This should not encourage people to put their ClientSecret on the appsettings.json file

microsoftgraph / aspnetcore-connect-sample

[ARCHIVED] This ASP.NET Core MVC sample shows how to connect to Microsoft Graph using delegated permissions and the Azure AD v2.0 (MSAL) endpoint.

MIT License

123 stars 96 forks source link

This should not encourage people to put their ClientSecret on the appsettings.json file #27

Closed migueldeicaza closed 6 years ago

migueldeicaza commented 6 years ago

Instead this should direct users to add the key to their user secrets, like this:

dotnet user-secrets set "AzureAd:ClientSecret" "123123123123"

mark-szabo commented 6 years ago

You are absolutely right, but that would add one extra step to run the sample. For a newbie this can be one more hard step. And as you can see we remind developers all the times to use certificates instead of secrets in production.