Questions tagged [azure-active-directory]

1

votes
3

answer
255

Views

Can I use Azure AD/Azure AD B2B/Azure AD B2C in this scenario?

We have several asp.net applications, each has its own users tables and databases. Each application does is own login/reset password etc. Our users are from different companies, so a user is an employee from that company. Now we want to use a central identity provider and let it do all the authenti...
martial
1

votes
1

answer
311

Views

How do I authenticate a user against an Azure storage blob in python?

I'm looking for a way to authenticate a user against an Azure blob container. The sample code (yep, newbie alert) works just fine, using an access key for the storage account, but that feels uncomfortably like giving away full control of the entire storage account to anyone who steals the credential...
zaump
1

votes
1

answer
50

Views

403 forbidden when retrieve all users from Azure AD using Graph API

I get a 403 Forbidden response from Azure AD when trying to get all users using the Graph API: public static async Task AppAuthenticationAsync() { var tenant = ConfigurationManager.AppSettings['ida:TenantId']; var resource = 'https://graph.microsoft.com/'; var clientID = ConfigurationManager.AppSett...
User5590
1

votes
1

answer
65

Views

Accessing MS Graph API with directly obtained token issue

My project is based on this on-behalf-of-flow example. In my web api I have a non-restricted by [Authorize] method which receives login and password. I also have a restricted method which gets some info from MS Graph API: [HttpGet] [Authorize] [Route('[action]')] public async Task Info() { string re...
amplifier
1

votes
1

answer
77

Views

Bearer token is not valid when calling the graph API

I would like to see full information on my users in the AD (users in groups, etc...) I already have an application that signs in to AD and then I get a bearer token that has access to my azure blockchain workbench API and everything works fine. The workbench API has a users endpoint but the informat...
Contentop
1

votes
1

answer
24

Views

Can Azure change a users OID?

we are going to be storing users information in Cosmos. Storing their information against their email address is not an option. Instead, we are looking at storing against OID. Can Azure change a users OID?
Albert
1

votes
1

answer
68

Views

Azure service to query Azure Active Directory

Suggest any azure service which can connect customer azure active directory can query customer azure active directory keep my application azure active directory in sync with any future change (add/remove user) on customer azure active directory ?
thiru
1

votes
1

answer
73

Views

Integrate Azure Multi-Factor-Authentication in website to authenticate its users

I have a website (built in PHP), OS of web-server is Linux (Ubuntu) from AWS EC2, I want to integrate Azure MFA in website to authenticate users using 2FA (2 factor authentication), I checked this code using Node JS https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect It is a...
Herry Shawn
1

votes
1

answer
64

Views

Microsoft Graph and access without a user

I'm trying to upload and download files in my sharepoint online using a background task (daemon) that runs frequently in my ASP.NET Core app. Because it's a background task, no user identity is used. Instead, I tried to follow this document, getting an access token using the https://graph.microsof...
Los Morales
1

votes
1

answer
17

Views

What next after purchasing Microsoft 365?

My boss purchased Microsoft 365 which came in three products. He now challenged me to design a management system, like an employee self-service portal. I am hereby looking for advice on where to start or which product to use, since I am new to this. I have tried a bit of research and I came across t...
Seyyid Said
0

votes
1

answer
7

Views

validating the issuer - token has issuer https://login.microsoftonline.com/Xv2.0 but sample implies i should validate using https://sts.windows.net/X

I'm trying to follow the example validation code in https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapi-manual-jwt-validation/ (REALLY the code in https://github.com/Azure-Samples/active-directory-dotnet-webapi-manual-jwt-validation/blob/master/TodoListService-ManualJ...
Lewis Pringle
1

votes
2

answer
2.8k

Views

What is the difference between IAM and Azure AD on the azure cloud?

What is the difference between IAM and Azure AD on the azure cloud? They don't make it clear.
arcom
0

votes
0

answer
7

Views

.NET MVC Application - Azure Active Directory - Redirecting to LocalHost

I have a .NET MVC applicatoin and I am trying to use Azure AD Authentication. I create a new project and chose 'Work or School Accounts' Cloud - Single Organiszation At no time does it ask me for a redirect URL I then click okay and it creates the solution (as well as registering it at Azure AD). P...
Always Learning
1

votes
2

answer
82

Views

AADSTS50011 - The reply url specified in the request does not match the reply urls configured for the application

