Use default-scopes for validation

Author: John Luo

src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp/.template.config/template.json

@@ -340,7 +340,7 @@
       "type": "parameter",
       "datatype": "string",
       "replaces": "api-scope",
-      "defaultValue": "user_impersonation",
+      "defaultValue": "access_as_user",
       "description": "The API scope the client needs to request to provision an access token. (use with IndividualB2C, SingleOrg)."
     },
     "TenantId": {

src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Server/Controllers/WeatherForecastController.cs

@@ -15,7 +15,7 @@
 using Microsoft.Graph;
 #endif
 using Microsoft.AspNetCore.Mvc;
-#if (OrganizationalAuth || (IndividualB2CAuth && !Hosted))
+#if (OrganizationalAuth || IndividualB2CAuth)
 using Microsoft.Identity.Web.Resource;
 #endif
 using Microsoft.Extensions.Logging;
@@ -38,7 +38,7 @@ public class WeatherForecastController : ControllerBase
         private readonly ILogger<WeatherForecastController> _logger;
 
         // The Web API will only accept tokens 1) for users, and 2) having the access_as_user scope for this API
-        static readonly string[] scopeRequiredByApi = new string[] { "access_as_user" };
+        static readonly string[] scopeRequiredByApi = new string[] { "api-scope" };
 
 #if (GenerateApi)
         private readonly IDownstreamWebApi _downstreamWebApi;
@@ -101,7 +101,7 @@ public WeatherForecastController(ILogger<WeatherForecastController> logger)
         [HttpGet]
         public IEnumerable<WeatherForecast> Get()
         {
-#if (OrganizationalAuth || (IndividualB2CAuth && !Hosted))
+#if (OrganizationalAuth || IndividualB2CAuth)
             HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
 
 #endif