Questions tagged [azure-active-directory]

1

votes
1

answer
562

Views

Calling a secured REST api from Javascript without user login screen

How would you call the secured REST api from the Javascript script application that doesn't have the login? I have a Javascript application (React) that doesn't have a user login. It needs to call some REST api services that uses Oauth (Azure Ad - WindowsAzureActiveDirectoryBearerAuthentication)....
Michael Sync
1

votes
0

answer
119

Views

Outlook notification subscription using Azure Webhook Domain Not Found

I am working on Creating a push notification for inbox messages to be sent to my azure webhook. I have been following the documentation as a reference. Till now I have been able to create and register my app using the Azure app registration. I got the client_id and client_secret accordingly. Shared...
gkb
1

votes
1

answer
770

Views

Azure AD Cannot hit login.microsoftonline.com/{tenantId}

I am trying to create authentication for my App via Azure Active Directory but have had little luck. I created a new Azure Active Directory instance in portal.azure.com and copied the 'Directory ID' (Click on Azure Active Directory and then properties) and still cannot authenticate. I am trying to u...
Bob
1

votes
1

answer
278

Views

Azure access token always returns 401

I have obtained an access token from https://login.microsoftonline.com/tenentid/oauth2/token - using the grant_type=client_credentials Now, when I try to get the embedded token from https://api.powerbi.com/v1.0/myorg/groups/gid/reports/rid/GenerateToken it always returns 401 unauthorized. Does anyon...
Sandeep Dhankhar
1

votes
1

answer
30

Views

Using Azure AD without codebehind

I am learning Windows Identity Foundation and trying to understand authentication via Azure AD using the web.config as described here, but I can not understand, where to find issuer and realm for my application on Azure Portal. Can anybody describe me where is it?
Mixim
1

votes
0

answer
30

Views

Authentication Mechanisms in Terminal Servers

I am working on a legacy application wherein I have to implement authentication mechanism in VDI & Terminal Servers using Azure AD for different types of users (guest, member). I could not find any resources on Azure blogs regarding AAD B2B for VDI and Terminal Servers. Is there any tutorial on appr...
david nadal
1

votes
0

answer
551

Views

Connecting OneLogin to Azure Ad

I am trying to connect One Login to office 365 in order to control the users of Azure from One Login. The idea it is that One Login would be the source of trouth and would sync with azure ad. I did the steps on the tutorial to connect to Office 365 described here But I still get the errors When tryi...
1

votes
0

answer
66

Views

Call multiple ClaimsEndpoint using Azure AD B2C custom policies

I am using B2C custom policies, to get a third party token and then creating an Azure AD B2C token with that, which contains the claims of the third party. I am using ClaimsEndpoint in the Technical Profile in the policy. The problem I am facing is, that I need multiple claims, and I can't obtain a...
V. G.
1

votes
1

answer
317

Views

Json type claim in Azure AD B2C custom policies

I am using Azure AD B2C custom policies to get claims from a third party and map it to the claims which are returned in the Azure AD B2C token. If the third party returns claims in the form of string, my User journey in the policy works fine. My problem is that the third party is returning the clai...
V. G.
1

votes
1

answer
497

Views

Getting Spring Boot Security Working with Azure AD

Currently trying to get Azure AD integrated with a Spring Boot application I'm working on. I'm utilizing the azure-active-directory-spring-boot-starter package, and following the example laid out in the official documentation on Microsoft's website. However, when following the example, I'm receiving...
ReservedDeveloper
1

votes
1

answer
73

Views

how to register users to mongodb after open id connect authentication?

I have a backend API written in nodejs(authorization with oAuth2) using azure-passport-ad, my frontend angular 5(openId connect), and I`m using Azure AD for authentication, the thing is that our users will have two roles 'student', 'admin', how can I make that difference of roles, does the token ret...
Otto Cheley
1

votes
2

answer
518

Views

Azure AD - get user's profile photo, OAUTH access failure

I'm trying to access the signed in user's Profile Photo in the context of an email app which uses EWS to connect to Office 365. The app is registered on portal.azure.com with the following required permissions: Office 365 Exchange Online -> Access mailboxes as the signed-in user via Exchange Web Ser...
Kostya Vasilyev
1

votes
1

answer
482

Views

Asp.Net Core Azure AD V1.0 JWT Authentication Invalid Signature

I have to make an ASP.NET Core 2.0 Web API application which uses the resources of Microsoft Graph. I tried to make the app use JWT authentication with the following properties: Audience: 'CLIENT_ID'; Authority: 'https://login.microsoftonline.com/TENANT_ID' The idea here is that I have a SPA app whi...
Abraxas
1

votes
2

answer
208

Views

OAuth token state and invalidate

Given I have acquired an OAuth2 token from https://login.windows.net/{tenant-id}/oauth2/token using the password grant type, is their a REST API to get the status of that token invalidate the token (logout) I will be using this token to access Power BI REST APIs
Johno
1

votes
1

answer
312

Views

Xamarin.Forms Azure Mobile App Services Offline Sync without hosting Web Api on Azure