I'm getting this error while trying to use OpenID to login from my mobile app. I'm using React Native App Auth (https://github.com/FormidableLabs/react-native-app-auth#azure-active-directory) to authenticate my app to AAD. The same setup is already working with Okta and Google OpenID providers. Thes...
gmlion
1

votes
1

answer
562

Views

Calling a secured REST api from Javascript without user login screen

How would you call the secured REST api from the Javascript script application that doesn't have the login? I have a Javascript application (React) that doesn't have a user login. It needs to call some REST api services that uses Oauth (Azure Ad - WindowsAzureActiveDirectoryBearerAuthentication)....
Michael Sync
1

votes
0

answer
119

Views

Outlook notification subscription using Azure Webhook Domain Not Found

I am working on Creating a push notification for inbox messages to be sent to my azure webhook. I have been following the documentation as a reference. Till now I have been able to create and register my app using the Azure app registration. I got the client_id and client_secret accordingly. Shared...
gkb
1

votes
1

answer
770

Views

Azure AD Cannot hit login.microsoftonline.com/{tenantId}

I am trying to create authentication for my App via Azure Active Directory but have had little luck. I created a new Azure Active Directory instance in portal.azure.com and copied the 'Directory ID' (Click on Azure Active Directory and then properties) and still cannot authenticate. I am trying to u...
Bob
1

votes
1

answer
278

Views

Azure access token always returns 401

I have obtained an access token from https://login.microsoftonline.com/tenentid/oauth2/token - using the grant_type=client_credentials Now, when I try to get the embedded token from https://api.powerbi.com/v1.0/myorg/groups/gid/reports/rid/GenerateToken it always returns 401 unauthorized. Does anyon...
Sandeep Dhankhar
1

votes
1

answer
30

Views

Using Azure AD without codebehind

I am learning Windows Identity Foundation and trying to understand authentication via Azure AD using the web.config as described here, but I can not understand, where to find issuer and realm for my application on Azure Portal. Can anybody describe me where is it?
Mixim
1

votes
0

answer
30

Views

Authentication Mechanisms in Terminal Servers

I am working on a legacy application wherein I have to implement authentication mechanism in VDI & Terminal Servers using Azure AD for different types of users (guest, member). I could not find any resources on Azure blogs regarding AAD B2B for VDI and Terminal Servers. Is there any tutorial on appr...
david nadal
1

votes
0

answer
551

Views

Connecting OneLogin to Azure Ad

I am trying to connect One Login to office 365 in order to control the users of Azure from One Login. The idea it is that One Login would be the source of trouth and would sync with azure ad. I did the steps on the tutorial to connect to Office 365 described here But I still get the errors When tryi...
1

votes
0

answer
66

Views

Call multiple ClaimsEndpoint using Azure AD B2C custom policies

I am using B2C custom policies, to get a third party token and then creating an Azure AD B2C token with that, which contains the claims of the third party. I am using ClaimsEndpoint in the Technical Profile in the policy. The problem I am facing is, that I need multiple claims, and I can't obtain a...
V. G.
1

votes
1

answer
317

Views

Json type claim in Azure AD B2C custom policies

I am using Azure AD B2C custom policies to get claims from a third party and map it to the claims which are returned in the Azure AD B2C token. If the third party returns claims in the form of string, my User journey in the policy works fine. My problem is that the third party is returning the clai...
V. G.
1

votes
1

answer
497

Views

Getting Spring Boot Security Working with Azure AD

Currently trying to get Azure AD integrated with a Spring Boot application I'm working on. I'm utilizing the azure-active-directory-spring-boot-starter package, and following the example laid out in the official documentation on Microsoft's website. However, when following the example, I'm receiving...
ReservedDeveloper
1

votes
1

answer
73

Views

how to register users to mongodb after open id connect authentication?

I have a backend API written in nodejs(authorization with oAuth2) using azure-passport-ad, my frontend angular 5(openId connect), and I`m using Azure AD for authentication, the thing is that our users will have two roles 'student', 'admin', how can I make that difference of roles, does the token ret...
Otto Cheley
1

votes
2

answer
518

Views

Azure AD - get user's profile photo, OAUTH access failure

I'm trying to access the signed in user's Profile Photo in the context of an email app which uses EWS to connect to Office 365. The app is registered on portal.azure.com with the following required permissions: Office 365 Exchange Online -> Access mailboxes as the signed-in user via Exchange Web Ser...
Kostya Vasilyev
1

votes
1

answer
482

Views

Asp.Net Core Azure AD V1.0 JWT Authentication Invalid Signature

I have to make an ASP.NET Core 2.0 Web API application which uses the resources of Microsoft Graph. I tried to make the app use JWT authentication with the following properties: Audience: 'CLIENT_ID'; Authority: 'https://login.microsoftonline.com/TENANT_ID' The idea here is that I have a SPA app whi...
Abraxas
1

votes
2

answer
208

Views

OAuth token state and invalidate

Given I have acquired an OAuth2 token from https://login.windows.net/{tenant-id}/oauth2/token using the password grant type, is their a REST API to get the status of that token invalidate the token (logout) I will be using this token to access Power BI REST APIs
Johno
1

votes
1

answer
312

Views

Xamarin.Forms Azure Mobile App Services Offline Sync without hosting Web Api on Azure

