I'm running into an error when trying to authenticate a user via Facebook using the Azure Mobile Services built in APIs. I've looked through my packages and can't see any reason why I'd have two providers as suggested in the error:
Multiple types were found that match the login provider named
'facebook'. This can happen if multiple login providers are defined
with the same name but different casing which is not supported. The
request for 'facebook' has found the following matching login
providers: Facebook Facebook.
I did create a branch that upgraded to the App Services and then reverted back to AMS instead. I'm wondering if something is lingering which is causing the problem.
My package list is as follows:
Autofac{3.5.2}
AutoMapper{3.2.1}
EntityFramework{6.1.1}
Microsoft.ApplicationInsights{1.0.0}
Microsoft.ApplicationInsights.Agent.Intercept{0.17.0}
Microsoft.ApplicationInsights.DependencyCollector{1.0.0}
Microsoft.ApplicationInsights.JavaScript{0.11.0-build09387}
Microsoft.ApplicationInsights.PerfCounterCollector{1.0.0}
Microsoft.ApplicationInsights.Web{1.0.0}
Microsoft.ApplicationInsights.Web.TelemetryChannel{1.0.0}
Microsoft.AspNet.Cors{5.2.2}
Microsoft.AspNet.Identity.Core{2.0.1}
Microsoft.AspNet.Identity.Owin{2.0.1}
Microsoft.AspNet.Razor{3.2.2}
Microsoft.AspNet.WebApi.Client{5.2.2}
Microsoft.AspNet.WebApi.Core{5.2.2}
Microsoft.AspNet.WebApi.Cors{5.2.2}
Microsoft.AspNet.WebApi.OData{5.2.2}
Microsoft.AspNet.WebApi.Owin{5.2.2}
Microsoft.AspNet.WebApi.Tracing{5.2.2}
Microsoft.Data.Edm{5.6.2}
Microsoft.Data.OData{5.6.2}
Microsoft.Data.Services.Client{5.6.2}
Microsoft.Owin{3.0.0}
Microsoft.Owin.Host.SystemWeb{3.0.0}
Microsoft.Owin.Security{2.1.0}
Microsoft.Owin.Security.ActiveDirectory{2.1.0}
Microsoft.Owin.Security.Cookies{2.1.0}
Microsoft.Owin.Security.Facebook{2.1.0}
Microsoft.Owin.Security.Google{2.1.0}
Microsoft.Owin.Security.Jwt{2.1.0}
Microsoft.Owin.Security.MicrosoftAccount{2.1.0}
Microsoft.Owin.Security.OAuth{2.1.0}
Microsoft.Owin.Security.Twitter{2.1.0}
Microsoft.WindowsAzure.ConfigurationManager{2.0.3}
Newtonsoft.Json{6.0.4}
Owin{1.0}
RazorEngine{3.4.1}
Sendgrid{6.1.0}
SendGrid.SmtpApi{1.3.1}
System.IdentityModel.Tokens.Jwt{3.0.2}
System.Spatial{5.6.2}
WindowsAzure.MobileServices.Backend{1.0.470}
WindowsAzure.MobileServices.Backend.Entity{1.0.470}
WindowsAzure.MobileServices.Backend.Storage{1.0.470}
WindowsAzure.MobileServices.Backend.Tables{1.0.470}
WindowsAzure.ServiceBus{2.3.4.0}
WindowsAzure.Storage{3.1.0.1}
Is there anything here which could be causing the issue?
Having compared with an older version of the project, it looks to not be related at all to my packages. Instead the problem was caused by adding the login provider within the WebApiConfig class.
Removing the following resolved the issue:
options.LoginProviders.Add(typeof(FacebookLoginProvider));
Related
We use the Microsoft.SharePoint.Client library to automate SharePoint work from our workflow engine but yesterday, one of our client informed us they wanted to disable the Legacy Authentication (LegacyAuthProtocolsEnabled to false).
Once I tried it on our end, I ended up getting an Unauthorised exception.
All in good wanting to disable the Legacy Authentication for obvious security reason, but the problem with the Modern Authentication is that it requires user interaction which is clearly not a solution since we are running tasks in the background.
I've been googling this for quite some time but I haven't found a solution as of yet on how to handle automatic authentication for background work.
Is there a way to "authenticate" to SharePoint without any user interaction while LegacyAuthProtocolsEnabled is set to false?
