.net"

1. Navigate to the Azure Government Portal and create an Azure SQL Server and Database. Make sure you save your server admin and password.
2. Now we must create the table that the application will write to. In this project find the "ProductTable.sql" file and run the query on your Azure SQL Database (using a SQL Server tool such as SQL Server Management Studio).
3. Open the appsettings.json file and navigate to the Connection Strings section.
4. Find the DefaultConnection property and replace the value with your Azure SQL Server connection string. In order to get the connection string, go to the Portal and navigate to your SQL Database -> connection strings. Grab the "primary" connection string and replace the User Id and Pasword properties with your server admin and password.

The only variation lies in the endpoint suffix when connecting to your Azure Government storage account.

• "core.usgovcloudapi.net"

1. Navigate to the Azure Government Portal and create an Azure Storage account. Once your storage account has been provisioned navigate to the Access Keys section on Storage Accounts and copy the access Key. Go back to your Storage Account in the portal and add a queue.

2. Open up the appsettings.json file and navigate to the Storage section. Fill out the AccountName property with the name of your storage account.

3. Fill out the AccountKey property with the name of the access Key for your storage account, which can be accessed through the portal.

4. Open up the Startup.cs file, and navigate to the ConfigureServices method. Here you can see that Azure storage was configured and connected to the application.

5. Open up the ProductsController.cs file. Navigate to the Restock method. Replace the <nameofQueue> tag with the name of your queue.

The only variation lies in the endpoint suffix when connecting to your Redis Cache in Azure Government.

• "redis.cache.usgovcloudapi.net"

1. Navigate to the Azure Government Portal, Click on the "New" button and type in "Redis Cache". Click "create" to provision your redis cache.
2. Click on your redis cache and navigate to the "Access Keys" section. Copy your Primary Connection String.
3. Open up the Appsettings.json file. Navigate to the ConnectionStrings section and replace the value for RedisConnection with your primary connection string.
4. Open up the ProductsController.cs file and navigate to the Restock and RestockList methods. The Restock method is writing the names of the items that need restocking to the cache, and the RestockList method is retrieving the stored names from the cache and displaying them.

Once you have gone through all of the steps above, you are ready to run your sample.

1. Navigate to the Azure Government portal and click on "Azure Active Directory" -> "App Registrations -> InventoryApp -> Reply URLS. Make sure the reply url is "http://localhost:57062/signin-oidc".
2. Run the sample on Visual Studio, and you should see the Microsoft login page appear. Make sure to login with the credentials for the tenant that you registered the app with.
3. After logging in, you should see the InventoryApp main page. You should be able to create, edit, and delete items.
4. If an item has the quantity of 0, the item will be written to your queue. You can see that this was done succesfully by using the Azure Storage Explorer or looking at your queue through the portal.
5. The items with quantity 0 are also written to the redis cache, and when you click on the "Products to Restock" button the items will be read from the cache and displayed on the page.