FAQ Database Discussion Community

Getting Roles for Group Membership Azure AD

We got a ADAL premium license and we are able to assign more then one role to a user successfully. But we can across this problem where a user 'Rob' is in 2 different groups i.e. (Group A and Group B) and we assigned Group A to 'Spanish Translator' and...

Single sign on single native client windows phone using ADAL

We have a windows phone native app (and building for android, iOS also) which uses ADAL to get token for ex:graph. ADAL is asking for credentials for the first time. Now inside of this native app on some frame we have a WebView control which launches another website (our own)...

Office 365 Rest Api Having issues getting access token

So far i have this. public static async Task<OutlookServicesClient> CreateOutlookClientAsync(string capability) { try { string authority = CommonAuthority; // Create an AuthenticationContext using this authority. _authenticationContext = new AuthenticationContext(authority); //See the Discovery Service Sample (https://github.com/OfficeDev/Office365-Discovery-Service-Sample) //for an approach that improves performance by storing the discovery service information in a cache....

ADAL for Android - What is the correct way to handle errors?

When using ADAL for Android I found something a bit confusing regarding the acquireToken() API error handling. From the source code it seems that error handling should be accomplished by catching AuthenticationException and inspecting its ADALError enum property. However, the AuthenticationResult class has an AuthenticationStatus property and it could return...

Authenticate SignalR call through ADAL JS

I have a web api hosted on Azure having Azure AD authentication configured and running properly (all controllers have the Authorized attribute). The front-end runs AngularJS and authentication of the http requests is implemented by using the amazing ADAL JS library (adalAuthenticationServiceProvider). Beside the web api I also have a...

How to correctly send a PATCH request

I need to call this REST endpoint PATCH https://graph.windows.net/contoso.onmicrosoft.com/users/[email protected]?api-version=1.5 HTTP/1.1 { "<extensionPropertyName>": <value> } Please see documentation here: https://msdn.microsoft.com/en-us/library/azure/dn720459.aspx I have the following code to set the value of one property for a user: public async Task<ActionResult> AddExtensionPropertyValueToUser() { Uri serviceRoot = new Uri(azureAdGraphApiEndPoint); var token = await GetAppTokenAsync(); string...

Authenticate against an Azure Mobile Service App with ADAL.js acquired token

I'm trying to authenticate a HTML app against an Azure Mobile Service app. The Setup Both apps use AAD as authentication backend, so both apps have an application registered in the Active Directory: Azure Mobile Service app: configured as described in https://azure.microsoft.com/en-gb/documentation/articles/mobile-services-how-to-register-active-directory-authentication/ I edited the manifest to enable the client...

ADALiOS:Cannot add a new item in the keychain / O365-iOS-Connect-Swift

I am currently working on an iOS-App that connects to Office365, with the target of iOS7. The following pods are used: pod 'ADALiOS', '~> 1.2.1' pod 'Office365/Outlook', '= 0.9.1' pod 'Office365/Discovery', '= 0.9.1' When I run it in the simulator all works fine. When I run it on the device,...

Azure ADAL AcquireToken from different tenantId

Does anybody know how to call AcquireToken from a web server for an endpoint that is not the tenantId that the server is associated with? I am trying to get an Azure Management token from https://login.windows.net/XXX/ where XXX is not my tenantId. This only works if i use the AcquireToken...

Skip “login.windows.net” and redirect to federated ADFS

Any suggestion on how to skip the selection of login url (home realm?)

ADAL js does not work in IE when acquiring token for remote endpoint

ADAL.js does not work in IE when acquiring token for remote endpoint. The sample "https://github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet" suggests to uncomment line of code: "cacheLocation: 'localStorage', // enable this for IE, as sessionStorage does not work for localhost." But apparently it doesn't help. Running the application side by side in IE and Chrome....

Create Azure AD ClientCredentials Key from PowerShell

In the Azure Portal I can create an Application, Key and Permissions to the Graph API. I can get a Token using: AuthenticationContext ac = new AuthenticationContext("https://login.windows.net/graphDir1.onmicrosoft.com"); ClientCredential cc = new ClientCredential("b3b1fc59-84b8-4400-a715-ea8a7e40f4fe", "FStnXT1QON84B5o38aEmFdlNhEnYtzJ91Gg/JH/Jxiw="); AuthenticationResult authResult = ac.AcquireToken("https://graph.windows.net", cc); Using the Azure Active Directory Module for Windows PowerShell I can create...

'authority' should be in Uri format Parameter name: authority

I developed my mvc app based on this example: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet Authentication works perfect with Azure AAD, and I can see the user is logged on: http://screencast.com/t/v7G6OgXC However in the following controller I want to print out some APP properties, and I get the error above 'authority' should be in Uri...