I found an article that suggested using the App Authentication but after reading more about it, I believe this is considered an old method to authenticate and is likely to be deprecated as well over time, but I thought I'd still give it a go just in case but it did not work. When I got to
https://tenant.sharepoint.com/_layouts/15/appregnew.aspx
Where tenant is our company domain name, and I click on the "Create" button after filling in all the relevant fields, I get the following error, which is completely useless:
Sorry, something went wrong
An unexpected error has occurred.
TECHNICAL DETAILS
According to this article HOW TO HARDEN YOUR SHAREPOINT ONLINE ENVIRONMENT BY DISABLING LEGACY AUTHENTICATION, Legacy Authentication was no longer be an option as of the 13/10/2020, yet here we are, and the option is still available in SharePoint 365 and while the article is interesting explain why Legacy Authentication should be switched off, etc... it does not get into any details as to how automated solutions should be handled.
Also found an old thread "LegacyAuthProtocolsEnabled" and Scripted Logons to SharePoint Online? where #DeanWang suggests leaving it turned on as:
All custom CSOM, PowerShell code will stop working
This may also prevent third-party apps from accessing SharePoint
Online resources.
I'm going to stop here as I could keep going and the question is already too long for my liking and bottom line is, does anyone know if there is a way, and what is the best way, to authenticate to SharePoint while running automated "scripts/code" from a background task without requiring any user interaction while the Legacy Authentication is switch off?
Thanks
Update-1
After reading articles after articles, I've yet to connect to SharePoint 365.
I also spend more time on the PnP Framework as recommended by numerous articles. I created a dummy app with the following sample code which is used again in various articles, including this one:
Secure Authentication of SharePoint with PnP Framework with C#(Code)
My code is identical as you can see:
var clientContext = new AuthenticationManager().GetACSAppOnlyContext(
"https://mycompany.sharepoint.com/sites",
"MyClientid",
"MySecretId");
using (clientContext)
{
//Get Lists
var web = clientContext.Web;
var lists = web.Lists;
clientContext.Load(lists);
clientContext.ExecuteQuery();
foreach (var list in lists)
{
}
}
And even though I've granted full control in Azure for the specific test app that's using the specific ClientId and SecretId
I'm still getting the following error (401 - unauthorized):
System.Exception
HResult=0x80131500
Message=Token request failed.
Source=PnP.Framework
StackTrace:
at SharePointPnP.IdentityModel.Extensions.S2S.Protocols.OAuth2.OAuth2S2SClient.Issue(String securityTokenServiceUrl, OAuth2AccessTokenRequest oauth2Request) in /_/src/lib/PnP.Framework/Utilities/OAuth/OAuth2S2SClient.cs:line 18
at PnP.Framework.Utilities.TokenHelper.GetAppOnlyAccessToken(String targetPrincipalName, String targetHost, String targetRealm) in /_/src/lib/PnP.Framework/Utilities/TokenHelper.cs:line 116
at PnP.Framework.Utilities.ACSTokenGenerator.GetToken(Uri siteUrl) in /_/src/lib/PnP.Framework/Utilities/ACSTokenGenerator.cs:line 37
at PnP.Framework.AuthenticationManager.<GetContextAsync>b__59_0(String site) in /_/src/lib/PnP.Framework/AuthenticationManager.cs:line 971
at PnP.Framework.AuthenticationManager.<>c__DisplayClass75_0.<GetAccessTokenContext>b__0(Object sender, WebRequestEventArgs args) in /_/src/lib/PnP.Framework/AuthenticationManager.cs:line 1336
at Microsoft.SharePoint.Client.ClientRuntimeContext.OnExecutingWebRequest(WebRequestEventArgs args)
at Microsoft.SharePoint.Client.ClientContext.FireExecutingWebRequestEventInternal(WebRequestEventArgs args)
at Microsoft.SharePoint.Client.ClientContext.GetWebRequestExecutor()
at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()
at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()
at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
at ConsoleApp5.Program.Main(String[] args) in C:\Users\myuser\source\repos\ConsoleApp5\ConsoleApp5\Program.cs:line 23
This exception was originally thrown at this call stack:
[External Code]
SharePointPnP.IdentityModel.Extensions.S2S.Protocols.OAuth2.OAuth2WebRequest.GetResponse() in OAuth2WebRequest.cs
SharePointPnP.IdentityModel.Extensions.S2S.Protocols.OAuth2.OAuth2S2SClient.Issue(string, SharePointPnP.IdentityModel.Extensions.S2S.Protocols.OAuth2.OAuth2AccessTokenRequest) in OAuth2S2SClient.cs
Inner Exception 1:
WebException: The remote server returned an error: (401) Unauthorized.
