Small example of a two tiers application with a FrontEnd application that calls a backend Api application. Both coded with Asp.Net Core 2.0 and secured with the same Azure Ad tenant (directory)
I read your blog post: Azure AD, Scope-based authorization which lead me to this example but I don't see the use of scopes in this example. Am I missing it?
[Authorize][Route("api/[controller]")]publicclassHelloController:Controller{[HttpGet]publicstringGet(){return"Hello from API";}}