If I enter both an ApplicationID and key into the Advanced Settings of the dnn.azureadb2cprovider I get a generic error with no explanation. I've gone through the setup documentation (which seems to be outdated) numerous times. The error gives no clue as to what the issue is.
If I enter only the app id or only key by itself, there is no error. Obviously this wont allow Graph to work, but I am noting it anyway.
Went thought the setup process located at https://github.com/intelequia/dnn.azureadb2cprovider#requirements. I can get users to sign in successfully through B2C so it's partially working. Just the advanced features are having trouble.
You can check the log4net log files under /Portals/_default/Logs folder for more details on the issue. This is probably caused by the permissions of the App registration on the Graph API. Ensure that you have set permissions on these Application scopes and have given consent to them (the documentation will be updated soon):
Application.Read.All
Group.Read.All
GroupMember.Read.All
User.Read.All
PS: in the future please create this type of issues on the GitHub repository to concentrate all the help and documentation on the same location.
Related
My purpose is to create bug in Azure DevOps directly from Azure Application Insight, I am doing to attach the work item (bug) feature available in Azure Application Insight but on clicking Authorize button it give me following error
Authorization token provided through OAuth does not have access to read/write work items for requested uri/project collection/project
for reference please find the below image.
Updates:
I didnt understand what you meant by private browser, and I have full admin access over Azure Portal.
basically I have the https://dev.azure.com/HealthTechnologies/ReportItNow link in which
https://dev.azure.com is the devop url
HealthTechnologies is the organization
ReportItNow is the Project
so in Azure insight workitem section, URL I am putting https://dev.azure.com/HealthTechnologies/ and in project I am putting ReportItNow, I dont know what i am doing wrong.
Still waiting for this glitch to solve.
Oky let me make it more simple, if I want to automatically create bug in Azure DevOps when ever any new exception came in to the Azure
Application Insight How I can get this into real practical.
I solve this when I took a detailed look at the error message url. It's saying that the missing authorization is for https://uri/Project Collection/Project. Based on that, I changed my url from https://dev.azure.com/organization to https://dev.azure.com/ and it worked,
I have created an app on Azure Portal to access some information via Microsoft Graph API but I am not able to add any permissions to it. It was working earlier but not any more. I also tried to register a new app, the app gets register but yet again the permissions could not be added.
As soon as I press the button to add the selected permissions these two popup notifications come up ..
1. Your session will end in a few minutes. You will have to refresh your browser to start a new session.
2. The portal is having issues getting an authentication token. The experience rendered may be degraded.
Additional information from the call to get a token:
Extension: Microsoft_AAD_RegisteredApps
This is happening since last 3 days now. I also searched on Google and found that people had similar issues earlier as well. Though I have raised a ticket on the portal for this but haven't received any reply yet.
Any help here would be very much appreciated. Also is there any way to check any logs on the portal itself. I did try to check the network logs via browser developer tools but they aren't much help.
It seems to be an issue with the Azure Portal for your region.
As #Hury Shen suggested, you should contact Azure Support for further investigation.
See how to open a support ticket on Azure portal.
Seems like there was an issue with my account address. I changed the address to one of US and it worked for me.
#Allen Wu Thanks for the suggestions. I had already asked them about it but no one replied.
I have several client apps registered in the Azure portal. Each app has different scopes that are enabled/disabled. I used to be able to modify the scopes and save the updates for each of the register apps. Now I get the following error from the Azure portal:
Failed to update {my app} application. Error detail: Property identifierUris is invalid. [mURNc]
I also get this same error even if all I try to do is rename the client app. If I create a brand new app there are no issues. This appears to be a bug in the azure portal, but I'm looking for a workaround as I don't want to redefine all the scopes again, there are quite a few!
I've tried to rename things, change the client app ID, etc, but nothing seems to fix the issue, I get the same error. Again, this all used to work fine and now suddenly with no changes I get this issue.
The error says the identifierUris is invalid, but it isn't descriptive at all on which URI it is referring to. Any suggestions on how to correct this?