Is there another section I should be looking at (and change) in the App Registration in Azure
Since it's the SharePoint Online that we are talking about, one easy way to connect to different SharePoint Sites is by using the Azure AD App-Only approach and since you are talking about a Deamon Service you can easily use Application Permissions when registering the App Registration.
You can, and you should, read more about it from the linked Microsoft Docs article.
You can also loggin via certificate or app registration secret as it is discribed in the Log in to Microsoft 365 in order to create automated CI CD SPFx pipelines, for example.
Hope the above helps, if not feel free to ask :)
Update: Please read below in order to have a better understanding.
Firstly, in your code segment you are using a wrong method from the PnP.Framework package.
AuthenticationManager().GetACSAppOnlyContext()
The above method refers to a completely different method of obtaining an authentication token, more specifically the Sharepoint App-Only model, which... well.... more or less is not being used nowadays quite so ofte. I think I read somewhere that MS is thinking of retiring this kind of Authentication and going onwards on the path of Azure Active Directory authentication, but, unfotunately, I cannot seem to find the link.
Furthermore, I have collected three projects and uploaded them to github for you to see. You can simply clone the repo and run the projects as-is from HERE.
As you will be able to see for yourself, there are three projects in the solution, which you can run each one individually from VSCode or Vs.
More in detail:
ConsoleApp1
(sorry for the name but forgot to switch it :) )
This is a Deamon Console Project that references the PnP.Framework namespace and tries to utilize all of the goodies that the good folks form the PnP Community have contributed.
The procedure is straight forward and is the same for all three projects ->
Read the AppConfiguration
Request the Access Token with appropriate scopes (Depending the service that i am referencing)
Declare the Token to be used by our Client Context.
In the PnP.Framework-related project the above cycle can be seen as below
AuthenticationConfiguration config = AuthenticationConfiguration.ReadFromJsonFile("appsettings.json");
var authManager = new PnP.Framework.AuthenticationManager(config.ClientId, config.Certificate.CertificateDiskPath, config.Certificate.CertificatePassword, config.Tenant);
using (var cc = authManager.GetAccessTokenContext("https://<REPLACE:name of tenant>.sharepoint.com/sites/testsite2", (string siteURL) => authManager.GetAccessToken(siteURL)))
ConsoleAppMSGraph
As the name suggests this Deamon Console App utilizes GraphServiceClient graphClient in order to get all the information that you request through the graph endpoint.
Subsequntly, you will notice that for this porject the scope name changes to
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
In addition, we request a collection of all the lists that currently reside in our SharePoint Root Site with the below segment:
var lists = await graphClient.Sites["root"].Lists
.Request()
.GetAsync();
ConsoleAppSPClient
This app is the default and most simple way of accessing data on Sharepoint.
The projects utilizes MSAL.Net and Microsoft.Sharepoint.Client namespaces in order to fetch an access token and, subsequently, embed that token in all our next requests.
In order to keep the answer a bit short, please refer to here in order to see how we initiate a Confidential App Client, request for a token and, later on, embedd it in our ClientContext object.
Notes
I have listed in the Readme.md of the repo, which permissions you should give to your app registration. You can view them Here.
I am using the Sites.FullControl.All but you can narrow down the list of sites that the app registration will have access by using the Sites.Selected.
All of the above projects, reference a common class library that serves as a strongly typed configuration object.
IMPORTANT you should always use a certificate to authenticate the client app as it is mentioned here. The previous link also describes the way you can create a certificate and upload it to the store of the app registration.
Amazing! Thank you very much #Jimas13. For the last 2 weeks I was struggling to find solution to my problem!! You saved me!! If you ever been in Greece let me buy you a drink!
I have created an app registration within my tenant in B2C which I would like to use in a Flutter app. I've used the flutter_appauth package in my Flutter project to access the B2C instance.
