I am setting up b2c multi-tenant authentication for my app, I am flowing this steps
https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant-custom?tabs=applications
I am stuck with 2 problems
Signin with local accounts not working, Signup works fine
My app is a React SPA, after azure account (not local) login flow completes, I am getting 'X-Frame-Option' deny error
I am able to resolve first issue by recreating IEF apps (IdentityExperienceFramework and ProxyIdentityExperienceFramework apps) with this tool b2ciefsetup.azurewebsites.net
Still facing the msal js - iframe issue
https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/1161
Related
I have an already deployed application on azure app service which uses azure AD for authentication and authorization.
Unfortunately the developer who worked on it is no longer available
i got access to all Azure resources and source code but i cant figure out how can i add my azure account as one of the users to the app (i can login but its an empty view for me unlike what it used to be with the developer access).
Also i find the app registered on Azure AD and i am an owner there but still with no right access.
When i try to login localy from the frontend it say
Selected user account does not exist in tenant 'Default Directory' and
cannot access the application '[some numbers] in that tenant. The
account needs to be added as an external user in the tenant first. Please use a
different account.
Would appreciate any help and many thanks in advance.
I can login but it’s an empty view for me unlike what it used to be
with the developer access
This is because your backend application is enabled with Azure AD Authentication.
After you sign in to your front-end application, you still can't access the data from the back-end app, because the back-end app now requires Azure Active Directory sign-in from the front-end app
To access the application, follow the below steps:
Grant the front-end access to the back end
Configure App Service to return a usable token
Use the token in your code
You can refer Enable authentication and authorization for front-end app in Authenticate users E2E - Azure App Service | Microsoft Docs for the detailed steps
I am trying to achieve SSO for my electron based app with pure Azure AD cloud only user. The device is joined to Azure AD and logged in user is an AAD user. SSO is working seamlessly with Edge and IE and also with Google chrome(with Windows 10 Accounts extension added). But, whenever I try to launch the URL with Electron it always takes me to the auth page rather than retrieving the auth code.
PS: I have already tried the below
Adding "https://autologon.microsoftazuread-sso.com" and AAD server to auth-server-whitelist and auth-negotiate-delegatewhitelist.
Add the urls to session.defaultSession.allowNTLMCredentialsForDomains('*')
Changing the UsrAgentFallback to Edg/version from Electron/version
Same setup works if the user is federated via Azure AD connect with both on prem and AAD server but is not working in pure Azure AD environment. Any help will be greatly appreciated!!
I have an app that was developed using Angular 9 and we are using the login with Azure AD B2C.
The users that we have in the Azure AD B2C are Member(type).
We have a new requirement where we have to embed power apps in the web app (iframe tag - Canvas App), but we saw that always ask for sign in, but we want to re-use the token generated with the login to see the power app.
We created the power apps in the same directory as the Azure AD B2C and we shared it to everyone.
I tested the #microsoft/powerappsplayersdk sdk for angular but it's still not working, exists a getAccessToken function but neither works
Any ideas about what is missing? or what I have to do to avoid login again when I try to see a power app within my web application?
What token issuer does power apps is expecting? Microsoft B2C token is issued by *.b2clogin.com endpoint and not by microsoftonline.com endpoint. This typically means that token issued by B2C cannot be used as-is by O365 and other services that don't accept B2C as a issuer.
I have an angular website which is secured using Azure AD B2C. B2C is configured with local accounts and three social providers (MS, Google & Facebook) and everything from the web app perspective works great.
The web app calls a separate .NET Core web API which has a couple of secured endpoints. The web API has been set up as an application in B2C with all of the relevant scopes and the scopes have then been added to the web app as described in the getting started docs from MS.
If I'm logged in to the web app using a local account the API call's work perfectly however if I'm logged in using a social provider they fail. In the case of an MS account I see the following:
Frame with URL 'https://login.live.com/oauth20_authorize.srf?client_id=omitted for brevity'
attempted to navigate its top-level window with origin 'https://localhost:44314'.
Navigating the top-level window from a cross-origin iframe will soon require that the iframe has received a user gesture.
See https://www.chromestatus.com/features/5851021045661696.
Google and Facebook provide similar errors. It looks to me like somewhere along the line a redirect is being initiated to try and log in again.
On the Angualr app I'm using msal-angular (https://www.npmjs.com/package/#azure/msal-angular) which is configured as described in the link.
I've scoured the docs and google to try to find a solution but to no avail so any help would be greatly appreciated. I'm not sure if I'm just running into something that's not currently supported in B2C.
Thanks in advance.
I have created a new web api and deployed it on azure. The api works with azure AD authentication. This api we need to consume from PowerBI-Desktop application.
If i test the api on browser which is deployed on azure it works fine. However, if I try to consume it in PowerBI it gives the following error.
invalid_resource: AADSTS50001: The application named was not found in the tenant named . This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Why I am getting this error ?
Any help on this appreciated !
You can log in as an admin and make a GET request like so:
https://login.microsoftonline.com/common/adminconsent?client_id=[APPLICATION ID]&redirect_uri=[REDIRECT URI]
And then you'll authorize the application and you'll be able to authenticate =)