Trying to run the sample from Azure-Samples/digital-twins-samples.
It is failing here in this code
client.GetDigitalTwin("---");
I have entered the required credentials in the authentication window and it gives an exception saying "InteractiveBrowserCredential Authentication Failed".
Inner Exception - "Only loopback redirect uri is supported, but urn:iet:wg:oauth:2.0:oob was found." Configure http://localhost or http://localhost:port both during app registration and when you create the PublicClientApplication object. See https://aka.ms/msal-net-os-browser for details
I have verified whether the role "Azure Digital Twins Owner (Preview)" is present for my user id and I am able to view/update the models & twins in the digital explorer sample from this example ADT explorer, but unable to update model through code. I believe there is some configuration missing in the reply url of the desktop/web url.
Any idea how to fix this issue.
After discussing directly on this issue, we observed that the Internet Explorer on Client Machine is causing/experiencing some blocking on pop-ups.
Resolution 1:
Please check if there are any pop-up blockers enabled on the browser.
Please change the default browser to another browser [like chrome]
and re-try.
Clear the browser cache and close all opened browser sessions.
Restart VS2019 and try to run the sample code.
Resolution 2:
Make sure you are using Azure.Identity latest NuGet Package. As of today 09/02/2020 the working version is Azure.Identity 1.2.2
Resolution 3:
Please make sure the AAD Application Authentication has a 'Mobile & Desktop Application' Platform added, along with the redirect URL.
For more information please visit this Github issue:
Related
I attempted to implement the custom policy to allow phone authentication while setting up Azure ADb2c for my application and tried to follow the instructions present here - https://learn.microsoft.com/en-us/azure/active-directory-b2c/phone-authentication
I completed the prerequisites and believe I have everything setup correctly, but when i try to run the custom policy B2C_1A_SignUpOrSignInWithPhone, I receive a message to my phone number (based out of india) with the verification code, but when I enter the verification code into the browser, i receive an HTTP 400 with too many requests and I'm not sure why. How do I ensure that this feature will be functional if I implement it into my application. Has anyone else faced this issue ? (tried incognito as well)
SOLVED:
Looks like the file "Phone_Email_Base.xml" needed to be edited to include the tenant name in the two and tags. This was not mentioned in the tutorial and therefore took a bit of time to figure out why. I will be forwarding this to microsoft so that they can fix in their documentation.
The Azure AD B2C - App Registrations (both current and preview) will not save my non localhost address. i.e. if I add a redirect Uri as https://localhost:44734, and save it works fine. If I add a uri as https://mysite.azurewebsites.net it will not save. The details here is slightly different depending on the part of the portal you are in.
If you are using the "App Registrations (Preview)" version, you see a notification in the top right saying "Update application Authentication". This just stays there and never finishes.
if you are using the current Applications blade you get an error stating "Application Update Error" "Cannot update Application: One of the properties provided for the application 'XXXXX' has invalid value. Please read this article (https://go.microsoft.com/fwlink/?linkid=847767) for more details.". This seems to be the case for any URL except localhost.
Also manually editing the manifest is also giving the error.
You should be able to add both localhost, and any valid url in that screen. Which seems to work on a new Application, but not an existing one.
I can not reproduce your issue on my side. I think you can create a new application to resolve this issue.
Also, you can try to delete all the reply urls and then add it again.
I have the latest version of Visual Studio Code 1.19.2. It's a clean installation.
I've installed Azure Extension Pack from Microsoft with Azure Account (0.2.2). But I am not able to sign in to my Azure subscription. When I type Azure: Sign In in the commands pallete (CTRL+Shift+P), it only shows Azure: Logging in... in the bottom purple line, but nothing happens. I am not signed in.
As far as I know it should open browser window with login screen, but it does not. My default browser is Edge, my operating system is Windows 10 Enterprise x64 1709 with all updates.
How to sign in to my Azure subscription?
For me I just copied the Azure tenant ID from the portal: Go to ActiveDirectoy in Azure then go to properties you'll see the tenant ID.
Now just paste the tenant ID in vscode: File->Preferences->Settings, then search for keyword "tenant" and add your Azure tenant id.
It happens because your corporate network has blocked the proxy to execute the Azure: SignIn command. So the solution is to add value HTTPS_PROXY in the environment variable to allow the web browser to open up the Azure Sign in the login page.
export HTTPS_PROXY=http://username:password#proxy:8080
export HTTP_PROXY=http://username:password#proxy:8080
Can you see this strip pop out?