As junnas said, click try out the new experience in the Authentication tab of App registration and try again.
Also, when you see the above error, we recommend the following:
1.Edit the attributes individually in the manifest editor instead of uploading a previously downloaded manifest. Use the manifest reference table to understand the syntax and semantics of old and new attributes so that you can successfully edit the attributes you're interested in.
2.If your workflow requires you to save the manifests in your source repository for use later, we suggest rebasing the saved manifests in your repository with the one you see in the App registrations experience.
Hope this helps.
I am trying to do some experimentation with MSAL JS and ADAL JS libraries. I was able to get MSAL JS working fine by doing configuration at Azure Active Directory => "App Registrations (preview)". However when I switched to ADAL JS I get an error about needing version 2.0, so I think I need to use the regular "App Registrations" screen.
However, when I click on the regular "App Registrations" button I get:
Access Denied
You do not have access
Looks like you don't have access
to this content. To get access, please contact the owner.
I think it's odd that I can access the "preview" app registrations screen but not the regular one.
I saw somewhere online somebody suggested making changes at "User Settings", but that screen gives me the same error message. Going to "Users" I see 0 users, and it won't let me add any (the plus is greyed out).
The account I am using is just a personal account, it is not tied to any organization so there is no admin. I assume I should have full permission or be able to give it to myself, but can't figure out how.
Getting a Trial Azure account fixed this problem, so it appears one is needed to use the "App Registrations" section.
It is still a little unclear why an account is not needed for the preview mode, however.
Also, it would be nice if Azure would show a proper message saying an account is needed instead of a error message, but that is a minor point.
I have a web app in Azure. The access to that web app is controlled by Azure Active Directory. The app is up and running since September of last year. I didn't make any changes to the app for a while and have 33 users in that app.
So, a week ago I tried to add a user, using the same methods and paths I used before.
The new user can log in to microsoft (portal.office.com). After the initial log in and changing of the password the user goes to the web app in Azure and get the following error: You do not have permission to view this directory or page.
Error tracing gives me this:
HTTP Error 401.73 - Unauthorized You do not have permission to view
this directory or page.
Most likely causes: The authenticated user does not have access to a
resource needed to process the request.
Things you can try: Create a tracing rule to track failed requests for
this HTTP status code. For more information about creating a tracing
rule for failed requests, click here.
Detailed Error Information: Module EasyAuthModule_32bit
Notification BeginRequest Handler
ExtensionlessUrlHandler-Integrated-4.0 Error Code 0x80004005
Requested URL https://*******:80/.auth/login/aad/callback Physical
Path D:\home\site\wwwroot.auth\login\aad\callback Logon Method
Not yet determined Logon User Not yet determined
More Information: This is the generic Access Denied error returned by
IIS. Typically, there is a substatus code associated with this error
that describes why the server denied the request. Check the IIS Log
file to determine whether a substatus code is associated with this
failure. View more information ยป
Microsoft Knowledge Base Articles:
Another observed behavior: usually when new users are logging in the web app asks for permissions for the AD to access their account information. Ever since this problem came up this is not the case any more.
Other users do not have any problems logging in. This problem only happens with new users who never logged in before.
EDIT: When I go to Active Directory and look at sign ins, I see failures to log into the web app with sign-in error code 90092. Failure Reason: Other.
Microsoft help desk could not give me details on that error code.
Checkout the related question and answer here. All new users have to first consent the application (agree and give your application permissions to access their profile / or you indicated as required permissions).
In short, you have to design "sign-up" button for your application, which uses the "login_url" and appends "&prompt=consent" to the query string.
Read all related resources here to better understand the consent framework.
And please read the documentation about Azure App Service Authentication/Authorization here, as well as the Azure AD specific documentation here.
OMG, I just found an answer. I created a test app and set it up to mirror the settings of my live app.
In Required Permissions the new app had nothing for Microsoft Graph, the live app had 5 permissions. I deleted Microsoft Graph and it works now!
I wish Microsoft communicated better about discontinued API's. I did get an alert, but it was mostly talking about MS Office 365.