Is there a way to configure the SP metadata as static information instead of setting the SP metadata endpoint url in Azure B2C.
I will appreciate any reply.
It seems - no. As an alternative way you can host your metadata somewhere and put the link to the metadata file to the Azure B2C Application Registration's settings. For example, you can easily do that by using Azure Blob Storage.
Related
We have VAPT findings to add a storage account to private endpoint.
Storage account is used by Azure CDN as origin.
After adding endpoint the Azure CDN cannot access and gives error with an XML page.
How to access storage account with private endpoint from Azure CDN?
You need to give access over the firewall. For Microsoft CDN (classic) that would be the following range 147.243.0.0/16 as found in the Microsoft documentation.
if you've placed your storage account in a private link then i imagine you probably want to protect its content from unwanted access.
i think #travisez13's solution would allow anything running in azure to access the storage account directly, assuming they could guess the names.
i think you may want to try this approach instead: https://learn.microsoft.com/en-us/azure/cdn/cdn-sas-storage-support
How can you access a Storage Account blob container without using an Account Key?
I can access data in Storage Account blobs in Power BI ... but it needs the account Access Key !
Is there some way to access the data using some other authentication approach, i.e. an app registration, service principal, managed identity, whatever ?
You could use Shared Access Signature(SAS) to connect Blob Storage in Power BI. This guide will help you.
If you access blob with Azure AD, it doesn't seem to integrate with Power BI. And there is a .Net code sample about creating a block blob.
Azure AD authenticates the security principal (a user,
group, or service principal) running the application. If
authentication succeeds, Azure AD returns the access token to the
application, and the application can then use the access token to
authorize requests to Azure Blob storage or Queue storage.
For more information, the document describes the options that Azure Storage offers for authorizing access to resources.
I have application in asp.net and uploaded to Azure App service. I have file upload on the azure blob. Here issue is my blob is accessible to public I want to access images and docs in the blobs only accessible when my application is logged in. If I log out then those should not be access. How can I achieve this using azure blob storage?
In this case, you can configure the web app with Azure AD auth(Easy Auth), follow this doc.
After doing the steps in the doc above, it will create an AD App in your AAD tenant. Navigate to the AD App in the Azure Active Directory in the portal -> API permissions, add the delegated permission of Azure Storage.
Then navigate to the authsettings of the web app in the resource explorer, add ["resource=https://storage.azure.com"] to the additionalLoginParams, details see this blog.
Navigate to the storage account in the portal -> Access control (IAM) -> make sure the user account has a role e.g. Storage Blob Data Contributor, if not, add it for the user, follow this doc.
After doing the steps above, use the user account to login the web app, you can get the access token with https://webappname.azurewebsites.net/.auth/me, then you can use the token to call the Storage REST API - GET Blob to access the things in the storage container.
Can any one help in understanding procedure of copying excel file from share point to azure Blob storage through Azure Data Factory pipelines. I am struggling while creating Odata linked service. What is service url in odata linked service?
I am using rest apis provided in link here as a service url :https://xxxxx.sharepoint.com/sites/xxx/_api/web/
authentication type: basic
when I test connection I outputs a weird error: here
I have tried the following articles so far.
https://learn.microsoft.com/en-us/azure/data-factory/connector-odata
https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/working-with-folders-and-files-with-rest
Note: when I try these rest api urls from browser they work fine I can download files and so on.
is there any other way of achieving this goal??
Sharepoint online is supported by OData linked service through AAD SPN with Cert authentication type.
A cert using by OData connector can be created and configured by following the below article, which will guide you to connect the cert to an AAD app for invoking SPO Online with an app only access token.
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
I read about shared access signatures generated with stored access policies for Azure Storage from here.
I also read how to create this shared access signature with stored access policies for Azure Storage using PowerShell here.
However, I want to do the above using Azure Portal. I know how to generate an ad-hoc shared access signature. I also know how to create a stored access policy for a container in my Azure Blob.
How do I create a shared access signature with a stored access policy for an Azure Blob container in Azure Portal?
Preview of Storage Explorer is now available in Azure portal.
You can generate SAS for a container by right clicking on the container and select Get Shared Access Signature like we do in Storage Explorer using the preview
How do I create a shared access signature with a stored access policy
for an Azure Blob container in Azure Portal?
Simple answer to your question is that as of today you can't create a shared access signature (SAS) using a stored access policy in Azure Portal. This feature is not there yet. In fact, feature to create a SAS on a blob container is not there on the portal as of yet. You could only create account level SAS using Azure Portal.
If you need to create a SAS on a container using a stored access policy, please use Microsoft Storage Explorer tool (or any other storage explorer tool that has support for blobs management). Using this tool you will be able to specify a stored access policy when creating a SAS on the container.