Edit: if not install Azure Tools For VScode
only after clicking "Sign in" you should get a browser window open where you have to paste the code.
For me I was confused by the message, it copies the code to your clipboard automatically, I'm just dumb..
I also had this issue and was rectified by changing my default browser from Edge to Chrome. Signing in via Chrome worked whereas Edge signed in successfully in browser but not reflected in VS Code.
Upgrade the VS Code to the latest version, Also ensure environment variable contains the necessary http proxy. No need to change the default browser
I have a web app in Azure. The access to that web app is controlled by Azure Active Directory. The app is up and running since September of last year. I didn't make any changes to the app for a while and have 33 users in that app.
So, a week ago I tried to add a user, using the same methods and paths I used before.
The new user can log in to microsoft (portal.office.com). After the initial log in and changing of the password the user goes to the web app in Azure and get the following error: You do not have permission to view this directory or page.
Error tracing gives me this:
HTTP Error 401.73 - Unauthorized You do not have permission to view
this directory or page.
Most likely causes: The authenticated user does not have access to a
resource needed to process the request.
Things you can try: Create a tracing rule to track failed requests for
this HTTP status code. For more information about creating a tracing
rule for failed requests, click here.
Detailed Error Information: Module EasyAuthModule_32bit
Notification BeginRequest Handler
ExtensionlessUrlHandler-Integrated-4.0 Error Code 0x80004005
Requested URL https://*******:80/.auth/login/aad/callback Physical
Path D:\home\site\wwwroot.auth\login\aad\callback Logon Method
Not yet determined Logon User Not yet determined
More Information: This is the generic Access Denied error returned by
IIS. Typically, there is a substatus code associated with this error
that describes why the server denied the request. Check the IIS Log
file to determine whether a substatus code is associated with this
failure. View more information »
Microsoft Knowledge Base Articles:
Another observed behavior: usually when new users are logging in the web app asks for permissions for the AD to access their account information. Ever since this problem came up this is not the case any more.
Other users do not have any problems logging in. This problem only happens with new users who never logged in before.
EDIT: When I go to Active Directory and look at sign ins, I see failures to log into the web app with sign-in error code 90092. Failure Reason: Other.
Microsoft help desk could not give me details on that error code.
Checkout the related question and answer here. All new users have to first consent the application (agree and give your application permissions to access their profile / or you indicated as required permissions).
In short, you have to design "sign-up" button for your application, which uses the "login_url" and appends "&prompt=consent" to the query string.
Read all related resources here to better understand the consent framework.
And please read the documentation about Azure App Service Authentication/Authorization here, as well as the Azure AD specific documentation here.
OMG, I just found an answer. I created a test app and set it up to mirror the settings of my live app.
In Required Permissions the new app had nothing for Microsoft Graph, the live app had 5 permissions. I deleted Microsoft Graph and it works now!
I wish Microsoft communicated better about discontinued API's. I did get an alert, but it was mostly talking about MS Office 365.
I have a Sharepoint 2013 on premise environment for which I am developing an provider hosted app using Visual Studio.
The Visual Studio project has an app project which contains a custom ribbon button that goes to the web project. The web project is hosted on Windows Azure and here I get the error that the context token is null or an empty string.
Getting the token is done using the following code:
var contextTokenString = TokenHelper.GetContextTokenFromRequest(Request);
SharePointContextToken contextToken =
TokenHelper.ReadAndValidateContextToken
(contextTokenString, Request.Url.Authority);
When I see what is passed to the site hosted on Azure I notice that the SPAppToken is null. When using ULS viewer I get the error "The Azure Access Control service is unavailable"
I have already checked if the app is registered (using appregnew.aspx) and that the id is the same for this and in the appManifest.xml and web.config files.
How do I get the context token? Do I need to do something else in Azure in order to make it work?
The link from the comments helped me. I'm posting the answer here so we don't need to rely on a url sticking around.
You get the "EndpointAuthorityDoesNotMatch" message when your app's launch url doesn't match the "app domain" registered for your app's client_id.
For mine this meant that I needed to re-register the app for our test server separately from our develoment server via the _layouts/15/appregnew.aspx page on the O365 site. Here's a link with more info on registering client ids: http://msdn.microsoft.com/en-us/library/jj687469.aspx
Message 'The Azure Access Control service is unavailable' says that SharePoint can’t construct the SPAppToken because it can’t talk to ACS (Azure Access Control) in order to do that. This could be for a variety of reasons (e.g. network connectivity problems).
You can also check this blog: CJG: The Azure Access Control service is unavailable.