However, when attempting to run the application, I receive the following error:
I double checked my registration, and the information seems correct:
Within my Adnroid / build.grade file I have the following specified:
manifestPlaceholders = [
'appAuthRedirectScheme': 'msauth://com.parasol.app/Bmce%2B9aHdOoVtE7fS3B07tfj7Bc%3D'
]
I have attempted with just 'com.parasol.app' and 'msauth://com.parasol.app' and I receive the same issue.
Any help would really be appreciated.
The issue seems to be related to the request formation in the first place.
First off, make sure you have the following lines in your build.gradle:
defaultConfig {
manifestPlaceholders = [
'appAuthRedirectScheme': 'com.parasol.app'
]
}
As for the app registration, try creating a new app registration as per the following guide: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-native-application?tabs=app-reg-ga with the only difference that the redirectUri should be
com.parasol.app://oauthredirect
Double check you've filled the values for clientId, discoveryUrl, scopes properly to form the request.
If you can share the code you use for calling the authorizeAndExchangeCode method with all the parameters it would help understand the issue further.
I'm using Kentico V10 and I can run the website locally. However, when i try to use the API from a console app, i'm getting the following error.
{"Object type 'cms.class' not found."}
The stackTrace has a call to check license. I'm following this page, and it says you have to add a license for your domain, but what domain is used when you are running from a console app?
https://docs.kentico.com/k10/integrating-3rd-party-systems/using-the-kentico-api-externally
I'm using this code from taken from this page.
https://docs.kentico.com/k10/managing-users/user-registration-and-authentication/configuring-single-sign-on
CMS.DataEngine.CMSApplication.Init();
string userName = "myuser";
// Gets the user with the specified user name
UserInfo userInfo = UserInfoProvider.GetUserInfo(userName);
// Gets the authentication URL for a specified user and target URL
string url = AuthenticationHelper.GetUserAuthenticationUrl(userInfo, "SecuredSurvey");
If that was available via the REST API, i'd be happy to get the URL that way, but from what i can see, it's not available.
-Randy
Kentico has some good documentation on how to use the API in an external application, specifically a console library here.
Very notable steps are:
Connecting to the database; make sure you use the same connection string as in your web.config
Install the Kentico.Libraries NuGet package
Initialize Kentico in your application in the Global.asax file.
Write custom code all day long.
To play with the demo-sessions app, I've got the oauth2 app mounted on /oauth2 as required.
In arangodb/Foxx doc, the oauth2 endpoints seems to be defined as strings (i.e https://github.com/arangodb-foxx/util-oauth2 )
But when I perform that with correct urls, and try to play with oauth, I've got an error :
...\oauth2\APP\manifest.json\": attribute child \"authEndpoint\" fails because [\"authEndpoint\" must be an object] (was \"[object Object]\").]","...
Oauth endpoints definitions are expected to be objects, not strings.
So what is the correct configuration for Foxx oauth2 ?
Thanks for help,
I can't reproduce your problem but the OAuth2 app has been updated for ArangoDB 2.7. You can still install odler versions of the OAuth2 app from the "install from GitHub" dialog, though.
I understand my mistake. In the code of the oauth2 2.0 release, the manifest just references the export.js file. In the previous release (1.2), a providers.js file was supplied and referenced in the manifest. Then in this previous release, it was possible to use different providers (what I want) as described in the 1.2 setup.js.
var providers = db._collection(providersName);
I just fetch the files providers.js, and setup.js from 1.2 github tag and configure them for my configuration, and that's ok.
I had build and install openam 12 from source code, from svn checkout
link:
svn checkout https://svn.forgerock.org/openam/tags/12.0.0/openam/
after that I had used external OpenDJ-2.6.0 with openam , installation is successful.
But when I add new user and click OK I got error
Error :”Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=65”
Also check in OpenDJ-2.6.0 logs access logs:
[25/Feb/2015:16:27:00 +0530] ADD RES conn=6 op=131 msgID=132 result=65 message=”Entry uid=indranis,dc=xyz,dc=net violates the Directory Server schema configuration because it contains an unknown objectclass iPlanetPreferences” etime=2
Same exception I got when I try to add group ,
but able to solve referring following link:
https://java.net/projects/opensso/lists/users/archive/2007-08/message/21
remove manually from Data Store – opends and remove groupOfURLs or groupOfUniqueNames from the LDAP Groups Object Class
Is there is issue with openDJ2.6 version , or any changes do I need to configure?
I got issue resolve, by installing openAM with embeded datastore and and then after installation ,configured it with an external opendj store and removed embedded one.