I'm trying to follow this documentation https://learn.microsoft.com/en-us/windows/uwp/monetize/view-and-grant-products-from-a-service#step-1 on "Manage product entitlements from a service"
I created a new application in Azure AD (single-tenant application) and I reached the point where I need to set "identifierUris" in the manifest file with the following content:
"identifierUris" : [
"https://onestore.microsoft.com",
"https://onestore.microsoft.com/b2b/keys/create/collections",
"https://onestore.microsoft.com/b2b/keys/create/purchase"
],
Whenever I do that, I get this error message:
Failed to update XXX application. Error detail: Application alias 'url' value is invalid. [Ja+Ze]
Any idea why I'm getting this error message? I tired to change some application settings but no luck so far
Assuming onestore.microsoft.com is a sample custom tenant you might try with {yourtenantname}.onmicrosoft.com.
Related
I am trying to sign up the users using Azure B2C(by doing this I am using MSAL with Angular),
by mail confirmation, captcha v2(google) and MFA.
For the first attempt I used just a normal sign up with the email and afterwards with MFA and had no issues creating the users.
Than I added captcha and in my sign-up, meaning that I needed to use a custom page.
To add captcha feature I used the following process from this link Link - Create Captcha with Azure B2C (regarding one step that is described in the article, the azure function was created in the portal, because locally I had some issues)
In my sign up page where you add the email address and all the claims of the user, after adding all the claims and checked the captcha feature, than press for create, appears the following message:
errorCode: "AADB2C90261" message: "The claims exchange
'PreUserWriteRestful' specified in step '1' returned HTTP error
response that could not be parsed." status: "400"
AADB2C90261 -Taken from Microsoft page - Error Code - The claims exchange '{0}' specified in step '{1}' returned HTTP error response that could not be parsed.
Also the MFA feature doesn't appear. What can be ? that I missed to do ? Or what it represents ?
Tested without MFA and the same issue persists
Did anybody that is using Azure B2C added captcha ?
Thank you.
I tried to reproduce the same in my environment and got below results:
Initially I deployed Azure Function via Portal and left index.js file as default like below:
I configured one API connector named Verify Captcha by adding above function URL in endpoint like below:
Now I added this API connector to my user flow like below:
When I ran the user flow by entering required details in Sign up page and checked the captcha feature, I got the same error as below:
To resolve the error, I tried deploying 2 Http Trigger Functions locally:
HttpTrigger1 - modified index.js file with this GitHub code
and installed required modules like below:
HttpTrigger2 - left index.js file with default code like below:
By updating properties in local.settings.json file, I deployed these functions to Azure:
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "",
"FUNCTIONS_WORKER_RUNTIME": "node",
"BASIC_AUTH_USERNAME": "xxxxx",
"BASIC_AUTH_PASSWORD": "xxxxx",
"CAPTCHA_SECRET_KEY": "6LfoQ9oxxxxx21BEE23-kPQkv6QIQt8",
"B2C_EXTENSIONS_APP_ID": "dcxxx0b0-d5xf-42x-b1a4-97xxx689x1"
}
}
Response:
When I checked in Azure Portal, functions are updated successfully like below:
I configured another API connector named Verify Captcha server side by adding above function URL in endpoint like below:
Now I updated API connector with above in my user flow like below:
I ran the user flow by entering required details in Sign up page and checked the captcha feature like below:
When I selected Create account, I got response like below:
It may take some time to complete the captcha like below:
When I tried the same with default index.js like HttpTrigger2, I'm getting same error as you. So, make sure to replace code in your index.js file with this GitHub code.
You can try the same in your environment locally to resolve the issue.
I'm following the instructions for setting up a Blazor Web Assembly hosted using Azure AD B2C located here: https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/hosted-with-azure-active-directory-b2c?view=aspnetcore-5.0
When the login is clicked a message appears stating 'There was an error trying to log you in: 'Error: could not resolve endpoints. Please check network and try again. Detail: TypeError: NetworkError when attempting to fetch resource.'
In the debug window the message is displayed: Microsoft .AspNetCore.Authorization.DefaultAuthorizationService[2] Authorization failed. These requirements were not met: DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
In the Microsoft instructions for this error message the recommendation is in Azure for the app set the manifest setting of allowPublicClient to null or true. I set this attribute for both the server app and the client app to true but this did not make a difference.
I was able to follow the instructions in your link and make it work.