At the moment I have an app that uses Azure Mobile App Services to manage offline sync as well as authentiation. Authentication is done with Azure Active Directory and the way that I have it setup is that the web api is published as an app service on azure and it is configured as an app in the Activ...
Rafael Colon
1

votes
1

answer
494

Views

How to log in using Azure Active Directory

I am using: https://github.com/thephpleague/oauth2-client and https://github.com/TheNetworg/oauth2-azure to allow users to register/login using their MS accounts. I have the first bit working: Users click the login with MS button. Request is then sent and received for auth code. Request is then sent...
Mick
1

votes
1

answer
98

Views

Error “Unable to retrieve tenant service info” from Microsoft Graph

We use the Microsoft Graph .NET SDK to authenticate users who use O365 and to work with the users' files and folders in OneDrive and SharePoint. Today, some of our users started receiving this error message: 'Unable to retrieve tenant service info'. The error code is: 'BadRequest', which doesn't see...
DinhNguyen92
1

votes
1

answer
273

Views

How to resolve Multi Factor authentication for AAD in Selenium test in CI

I am trying to integrate Selenium tests to CI. The problem I am facing is all the users (even test user) is protected by Multi-factor authentication and when I will run test cases on the server with each login there will a prompt user for the Multi factor. We are running selenium test cases on SPA u...
Ramesh Chandra
1

votes
2

answer
61

Views

Deleting VSTS User From Active Directory

Microsoft Docs has substantive info on adding users to VSTS via Active Directory, but I'm not finding specific info on what happens when you delete a VSTS user from AD, or what ripple effects take place when you delete them from VSTS itself. MSFT says removing them from AD may make them still appear...
VSTSNOOB
1

votes
1

answer
253

Views

Which IUser to Use in AcquireTokenSilentAsync in MSAL

I'm asking this question in the context of a mobile (Xamarin) app using Azure AD B2C. The tl;dr; of this is: Should I always use the IUser obtained from the “sign-in / sign-up” policy when invoking PublicClientApplication.AcquireTokenSilentAsync? Now let me explain a scenario a bit. A user trie...
Matt Soucoup
1

votes
1

answer
306

Views

Visual Studio 2017 WebTest authenticate Azure Web App with Azure Active Directory (AAD)

I have an Azure Web App that uses Azure Active Directory to authenticate. I want to create a webtest that logs in and then performs some actions (testing pages basically). What's the 'correct' way to achieve this? After I record the test, when executing it again it doesn't authenticate correctly. If...
Christian Rodriguez
1

votes
1

answer
263

Views

Azure Multi Tenant App Registration: What happens when I add an “Admin Consent” required permission

We've created a Multi Tenant Azure Application Which is registered by several other tenants, with a set of permissions to which an admin already gave consent. Now we want to add some more permissions which require 'Admin consent' My question is what will happen? I would expect, the application will...
Derk Van Lochem
1

votes
0

answer
87

Views

setting MSI for hdinsight VMs inside Vnet

How can i set MSI for HDInsight linux VMs provisioned using ARM template or powershell New-AzureRmHDInsightCluster. I need the cluster to communicate with Azure services that support AD authentication.
Vijay Veera
1

votes
1

answer
410

Views

Asp.net Core Identity - Azure Authentication Middleware

Is there a package for authenticating with Azure AD, for Asp.net Core? For example, the following Authentication packages exist, when querying Nuget: Microsoft.AspNetCore.Authentication.Facebook Microsoft.AspNetCore.Authentication.Twitter Microsoft.AspNetCore.Authentication.Google Microsoft.AspNetCo...
contactmatt
1

votes
1

answer
316

Views

Joining existing windows servers in the AD Azure domain

We did AD on premise synchronization with AD Azure. Now we are thinking of disabling (kill the server and all users log into desktops with their respective accounts in office 365) AD On premises, staying with AD only in the cloud, and inserting other servers only in AD Azure. Can we do this step? O...
Erick Oliveira
1

votes
0

answer
57

Views

How to setup the Azure Active Directory autentication to a single page

I'm using OWIN combined with Azure Active Directory App Registration as my authentication method on my MVC Web App as below to restrict the login user within a single domain. This part is functioning well. public partial class Startup { private static string clientId = ConfigurationManager.AppSettin...
Kyle

View additional questions