At the moment I have an app that uses Azure Mobile App Services to manage offline sync as well as authentiation. Authentication is done with Azure Active Directory and the way that I have it setup is that the web api is published as an app service on azure and it is configured as an app in the Activ...
Rafael Colon
1

votes
1

answer
494

Views

How to log in using Azure Active Directory

I am using: https://github.com/thephpleague/oauth2-client and https://github.com/TheNetworg/oauth2-azure to allow users to register/login using their MS accounts. I have the first bit working: Users click the login with MS button. Request is then sent and received for auth code. Request is then sent...
Mick
1

votes
1

answer
98

Views

Error “Unable to retrieve tenant service info” from Microsoft Graph

We use the Microsoft Graph .NET SDK to authenticate users who use O365 and to work with the users' files and folders in OneDrive and SharePoint. Today, some of our users started receiving this error message: 'Unable to retrieve tenant service info'. The error code is: 'BadRequest', which doesn't see...
DinhNguyen92
1

votes
1

answer
273

Views

How to resolve Multi Factor authentication for AAD in Selenium test in CI

I am trying to integrate Selenium tests to CI. The problem I am facing is all the users (even test user) is protected by Multi-factor authentication and when I will run test cases on the server with each login there will a prompt user for the Multi factor. We are running selenium test cases on SPA u...
Ramesh Chandra
1

votes
2

answer
61

Views

Deleting VSTS User From Active Directory

Microsoft Docs has substantive info on adding users to VSTS via Active Directory, but I'm not finding specific info on what happens when you delete a VSTS user from AD, or what ripple effects take place when you delete them from VSTS itself. MSFT says removing them from AD may make them still appear...
VSTSNOOB
1

votes
1

answer
253

Views

Which IUser to Use in AcquireTokenSilentAsync in MSAL

I'm asking this question in the context of a mobile (Xamarin) app using Azure AD B2C. The tl;dr; of this is: Should I always use the IUser obtained from the “sign-in / sign-up” policy when invoking PublicClientApplication.AcquireTokenSilentAsync? Now let me explain a scenario a bit. A user trie...
Matt Soucoup
1

votes
1

answer
306

Views

Visual Studio 2017 WebTest authenticate Azure Web App with Azure Active Directory (AAD)

I have an Azure Web App that uses Azure Active Directory to authenticate. I want to create a webtest that logs in and then performs some actions (testing pages basically). What's the 'correct' way to achieve this? After I record the test, when executing it again it doesn't authenticate correctly. If...
Christian Rodriguez
1

votes
1

answer
263

Views

Azure Multi Tenant App Registration: What happens when I add an “Admin Consent” required permission

We've created a Multi Tenant Azure Application Which is registered by several other tenants, with a set of permissions to which an admin already gave consent. Now we want to add some more permissions which require 'Admin consent' My question is what will happen? I would expect, the application will...
Derk Van Lochem
1

votes
0

answer
87

Views

setting MSI for hdinsight VMs inside Vnet

How can i set MSI for HDInsight linux VMs provisioned using ARM template or powershell New-AzureRmHDInsightCluster. I need the cluster to communicate with Azure services that support AD authentication.
Vijay Veera
1

votes
1

answer
410

Views

Asp.net Core Identity - Azure Authentication Middleware

Is there a package for authenticating with Azure AD, for Asp.net Core? For example, the following Authentication packages exist, when querying Nuget: Microsoft.AspNetCore.Authentication.Facebook Microsoft.AspNetCore.Authentication.Twitter Microsoft.AspNetCore.Authentication.Google Microsoft.AspNetCo...
contactmatt
1

votes
1

answer
316

Views

Joining existing windows servers in the AD Azure domain

We did AD on premise synchronization with AD Azure. Now we are thinking of disabling (kill the server and all users log into desktops with their respective accounts in office 365) AD On premises, staying with AD only in the cloud, and inserting other servers only in AD Azure. Can we do this step? O...
Erick Oliveira
1

votes
0

answer
57

Views

How to setup the Azure Active Directory autentication to a single page

I'm using OWIN combined with Azure Active Directory App Registration as my authentication method on my MVC Web App as below to restrict the login user within a single domain. This part is functioning well. public partial class Startup { private static string clientId = ConfigurationManager.AppSettin...
Kyle
1

votes
0

answer
176

Views

Issue with acquireTokenSilentAsync : Refresh Token

I want to use the Azure Active Directory for authorization in my Ionic App I'm successfully able to get the accessToken from Azure AD but after the token get expired I have called the acquireTokenSilentAsync and I'm getting this below error code: AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED message: Ref...
Danny
1

