Cloud Connection getting error on Azure, Rest API & Callback API Configuration trying to make but not connecting on it giveing error
Welcome to Stack Overflow! There are a couple ways to call REST APIs in Azure. There is a neat video that explains how to do this via Postman here. Also ensure that the access token being used for Authentication is a valid one in the Authorization header. Refer to this doc to understand the right format.
Related
I am using the new msal.js for Single Page Applications (https://www.npmjs.com/package/#azure/msal-browser). The good news is I got it all working! So after logging in to azure ad I get redirected to my app with an access code and with that code msal is getting accesstoken/refreshtoken/idtoken from the azure code.
After this I am using the accesstoken to access my own web API that is hosted on my own on premise server. I am using spring boot in combination with azure-active-directory-spring-boot-starter. This all works fine too.
My question is: My server is contacting microsoft every time there is a request to the server.... why is this? It has got the JWT token from the request, the server knows clientid & client secret so why does it still needs to contact Microsoft? What is it doing/verifying? If I close the outgoing access to the Internet it is complaining "Couldn`t retrieve remote JWK set: connect timed out". So it looks like it is mandatory...
Could anybody explain how this is working? Beside this, does anybody know what range of ports need to be opened to microsoft?
Thanks in advance for your help!
Regards,
Peter
That network call is used to acquire the keys needed to verify the JSON Web Tokens.
Docs: https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-the-signature
More: https://github.com/microsoft/azure-spring-boot/issues/802#issuecomment-571076721
I have configured Azure Application Insight for monitoring our systems and was trying to enable the alerting. I'm using app insight availability test which provides a functionality to call a webhook URL.
I wrote a webhook using HTTP triggered Azure function, but the problem is it exposes a public URL which if called will raise an alarm on our internal alerting system. So I plan to authenticate the call to webhook.
Is there any way I can authenticate the call possibly using OAUTH.I don't want to provide the token in URL, looking for something secure. Another problem with manually using token in URL is that token rotation will require manual work.
Any suggestions on I can automate this task which will take care of secret rotation will be appreciated.
I believe token based authentication is the only possible route as of today as documented here.
But I think you should still be able to use a Function App without worrying about key rotation since the function keys can be read through the Functions API if the AzureWebJobsSecretStorageType app setting is set to files as documented here.
I tried to implement custom Authentication via a authentication endpoint in an azure mobile app. I've created an Api Controller, that creates the Jwt using Azures AppServiceLoginHandler.CreateToken method. When I post to this controller with turned off Azure App Service Authentication, I get a token, but when I want to use it later, I always receive a "401 Unauthorized".
But when I turn the setting on in the Azure Portal, and send the very same request
I get:
The requested resource does not support http method 'GET'.
I'm not changing any code, and I'm certainly using a POST request - The exact same request, that works with turned off App Service Authentication.
My Code is essentially the same as here:
https://www.newventuresoftware.com/blog/custom-authentication-with-azure-mobile-apps
Could someone enlighten me here? Do I need additional configuration somewhere?
As adrian hall's book about Custom Authentication states as follows:
You must turn on Authentication / Authorization in your App Service. Set the Action to take when request is not authenticated to Allow Request (no action) and do not configure any of the supported authentication providers.
For custom authentication, you need to turn on the Authentication / Authorization in your app service for authenticating your token. Moreover, I would recommend you leverage fiddler to capture the network traces to narrow this issue. Additionally, you need to make sure that you send the custom login request with HTTPS. Details, you could follow this similar issue.
I am using the API mentioned on https://msdn.microsoft.com/en-us/library/azure/mt219004.aspx to get the information on how much individual Azure resources is charging.
However I am getting a 401 response with error message as
The 'Authorization' header is missing."
There seems to be lack of documentation on how to make the API call with proper authentication.
Thanks for any help in advance.
If you are making the call interactively, you can use the same AuthenticationContext.AcquireToken method the billing reference application is using to authenticate example source.
If you want to call the billing API unattended from a service for instance, I have an example here using a service principal.
What I'm hoping to accomplish is a connection to Visual Studio Team Services through the Microsoft Account authentication provider. I've been following the documentation here (https://github.com/Azure/azure-content/blob/master/articles/app-service-api/app-service-api-dotnet-connect-to-saas.md) and have a couple problems with the implementation.
They use the Microsoft.Azure.AppService.ApiApps.Service package to get to the token from the api gateway
// Retrieve the token from the gateway
var runtime = Runtime.FromAppSettings(Request);
var dropboxTokenResult = await runtime.CurrentUser.GetRawTokenAsync("dropbox");
But when I publish my webapp I get a 500 error when trying to create the Runtime object, the remote Debugger literally just dies on the line below and I don't even see any logs in the api's streaming logs interface to give more info on the error.
var runtime = Runtime.FromAppSettings(Request);
Any idea on how to get to the token?
Documenation for implementing microsoftaccount authentication with a web api is kinda scarce, any links to examples or documentation that was helpful to you guys out there?
Also, is the apiapp.json file really even necessary? They create one in the example but authentication setup Via the Azure blades seems to work ok and leaving the apiapp.json file out of the api doesn't seem to matter either way. In the end I'd like my web api to maintain authentication via microsoft account no matter where it's moved to, so I figured there would be settings somewhere I would need to specify but can't really put that piece together either.
It looks like you're using the old model for building API apps (which involves a gateway) which has been deprecated. I believe its still supported, but the official way to build API apps has since changed, and you might find it a bit simpler to work with. More information can be found here: https://azure.microsoft.com/en-us/documentation/articles/app-service-api-whats-changed/
Documentation for leveraging Microsoft Account authentication is here: https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-microsoft-authentication/
Once you're all set up, there are a few different ways you can obtain the token. You can find it as an inbound HTTP header (x-ms-token-microsoftaccount-access-token) or you can use the App Service Server SDK to obtain it: something alongs the lines of:
var creds = await this.User.GetAppServiceIdentityAsync<MicrosoftAccountCredentials>(this.Request);
string accessToken = creds.AccessToken;