I have configured azure web api and my react app and that is working perfectly until I turn On Azure authentication as shown in below screenshot. Once I turn it on I am getting
"You do not have permission to view this directory or page." for all my web apis.
And this message is from Azure and Authentication type is advanced in azure .
Am I missing anything here ? (My client want's it to be turned on. )
Easy Auth won't validate automatically the token for you. You need to add the JWT Validation to your webapi:
https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapi-manual-jwt-validation/
Related
I am working on a project, in which I am building a publish-subscribe system through Azure Web PubSub Service. The JavaScript clients (subscribers) are connected through socket and able to receive the published message on the Hub and in the Group. For this I followed this tutorial: https://learn.microsoft.com/en-us/azure/azure-web-pubsub/tutorial-pub-sub-messages?tabs=javascript
Everything is working fine, as I am in the POC phase yet. So currently I am publishing messages through JavaScript from above tutorial. But now I am starting to integrate it in my existing app which is developed in PHP. So I am thinking to use following Azure REST API for Web PubSub operation: https://learn.microsoft.com/en-us/rest/api/webpubsub/dataplane/web-pub-sub
Before this I worked on the Azure Graph APIs, in which I did an App Registration at Azure Portal with some Redirect URLs, and assign some permissions to access the resources. I did this for Outlook Mail, Overdrive, SharePoint and its very straight forward process to get the access token (JWT) to access the resources.
But I am stuck and unable to get the access token for Azure Web PubSub API. I need token to just Publish a message from PHP end by REST API. I checked in App Registration's > API permissions section, there is no permission for the Azure Web PubSub Service. I checked the same app in Enterprise application also. Did some hit and try, but didn't get the access token. I know the issue is with the permission.
Please help me to get the token for this, so will call the Web PubSub API, Or if I am missing something please help me to trace. Any suggestion are welcome.
Thanks.
I think you can make use of the following REST API endpoints:
Web Pub Sub - Grant Permission
https://learn.microsoft.com/en-us/rest/api/webpubsub/dataplane/web-pub-sub/grant-permission#webpubsubpermission
Web Pub Sub - Generate Client Token
https://learn.microsoft.com/en-us/rest/api/webpubsub/dataplane/web-pub-sub/generate-client-token
I have a dotnet core api in an app service on Azure.
When I run this locally, with authentication switched on, I can generate a bearer token and use that to successfully access the end points.
On azure, when authentication is switched off I can access the end points, but when I switch authentication on in azure, I can't access any end points with a token. Postman is just returning the standard response "The page cannot be displayed because an internal server error has occurred".
I can't see anything in application insights so I'm really in the dark.
Hoping someone will know of any common issues that could be behind this.
Thanks in advance
You cannot access your web app authenticated with Azure AD using B2C token.
On local, created web app using Visual Studio only have three authentication choices:
As we can see, using Individual User Account is connecting to an Azure AD B2C account.
On portal, you could configure your app service with choices below:
If you are using Log in with Azure Active Directory, you should concern it is not same as B2C. Follow this page to configure Azure AD authentication with web app.
Get the AAD bear token:
Navigate to the app registrations page in your Azure Active Directory, choose the one you created in configuring authentication step. You would see the information like this:
Go to Certificates & secrets page to create a secret, and copy that value, cause you would not see it after leave this page.
Open Postman to get the access token, here is the required parameters:
Use the bear token you got from last step to access your web app:
I have created a new web api and deployed it on azure. The api works with azure AD authentication. This api we need to consume from PowerBI-Desktop application.
If i test the api on browser which is deployed on azure it works fine. However, if I try to consume it in PowerBI it gives the following error.
invalid_resource: AADSTS50001: The application named was not found in the tenant named . This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Why I am getting this error ?
Any help on this appreciated !
You can log in as an admin and make a GET request like so:
https://login.microsoftonline.com/common/adminconsent?client_id=[APPLICATION ID]&redirect_uri=[REDIRECT URI]
And then you'll authorize the application and you'll be able to authenticate =)
I need to implement authentication for azure web api using azure active directory.
client app(which consumes webapi) may or may not be in azure. how i need to authenticate user, where i should generate token if my app is not in azure(if it is IOS app). authentication should work in all cases even if client app is in azure or not.
Please let me now the best procedure to implement authentication.
You need to define the client app in Azure AD as a native app in the case of a mobile app. Then you define the API there, and add your client permissions to access it. You can optionally customize the available permissions through the API app's manifest in Azure AD. Then when your mobile app opens, you would have to authenticate with Azure AD, and then request an access token for the API. That you can then use to authenticate requests.
I can't answer this question in too great detail because it is quite a large topic and how it is done also depends on your platform. There is a sample app that you can check which does exactly what you want. The whole list of examples for native apps can be found here.
App Service to use different authentication providers Azure Active Directory,Facebook,Google,Microsoft,Twitter.
We can set any type of Authentication/Authorization in the Azure Portal.More info about how to use authentication for API Apps in Azure App Service, please refer to document.
By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code.
I've been working on a multi-tenant web application that uses Azure AD authentication, and authentication will intermittently fail with the error message: "AADSTS70002: Error validating credentials. AADSTS50012: Authentication failed." To be more clear, the steps I go through are:
Go to my web app, and click on link to go to Azure AD authentication
Enter valid user credentials for Azure
If this is the first time using my web app, Azure asks the user to grant permissions to their Azure AD information
After accepting the permissions, Azure redirects to the reply URL that I've set up in Azure AD for my application, but it replies with the aforementioned error in the URL string
The application itself is a Node.js web app that uses the Passport module for Azure AD authentication, although I don't think Passport is the source of the problem because the error I get is passed by Azure to the web application's reply URL.
I haven't had luck identifying the source, but I have seen posts from people with similar issues. I have a number of AD accounts that I use both personally and for work, and it seems that there is some remnant left in the browser's cache or local storage that causes this issue because I can switch to another browser or into incognito mode and the problem resolves itself.
I'd like to identify if this is a problem with Azure itself, the way my application handles authentication, or with my work/third party applications implement AD authentication.
I am trying to reproduce this issue using the code sample here in Chrome, however failed.
Based on the same issue link you mentioned, I noticed that the endpoint for he/she using was incorrect. To develop the multi-tenant app, we need to change the specific endpoint with common like below:
https://login.microsoftonline.com/common/
Were you using the specific endpoint? If not, would you mind sharing a code sample to help us to reproduce this issue?