ehtick · pull · Jul 1, 2025 · Jul 1, 2025
diff --git a/Areas/Help/Pages/ActAs.cshtml b/Areas/Help/Pages/ActAs.cshtml
@@ -0,0 +1,31 @@
+@page
+@model woodgrovedemo.Help.Pages.GithubWorkflowsModel
+@{
+    ViewData["Title"] = "Act as";
+    Layout = "_Layout";
+}
+
+<h1 style="margin-top: 25px; margin-bottom: 25px;">Act as flow</h1>
+
+<div>
+    <ol>
+        <li>The "act as" demonstration involves two main steps. Initially, the user is required to sign in. Upon
+            successful authentication, the demo proceeds to the next step.
+        </li>
+        <li>In the second step, the user is directed to <code>/SignIn?handler=ActAs&id={username}</code>, where the selected user's
+            ID is temporarily stored in a database. Subsequently, it redirects the user to the Microsoft Entra External
+            ID sign-in page.
+        </li>
+        <li>Typically, since the user has an active session, no additional sign-in prompt appears; however, a <b>new</b>
+            security token is issued to the Woodgrove Groceries application.
+        </li>
+        <li>Before issuing this token, Microsoft Entra External ID, through a custom authentication extension, invokes a
+            web API.
+        </li>
+        <li>The custom authentication extension web API retrieves the user ID (associated with the user who runs the demo) from the database
+            and returns it to Microsoft Entra External ID.</li>
+        <li>Finally, Microsoft Entra External ID then issues a security token to the Woodgrove Groceries application, which includes
+            the "act as" claim, allowing the application to act on behalf of the user.</li>
+        <li>Check the <a href="/token" class="link-dark link-offset-2">token</a> for the "act as" claim.</li>
+    </ol>
+</div>
diff --git a/Areas/Help/Pages/ActAs.cshtml.cs b/Areas/Help/Pages/ActAs.cshtml.cs
@@ -0,0 +1,25 @@
+using Microsoft.ApplicationInsights;
+using Microsoft.ApplicationInsights.DataContracts;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace woodgrovedemo.Help.Pages
+{
+    public class ActAsModel : PageModel
+    {
+        private TelemetryClient _telemetry;
+        public ActAsModel(TelemetryClient telemetry)
+        {
+            _telemetry = telemetry;
+        }
+
+        public void OnGet()
+        {
+            PageViewTelemetry pageView = new PageViewTelemetry("ActAsModel");
+
+            // Type of the page
+            pageView.Properties.Add("Area", "Help");
+            _telemetry.TrackPageView(pageView);
+        }
+    }
+}
diff --git a/Controllers/Identity/SignInController.cs b/Controllers/Identity/SignInController.cs
@@ -55,9 +55,9 @@ public async Task<IActionResult> OnGetDefault(string handler, string? id = null)
         }
 
         // If the demo is type of "act as", call the StartActAsAsync method.
-        if (demo.ID == "ActAs")
+        if (demo.ID.ToLower() == "actas")
         {
-            await StartActAsAsync(handler);
+            await StartActAsAsync();
         }
 
         ChallengeResult challengeResult = new ChallengeResult(
@@ -102,8 +102,11 @@ public async Task<IActionResult> OnGetDefault(string handler, string? id = null)
         return challengeResult;
     }
 
-    private async Task StartActAsAsync(string id)
+    private async Task StartActAsAsync()
     {
+        // Get the user ID from the query string.
+        string id = HttpContext.Request.Query["id"].ToString();
+
         // Input validation 
         if (id.Length > 20)
         {
@@ -128,13 +131,15 @@ private async Task StartActAsAsync(string id)
             // Get an access token to call the "Account" API (the first API in line)
             accessToken = await _authorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(scopes);
         }
-        catch (MicrosoftIdentityWebChallengeUserException)
+        catch (MicrosoftIdentityWebChallengeUserException ex)
         {
-            // TBD
+            // Try to get the inner exception. If it's null, use the outer exception message.
+            var error = ex.InnerException ?? ex;
+            AppInsights.TrackException(_telemetry, error, "StartActAsAsync");
         }
-        catch (System.Exception)
+        catch (System.Exception ex)
         {
-            // TBD
+            AppInsights.TrackException(_telemetry, ex, "StartActAsAsync");
         }
 
 
@@ -157,9 +162,9 @@ private async Task StartActAsAsync(string id)
                 //string responseString = await responseMessage.Content.ReadAsStringAsync();
             }
         }
-        catch (System.Exception)
+        catch (System.Exception ex)
         {
-            // TBD
+            AppInsights.TrackException(_telemetry, ex, "StartActAsAsync");
         }
     }
 }
diff --git a/Models/Demos/DemoDataList.cs b/Models/Demos/DemoDataList.cs
@@ -768,6 +768,14 @@ In this demo only selected users (Woodgrove partners) can sign-in to the <b>Wood
             ConfigHelpUrl = "/help/AssignmentRequired"
         });
 
+        Demos.Add(new DemoData
+        {
+            ID = "ActAsIntro",
+            Title = "This record is the first step of the 'ActAs' demo for unauthenticated users.",
+            Content = "",
+            ServerSideOnly = true,
+            PostSignInRedirectUri = "/#usecase=ActAs"
+        });
 
         Demos.Add(new DemoData
         {
@@ -798,11 +806,11 @@ Another example is helpdesk personnel (the agent) performing actions on behalf o
                     <li class='unauth'>Sign-up or sign-in with your email, or a social account.</li>
                     <li class='unauth'>After you sign-in, run this use case again.</li>
                 </ol>",
-            ActionUrl = "/SignIn?handler=default",
-            AuthorizedActionUrl = "/SignIn?handler=ActAs&id=Dave",
-            PostSignInRedirectUri = "/Token",
+            ActionUrl = "/SignIn?handler=ActAsIntro", // For unauthenticated users, this is the URL to start the ActAs demo
+            AuthorizedActionUrl = "/SignIn?handler=ActAs&id=Dave", // If the user is already signed in, this is the URL to start the ActAs demo
+            PostSignInRedirectUri = "/Token", //If the user is aready signed in, redirect to the token page
             Reauth = false,
-            ConfigHelpUrl = ""
+            ConfigHelpUrl = "/help/ActAs"
         });
 
         Demos.Add(new DemoData