I have created three B2C applications:
TestWebApp
TestApiOne
TestApiTwo
Both API applications were created the exact same way. Web API access is enabled, reply URLs have been specified, an App ID URL has been assigned, and keys have been generated. Both APIs have an additional read and write scope.
In TestWebApp API access, I am able to add TestApiOne with all three scopes without an issue.
When trying to add TestApiTwo to the TestWebApp API access list, the operation fails with the following error.
Failed to add the API access. Reason: The B2C service has an internal
error. If you created this B2C directory just now, please try again
after couple of minutes. If the problem persists, please contact
Support
(https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-support/).
If you do not have a B2C directory you can refer
https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-get-started/
I thought maybe there is a limit of one API per application. To test, I created a temporary application "TempApp". I received the same error displayed above while trying to add API access for both TestApiOne and TestApiTwo.
Has anyone else experienced this issue?
There's not a limit of one API per application. I have done research and it works fine by my side.
Please have a look at the guide and check your steps.
I have tried to replicate the issues that you are facing by putting diff redirect reply url domains and also by making one application to be native and one normal web app but it doesn't help.
Could you try to delete all the webapps and try making 1 and then adding another to it.
Then create the 3rd one.
Please check this or if you can share some screen shots. That would be helpful.
You can definitely add multiple web apps to api access of one web app.
Related
My purpose is to create bug in Azure DevOps directly from Azure Application Insight, I am doing to attach the work item (bug) feature available in Azure Application Insight but on clicking Authorize button it give me following error
Authorization token provided through OAuth does not have access to read/write work items for requested uri/project collection/project
for reference please find the below image.
Updates:
I didnt understand what you meant by private browser, and I have full admin access over Azure Portal.
basically I have the https://dev.azure.com/HealthTechnologies/ReportItNow link in which
https://dev.azure.com is the devop url
HealthTechnologies is the organization
ReportItNow is the Project
so in Azure insight workitem section, URL I am putting https://dev.azure.com/HealthTechnologies/ and in project I am putting ReportItNow, I dont know what i am doing wrong.
Still waiting for this glitch to solve.
Oky let me make it more simple, if I want to automatically create bug in Azure DevOps when ever any new exception came in to the Azure
Application Insight How I can get this into real practical.
I solve this when I took a detailed look at the error message url. It's saying that the missing authorization is for https://uri/Project Collection/Project. Based on that, I changed my url from https://dev.azure.com/organization to https://dev.azure.com/ and it worked,
I am trying to use Blueprism to download pdf files from Sharepoint.
I am using the below code. Url and Path are both variables which get passed through. This is producing a 403 forbidden error. I believe that Blueprism is required to pass credentials to Sharepoint before it will be allowed to download the file. Is this possible?
Using wc As New System.Net.WebClient()
wc.DownloadFile(Url, Path)
End Using
I don't think you have a password related issue, likely the SharePoint is recognising your account access via AD group or SSO of some kind. 403 means the server has understood your request but is denying to fulfil it because of an access reason on the profile you have. Make sure you can manually download the file on the profile you are emulating for a start then also check the profile the bot is operating under (not necessarily yours in some cases ) has access to said file.
Literally 403 is a request that relates to an access issue so somewhere something doesn't have the correct access lined up
First of all, is this a Sharepoint Online or OnPremises version? As you understand, you are connecting to web resource via an API and as such you have to get authenticated and authorized to access those resources.
If it's SPO, you can use the API component for SharePoint integration from DX and configure.
In case of SP On prem, you have to customize a lot to achieve your results.
I have a web app in Azure. The access to that web app is controlled by Azure Active Directory. The app is up and running since September of last year. I didn't make any changes to the app for a while and have 33 users in that app.
So, a week ago I tried to add a user, using the same methods and paths I used before.
The new user can log in to microsoft (portal.office.com). After the initial log in and changing of the password the user goes to the web app in Azure and get the following error: You do not have permission to view this directory or page.
Error tracing gives me this:
HTTP Error 401.73 - Unauthorized You do not have permission to view
this directory or page.
Most likely causes: The authenticated user does not have access to a
resource needed to process the request.
Things you can try: Create a tracing rule to track failed requests for
this HTTP status code. For more information about creating a tracing
rule for failed requests, click here.
