There is a step by step configuration to add API Management Administrators and then use a Powershell command to retrieve a URL to open the Developer portal as an administrator (https://learn.microsoft.com/en-us/azure/api-management/api-management-faq#how-do-i-add-a-user-to-the-administrators-group).
But unfortunately, it is not working with the new developer portal, only with the legacy portal.
What are the steps to use with the new developer portal?
It's a bit more involved.
Generate yourself a token using this API: https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/user/getsharedaccesstoken
Get service details using this API: https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/apimanagementservice/get to see if new dev portal has been assigned custom hostname. Can skip it if you already have this information from somewhere else.
You redirect URL will be: https://[hostname]/signin-sso?token=[token]
Related
I am able to create a new Azure App Service on my Azure subscription from VS code. If I then try to deploy my python web application to the App Service that I just created I get a "401 - Unauthorized: Access" error. If I logon to the Azure portal I can view my newly created App Service. I can see on the Access Control page that I am listed as a contributor. I am not sure why I can not deploy my code or view files. Does anyone have suggestions as to security settings to check? I need to be able to deploy my code. Thank you.
#Kachopsticks, Apologies! If my response is to too late. To benefit the community, sharing the steps that could help isolate such issues:
There is a way to disable basic auth access to the WebDeploy port and SCM site with basicPublishingCredentialsPolicies, see if this is the case.
basicPublishingCredentialsPolicies --parent sites/ --set properties.allow=false
https://learn.microsoft.com/azure/app-service/deploy-configure-credentials?tabs=cli#webdeploy-and-scm
You could re-download the publish profile from Azure portal, and import publish settings in Visual Studio for deployment.
In the Azure portal, open the Azure App Service.
Go to Get publish profile and save the profile locally.
A file with a .publishsettings file extension has been generated in the location where you saved it and you may import that in VS and then attempt to re-deploy.
Additionally, Azure App Service supports two types of credentials for local-Git and FTP/S deployment:
User-level credentials one set of credentials for the entire Azure account.
App-level credentials (one set of credentials for each app. It can be used to deploy to that app only) -. They can't be configured manually, but can be reset anytime. For a user to be granted access to app-level credentials via (RBAC), that user must be contributor or higher on the app (including Website Contributor built-in role). Readers are not allowed to publish, and can't access those credentials.
i followed this tutorial
Tutorial: Access Microsoft Graph
I can login with my organization user to the web app, but i can't use the GraphServiceClient. It always redirect me to the "signin-oidc" page with a 403 error.
Am i missing something in the tutorial? What should i check in the configurations?
Thank you in advance
According to the tutorial you provided, it requires the azure web app to enable easy-auth by azure ad, it also provides a tutorial on how to enable it.
After creating azure web app, go to Authentication then click Add identity provider, then you need to choose microsoft as the provider and then create a new azure ad app if needed. Now we can deploy sample code into azure after doing the configuration. And as the default redirect url in the code is /signin-oidc so we need to add it into azure ad authentication panel-> redirect url.
==============================UPDATE============================
If you used my sample, you also need to modify the appsetting.json with the azure ad application client id and client secret. You can use the azure ad app created just now, you only need to add redirect url with https://localhost:44321/signin-oidc and https://web_app_name.azurewebsites.net/signin-oidc. But in this sample, you don't need to enable easy-auth for azure web app. You only need to create a web app and deploy the sample code to it. I used visual studio to create and deploy. If you wanna create azure web app in azure portal, you just need to click New in azure portal->app service and complete the fields.
Any idea how to enable Azure Login in new developer portal? I have tried below link to set up account on azure AD. It enabled AD login in old developer portal but not in new one
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad
Any link which can help with this?
This feature has not been released on Azure APIM new developer portal yet. Details see here .
As APIM product team indicated , this feature is comming soon :
it will be completed by general availability release, which is planned
for October/November.
Hope it helps.
Now Its enabled. I was able to configure to azureAD sign in.
Note: To Auto populate Sign up page. need to add additional claim (email) in the Azure AD App.
can follow below link
https://learn.microsoft.com/en-us/answers/questions/145976/can-sign-up-page-be-auto-populated-after-aad-authe.html
I have a question regarding Visual Studio Team services / Azure Web App deploy
in order to get my app be published using the Azure Web app deployment in release process, I had to grant access as co-administrator on my azure subscription using the old management manage.windowsazure.com
Is there any way to do the same thing using the new portal.azure.com ?
As we work as a big team, I would like to be very restrictive on users right and I do not want everybody to be co-admin. Is there any other way to grant publishing privileges on specific account (we use an Azure AD connected to VSTS) without giving Azure co admin privileges ?
#Thierry,
new new portal "https://portal.azure.com", you can config access with role base access management.where you can more granular permission (read/contributor/owner) to a user for a specific resources (service/resource group/subscriptions etc ...)
See more details from this articile https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/
hope this will help!
How do I set up ACS in SQL Azure?
I am trying a code sample from Azure that is to create a custom Login Page in ASP.NET and MVC 3.
It claims to use the ACS Management Portal. It instructs to log on to the my Azure homepage and "navigate to the Service Bus, Access Control and Cashing section." Where is that? I do not see this on my Azure homepage.
The example is listed here:
http://msdn.microsoft.com/en-us/library/windowsazure/hh127794.aspx
The step says:
To configure the sample via the ACS Management Portal
Open a browser, navigate to the Windows Azure homepage (http://go.microsoft.com/fwlink/?LinkId=130560), and sign in. Navigate
to the Service Bus, Access Control, and Caching section to configure
your ACS service namespace. Once you have created a namespace, select
it and click Manage > Access Control Service, located at the top of
the page. This will launch the page in a new window.
Where is that? I do not see this on my Azure homepage.
http://i67.photobucket.com/albums/h292/Athono/AZURE/whereistheservicebus.png
What you're seeing is the new preview portal (I'm referencing your screenshot). In order to access all features of your Azure subscription you might also need to use the 'old' Silverlight portal. Today this is still the case for ACS.
You can visit the old portal through this URL: https://windows.azure.com/