The Tailspin scenario

Azure Active Directory

Sample code

Tailspin is a fictional company that is developing a SaaS application named Surveys. This application enables organizations to create and publish online surveys.

  • An organization can sign up for the application.
  • After the organization is signed up, users can sign into the application with their organizational credentials.
  • Users can create, edit, and publish surveys.


To get started with the application, see the GitHub readme.

Users can create, edit, and view surveys

Authenticated users can view surveys that they created or have contributor rights to. They can create new surveys. Notice that the user is signed in with an organizational identity,

Surveys app

This screenshot shows the Edit Survey page:

Edit survey

Users can also view any surveys created by other users within the same tenant.

Tenant surveys

Survey owners can invite contributors

When a user creates a survey, he or she can invite other people to be contributors on the survey. Contributors can edit the survey, but can't delete or publish it.

Add contributor

A user can add contributors from other tenants. Adding contributors enables cross-tenant sharing of resources. In this screenshot, Bob ( is adding Alice ( as a contributor to a survey that Bob created.

When Alice logs in, she sees the survey listed under "Surveys I can contribute to".

Survey contributor

Alice signs into her own tenant, not as a guest of the Contoso tenant. Alice has contributor permissions only for that survey. She can't view other surveys from the Contoso tenant.


The Surveys application consists of a web front end and a web API backend. Both are implemented using ASP.NET Core.

The web application uses Azure Active Directory (Azure AD) to authenticate users. The web application also calls Azure AD to get OAuth 2 access tokens for the Web API. Access tokens are cached in Azure Cache for Redis. The cache enables multiple instances to share the same token cache (for example, in a server farm).

Architectural diagram showing the web front end and web API backend for the Surveys app.

The diagram shows components in boxes, interacting with other components via two-way arrows. The Surveys web application authenticates with Azure AD to get access tokens for the web API, and caches the tokens in the Azure Cache for Redis access token cache.