Some things to try for the client app registration:
'Authentication': For the 'Platform configurations' make sure you choose SPA and the redirect urls are correct
'Authentication': For 'Implicit grant' don't check 'Access tokens' and 'ID tokens'
'API permissions' make sure you added the server registration and clicked 'Grant admin consent'
In my case, this error was a false positive. I fixed my real problem by adding this code to the .csproj file in the Client project:
<ItemGroup>
<TrimmerRootAssembly Include="Microsoft.Authentication.WebAssembly.Msal" />
</ItemGroup>
I have been following after this guide step by step:
https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi
The only thing that I didn't do (not sure if its related) is the following line:
"Also in the ToGoAPI project, open the file Controllers/ToGoListController.cs. In the [EnableCors...] attribute, enter the location of the To Do SPA client. By default it is https://localhost:44326. Make sure to omit the trailing slash.
"
The reason I didn't do it is simply because I can't find any [EnableCors...] in the code. I did try to enable CORS in a different way though. following this:
https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api#enable-cors
Anyway, I get the following error:
"Error :invalid_resource
adal.js:973 Error description:AADSTS500011: The resource principal named https://yorecisraportsco.onmicrosoft.com/ToGoAPI was not found in the tenant named yorecisraportsco.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 64213edc-4b12-4caa-aa4e-b9ec82bd3000
Correlation ID: 607d25c1-d915-46eb-ba48-67adb70ddab8
Timestamp: 2019-03-04 12:41:33Z"
I am not sure why this is happning as I followed the guide - configured everything in Azure like it said and also configured it in the code.
I'm developing an API using VS 2017, which I'm testing using Postman. I've been following this blog post Getting started with Windows Azure AD Authentication using Postman. I finally got it to give me an access token and a refresh token. About 3 quarters of the way through the post I came across this:
resource : https://management.core.windows.net
which has to be put into Postman (I'm using the Windows app version of Postman). I wasn't sure what that was for, so I left it off. I eventually got an access token and a refresh token, but when I when to get more info for all subscriptions, I got errors saying that I had specified a valid resource. So, I thought what I'd have to do was start over again, but re-authenticating and getting a code from Azure. I did so, and put that into Postman, as the blog post instructs. However, issuing this POST results in this error:
"error": "unauthorized_client",
"error_description": "AADSTS70002: Error validating credentials. AADSTS65005: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: d37abf69-42ce-4571-b146-f3422e73f041. Resource value from request: https://management.core.windows.net. Resource app ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013. List of valid resources from app registration: 00000002-0000-0000-c000-000000000000.\r\nTrace ID: 9f028899-6d03-409e-8db4-4e9905000300\r\nCorrelation ID: ec253a1b-9fdc-495f-9310-6b40a42e5d93\r\nTimestamp: 2018-11-19 22:20:02Z",
"error_codes": [
70002,
65005
]
I don't understand why nor what I could have done wrong. I've prespecified the resource as the tutorial instructed, so what have I done wrong?
Looking at the error message, it seems you could have missed adding relevant permissions for "Windows Azure Service Management API" to your app registration.
Steps:
Go to Azure Portal > Azure AD > App registrations > Your app (with app id: d37abf69-42ce-4571-b146-f3422e73f041)
Go to Settings > Required permissions > Add > Select "Windows Azure Service Management API"
Select the relevant permission under Delegated permissions section. Click on select and then "Done". You should get a notification in portal that successfully added permissions. You should see Windows Azure Service Management API listed under required permissions as well.
After these steps, continue as per the blog post you've mentioned with Postman steps to get the access token again.
I found myself in the same situation when i was trying to setup Postman. Its not as complicated as most blogs make seem. I created a tutorial to try to make the process easy.
http://hazelnest.com/blog/blog/2018/11/17/azure-postman-configuration/
https://youtu.be/2bfgeBKRxl4
Hope this helps.
I have a requirement to delete some roles from an app registration.
Have tried to do this on the Azure portal both directly in the manifest editor and by downloading / editing / uploading the manifest JSON.
I get the following error:
Failed to update application xxxxxx. Error details:
CannotDeleteEnabledEntitlement.
I also tried to set "isEnabled" property to "false" and delete the roles after that with no success.
Anyone have any pointers on how to overcome this issue?
As you mentioned in your post, the deletion of any OAuth2Permission is a 2 step process:
You must first disable the permission, and push that to the directory.
Then you can delete the permission.
The error message you are showing in your post is a result of you not disabling the permission first. You will need to share details about the error you get if trying to delete the disabled permission fails as well.