We can can get the IPAddress of the user from User Journey Context Provider, but I need user location details. Is it possible to get the user location details ?
All claims resolvers are here:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/claim-resolver-overview
You cannot resolve their location/city etc. You can ask the user for their location instead:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy
Or resolve the IP to a location using your own REST API:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-rest-api-claims-exchange?pivots=b2c-custom-policy
Related
I need to add the employeeid as claim notification in token, I used the tutorial of this link:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-claims-mapping#include-the-employeeid-and-tenantcountry-as-claims-in-tokens
I did all steps, but my token is not returning the employeeid:
I did this configuration with graph api, where I create the policy and bind it with the service principal:
If I check this configuration, it seems to be correct:
I have followed all the steps correctly, and I can't include the employeeid in the token, what is happening? thanks.
Assuming this is an access token you are requesting, you could check two things:1.The claims mapping policy should be attached to the resource (api) service principal/application id for which you are requesting the access token 2. You need to update the application manifest as mentioned towards the end of the document you shared.
I tried to reproduce in my environment getting the employeeid successfully
Make sure you have choose your Application object ID
For your Reference :
https://s4erka.wordpress.com/2020/08/06/azuread-claim-mapping-policy/
If i have a tenant name such as "contoso.onmicrosoft.com" can i get the tenantID using an API call?
I have already checked the API for Microsoft.Azure.Management.ResourceGroup
You can simply call https://login.microsoftonline.com/tenantDomain/.well-known/openid-configuration and get the tenant id from there. Just parse the JSON it returns and get the tenant id from it - for example from issuer.
Full info can be found here.
The call doesn't have to be authenticated so it is very simple to call.
You can get the name of the tenant you are logged into by calling
https://management.azure.com/tenants?$skiptoken={skiptoken}&api-version={api-version}
see here for details
This will give you a list of all tenants that you authorized for.
This is actually listed under 'Tenants' rather than resource groups.
Te easiest way to get tenantID is to find it in Azure portal. Please click -> APPLICATION -> VIEW ENDPOINT. like the following screenshot:
If you want to use C# to get the tenant ID from the name. Please try to get the JWT token first (use the user under the "contoso.onmicrosoft.com" to sign in). The JWT token will contain tid. "tid" means tenant id. Refer to this article for more details.
Then we can use the following code to get the tenant id:
var token = new JwtSecurityToken(jwtToken);
var oid = token.Claims.FirstOrDefault(m=>m.Type == "tid").Value;
I am trying to integrate azure Active Directory Authentication Library for js to my site. I downloaded the SPA sample and made it work with my app detail.
However, how can I pass user information back to server?
For example, this is the example code on server side to retrive the logged in user:
string owner = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
IEnumerable<Todo> currentUserToDos = db.Todoes.Where(a => a.Owner == owner);
The owner string turned out to be a guid like token other than a readable username or email address.
Is there a way to retrieve username or email address by using this library directly or I have to send it to server side myself?
ClaimTypes.NameIdentifier is a guid unique to each user. If you want readable username or email address, try ClaimTypes.Email or ClaimTypes.Name.
Yes, we are able to get the user info from client directly via adal-angular.js. It already store the user information to the $rootScope. userInfo, we can retrieve the user information from it instead of from web server.
Here is the code that retrieve the name and email address:
console.log($rootScope.userInfo.userName);
console.log($rootScope.userInfo.profile.name);
console.log($rootScope.userInfo.profile.upn);
And below is a figure for the struct of userInfo object for your reference:
I use Shiro 1.2.3 in a JSF2 project. I couldn't find a way to update the principal of an authenticated subject without a logout. I need this when a logged-in user wants to update his/her profile info. I store a userBean as principal and it should be updated along with the profile info. Doing a programmatically login can be a solution but this time password of the user is needed to create a token.
Some time has past but I hope this could be useful to others too.
When you login with Shiro a Session is created and a token is sent to the client for further requests.
For each request Shiro intercept the HTTP request, verifies the token as valid then creates a new Subject using the org.apache.shiro.web.mgt.DefaultWebSubjectFactory.createSubject(SubjectContext context) method which contains an important line
PrincipalCollection principals = wsc.resolvePrincipals();
which finally bring us to the solution method org.apache.shiro.subject.support.DefaultSubjectContext.resolvePrincipals() which contains the critical lines
Session session = resolveSession();
if (session != null) {
principals = (PrincipalCollection) session.getAttribute(PRINCIPALS_SESSION_KEY);
}
That is to update your Subject's Principal without logout you need to update his/her session's PRINCIPALS_SESSION_KEY attribute. To summarize your code could be as simple as
PrincipalCollection pc = (PrincipalCollection) getSubject().getSession().getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY;
// do something in here
getSubject().getSession().setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, pc);
I don't want to use default credentials because I need to fetch log in user Mail Box information therefore, to call Exchange Web Service I need Log in User credentials. So how can I get current Logged-in user credentials??
Constructor of calling exchangeweb service is as below:
ExchangeServiceBinding exchangeService = new ExchangeServiceBinding()
exchangeService.RequestServerVersionValue = new RequestServerVersion();
exchangeService.RequestServerVersionValue.Version = ExchangeVersionType.Exchange2010;
exchangeService.Credentials = new NetworkCredential("user_LoginID", "LoggedIn_user_password");
you can't access the user password or the credentials from SharePoint directly. You're able to get something like SPContext.Current.Web.CurrentUser.LoginName, but you won't be able to hand over the user password, if UseDefaultCredentials doesn't work for the EWS.