Detailed Error Information: Module EasyAuthModule_32bit
Notification BeginRequest Handler
ExtensionlessUrlHandler-Integrated-4.0 Error Code 0x80004005
Requested URL https://*******:80/.auth/login/aad/callback Physical
Path D:\home\site\wwwroot.auth\login\aad\callback Logon Method
Not yet determined Logon User Not yet determined
More Information: This is the generic Access Denied error returned by
IIS. Typically, there is a substatus code associated with this error
that describes why the server denied the request. Check the IIS Log
file to determine whether a substatus code is associated with this
failure. View more information ยป
Microsoft Knowledge Base Articles:
Another observed behavior: usually when new users are logging in the web app asks for permissions for the AD to access their account information. Ever since this problem came up this is not the case any more.
Other users do not have any problems logging in. This problem only happens with new users who never logged in before.
EDIT: When I go to Active Directory and look at sign ins, I see failures to log into the web app with sign-in error code 90092. Failure Reason: Other.
Microsoft help desk could not give me details on that error code.
Checkout the related question and answer here. All new users have to first consent the application (agree and give your application permissions to access their profile / or you indicated as required permissions).
In short, you have to design "sign-up" button for your application, which uses the "login_url" and appends "&prompt=consent" to the query string.
Read all related resources here to better understand the consent framework.
And please read the documentation about Azure App Service Authentication/Authorization here, as well as the Azure AD specific documentation here.
OMG, I just found an answer. I created a test app and set it up to mirror the settings of my live app.
In Required Permissions the new app had nothing for Microsoft Graph, the live app had 5 permissions. I deleted Microsoft Graph and it works now!
I wish Microsoft communicated better about discontinued API's. I did get an alert, but it was mostly talking about MS Office 365.
I've downloaded the starter pack and performed all steps as mentioned in the tutorial. I can create accounts but if I log out and want to sign in again I always get the error invalid username or password. Can anyone share any pointers as debugging this is nearly impossible.
I've created several accounts already just to be sure the password was ok.
I've created the keycontainers
I've created the two applications that are needed in the custom policies (web app and native)
I've updated the extension file with the correct id's
yeah if you dont get your client IDS correct you cant log in and then it constantly reports as invalid credentials.
Double check that you are writing the object ids correctly.
I'm having problems even running a simple Easy API method. I keep getting the response that says "No route registered for '/api/userInfo'".
I know that this location is correct because the I'm opening the App Service editor at https://XXXX/dev/wwwroot/api/userInfo.js
The file also has anonymous access, so there shouldn't be an authorization issue. I'm simply trying to hit the api method from a browser.
The code of this very simple method has been reduced to the following for debugging purposes
module.exports = {
"get":function(){
console.log('whooohooo');
}
};
Is there a setting I'm missing to enable the ability to call Easy API's? I've not been able to find any documentation that states that Easy APIs method must be explicitly enabled, nor can I find any settings related to enabling them.
Please note that I did not set up a Node.js project and deploy it to Azure. I am using an "out of the box" app service.
My end goal is to use an Easy API method go get an authenticated user's email and name, but my efforts have been reduced to confirming that I can call a method. Thanks in advance.
UPDATE:
I've created 3 different mobile App services with no luck and varying advantages.
App Service 1:
This Mobile Apps project is 10 months old and was created in the Azure portal. It has a routing line in the app.js file that suggest that the api route should be present, but doesn't work. I don't remember if i authorized the easy apis when i created it, but the fact that it has the following line suggests that I did
mobile.api.import('./api');
AppService 2:
This project was created in the MobileCenter using the Tables menu option for a Xamarin project. I then navigated to the Azure Portal and hooked up a SQL db to the table. I don't think I had the opt in to use Easy APIs, but the I was allowed to create an Easy API script, then edit it. Upon editing it, I realized that the project had no app.js file. Apparently web apps created via MobileCenter are created differently.
I picked this option because it allows you to use the "per-user" flag when setting up tables and doesn't require you to manually filter out data with a modification to the table's script. Apparently this is not an option if you don't set up an App Service via the MobileCenter??
App Service 3:
I created a brand new project within the portal and followed the the steps Aaron Chen laid out. I opted in, hooked up the table and modified the js file (I created a new one called 'testing'). I browsed to https://zzzzapitestzzzz1.scm.azurewebsites.net/api/testing
and got the dreaded no routes found error. Of course, the API method was created with anon access rights.
Basically, we can easily create an Easy API in the Azure portal.
Select your app service and click on Easy APIs in the MOBILE menu.
Enable Mobile extension for your app by clicking Need to configure Easy Tables/Easy APIs ...
Connect a database and then click Initialize App button.
After app initialized, you can add an API from Easy APIs blade.
Change the userInfo.js file to something like this:
Now, we can access the API with the endpoint http://<yourappname>.azurewebsites.net/api/userInfo.
For more info, please refer to this blog post.