votes
0

answer
41

Views

Azure AD users data retrieval issue

I'm trying to get some users related data from Azure AD, using AD Graph API or MS Graph API, but having trouble getting some specific data needed. I need to get data like: LastPasswordChangeTimestamp StrongAuthenticationRequirements (for MFA) StrongPasswordRequired PasswordNeverExpires All the clie...
Elrom Behar
1

votes
0

answer
85

Views

Azure ad sdk doesnot fetch Intunes company portal login for SSO

I have integrated Azure ad in my iOS app. I need to perform SSO when I have already logged into my Comp Portal app(Microsoft Intunes). Note: I am able to perform auto sign-in when I have Authenticator app installed, however this doesn't work if I have only Comp Portal App installed. On android its...
prasad nikumbh
1

votes
0

answer
194

Views

Using Azure GraphClient API how to grant permissions for a new Application?

I followed this instruction (Using Azure GraphClient API how can you create a new Native Application?) and I could create a native application by Azure Graph Client. However, I don't know how to grant permissions by Graph API. This is my code: var app = new Application() { DisplayName = 'appNativeN...
amzdmt
1

votes
1

answer
154

Views

Send Office365 e-mail using AzureAD authenticated user

I have a .Net Core MVC Web application that authenticates the user using AzureAD. At some stage I need to send an e-mail on behalf of that user. I searched for some options and apparently I can do that using Microsoft Exchange Service or Office365 but for both options I need to get the user's creden...
Sibele Lima
1

votes
3

answer
3k

Views

Adal Angular5 Adal5Service.acquireToken falls with “Token renewal operation failed due to timeout”, but there are successful requests in network

Try to use adal-angular5 and have problem with Adal5Service.acquireToken method: it is always falls with: Token renewal operation failed due to timeout Online full example on StackBlitz. To test: paste your tenant paste your clientId register URL https://angular-96tws9.stackblitz.io in Azure Portal...
user1167761
1

votes
0

answer
30

Views

What is the expected behaviour when using a differential query regarding how many times you may request a page and the page is empty?

What was the user doing - I am trying to implement Azure AD Groups synchronization in my app as described at https://developer.microsoft.com/en-us/graph/docs/concepts/delta_query_groups. However, when implementing the step described under nextLink response, where it says 'The response contains a nex...
MaxV
1

votes
0

answer
648

Views

Getting an On-Behalf-Of access token with a token obtained using the implicit flow

TL;DR: I want to use implicit flow to get an access token and have the user consent my app to grab the profile from Microsoft Graph. When getting the on-behalf-of token on the server side, it complains that no consent is given. I have a client application getting an access token from Azure Active Di...
XwipeoutX
1

votes
0

answer
118

Views

Redirect to login after session expired

Am using Azure Active directory with OpenId provider in MVC 5.0 application and deployed into the Azure portal, In my case user session get expired after 20 minutes but not automatically redirecting to login page, application considered authentication is valid. Is there any option available in OpenI...
Kalai
1

votes
0

answer
307

Views

Azure Function Authenticating ASP.Net Core Web Api using Microsoft Account

I have an ASP.Net Core 2.0 Web App running in an App Service in Azure that has social login configured (Google & Microsoft) according to the following docs: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?tabs=aspnetcore2x https://docs.microsoft.com/en-us...
Julian.Net
1

votes
0

answer
439

Views

Azure Active Directory Group Membership Claims not all are being returned

According to this article, Simple Talk - Azure Active Directory Part 4 Group Claims, when I set the 'groupMembershipClaims' setting in my application manifest, the group claims, including nested should get returned. This does not appear to be the case in my situation. I am only getting back the gro...
cletisgipson
1

votes
0

answer
1.6k

Views

AADSTS50013: Assertion contains an invalid signature. Reason - The key was not found.,

I'm trying to setup an Azure Function with Azure AD B2C. The functions require authorization tied to an Azure AD B2C application. The Azure AD B2C application has a keys section: I used the generated key (M99*****) and put it in the azure functions authentication/authorization settings: When I call...
tweetypi
1

votes
0

answer
32

Views

Least privilege requirements for Service principal to create new key for other application

I’m currently working with a customer where we are deploying a number of Azure PaaS services via ARM templates. The deployment runs in VSTS in service principal context. As part of the deployment we need to specify an application ID and key for ACS. So far we have made do with a key which was m...
jfa8998172
1

votes
0

answer
54

Views

Add-AzureADServicePrincipalOwner problems

I'm trying to add ServicePrincipal owner using PowerShell. I run Add-AzureADServicePrincipalOwner and it returned success. I verify above with Get-AzureADServicePrincipalOwner, but in the portal, I cannot see the newly added user. Moreover, the newly added user has error when running for example: Ne...
Piotr Stapp

View additional questions