Angular JS App shows blank screen

I have the following app configuration which should load one full page, however instead its showing nothing and when I check the console its totally empty with zero errors: My code is as follows: App.js 'use strict'; angular.module('inspinia', ['ngRoute', 'AdalAngular']) .config(['$routeProvider', '$httpProvider', 'adalAuthenticationServiceProvider', function ($routeProvider, $httpProvider, adalAuthenticationServiceProvider) { $routeProvider.when("/dashboard_1", {...

Getting username and group info from Azure using adal4j

I am developing a mobile app in which I need to authenticate a user against Azure AD. Basically the user will be prompted their organisational email and password, which the mobile phone app sends to the backend server which will authenticate. I have the 'public-client-app-sample' of 'azure-activedirectory-library-for-java' working, and can...

ADAL user consent triggered even when admin has already consented

I've created a Web API which uses Azure Active Directory for its authentication. It uses a multi-tenant AAD. To test it, I also created a console app which uses the ADAL library to authenticate against AAD so I can access my API. In the main AAD tenant all is working...

ADAL 3.2 alpha AcquireTokenAsync iOS does not dismiss sign in form

I've been using the ADAL 3.x alpha versions with Xamarin.Forms on iOS for a couple of months now and had no problems with 3.0 and 3.1, however with 3.2 I get the problem that the sign in screen does not dismiss when you click the "Sign in" or "Cancel" buttons...

Authentication Context error intent is not resolved

I am trying to authenticate an android appliction against an Azure Active Directory to validate users and eventually gain access to Office 365 hosted Sharepoint lists, using the sample codes here. But everytime I attempt to do so I get an com.microsoft.aad.adal.AuthenticationException: Activity is not resolved. Verify the activity name...

Authorization in Cloud Applications using AD Groups issue with new group

I have an asp.net mvc application and my code is based on this article: http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/ and on this sample code: https://github.com/dushyantgill/VipSwapper/tree/master/TrainingPoint I created a controller for the global admin public class GlobalAdminController : Controller { // GET: GlobalAdmin [AuthorizeUser(Roles = "admin")] public ActionResult Index() { return View(); } } and...

Custom Authorize Attribute on asp.net mvc

I have an asp.net mvc app which authorizes with Azure AAD. The app is based on this github example: https://github.com/dushyantgill/VipSwapper/tree/master/TrainingPoint this app has a custom authorize attribute public class AuthorizeUserAttribute : AuthorizeAttribute { protected override void HandleUnauthorizedRequest(AuthorizationContext ctx) { if (!ctx.HttpContext.User.Identity.IsAuthenticated) base.HandleUnauthorizedRequest(ctx); else { ctx.Result = new ViewResult { ViewName...

How do I secure an Azure Mobile Service with Azure AD? ADAL.JS

I have created an application in my Azure AD. I switch into the Mobile Service and go to the identity tab. For MS identity is asks for a client ID. I found the Client ID in the Azure AD configure tab. However, I had no idea what to use for...

ADFS connection in Xamarin studio

I have been through various blogs and posts but I was not able to find ADFS token based authentication. Where can I get this problem solved??? I have tried for Azure ADAL but thats not what I need.

adal javascript windows store app token

I have a javascript windows store app that is authenticathing with AAD via Microsoft.Preview.WindowsAzure.ActiveDirectory.Authentication library. It works against an ASP.NET WebAPI hosted in Azure. It works fine, it prompst the user to login (windows login service), once logged the user can work and is not asked to log in again....

Active Directory Authentication for java application with Oauth2 client credential grant produces “unauthorized_client” error

I've been trying for a week to authenticate on Azure Active Directory with a Java application which presents client credential grant, in order to retrieve an access token to target the Outlook Office365 REST API, but could not succeed. The server always returns an error : com.microsoft.aad.adal4j.AuthenticationException: {"error":"unauthorized_client","error_description":"AADSTS70002: Error validating...

ADAL - Error calling AuthenticationContext in javascript app

I´m getting an error when I call AuthenticationContext method from my windows store app HTML/Javascript. The code is the next: var adal = Microsoft.IdentityModel.Clients.ActiveDirectory; var authcontext2 = new adal.AuthenticationContext(audience); and the error I'm getting is: 0x80040154 - JavaScript runtime error: Class not registered Any clue how to solve this? I'm...

Using Office-365-SDK-for-iOS

I am integrating Office-365-SDK-for-iOS to fetch the user profile and contacts from outlook 365. I configure my application on azure management portal successfully. below are the constants for the app- #define OutlookClientId @"11d21f9f-6b16-4ea9-8f73-bbc9a65ac72b" #define OutlookAuthority @"https://login.microsoftonline.com/06cbda59-d75b-4547-8406-e6af3ff4c658/oauth2/token?api-version=1.0" #define OutlookRedirectUrl @"http://localhost/MyAppName" #define OutlookRsourceId @"https://graph.microsoft.com/" When I am giving resourceId is...

ADAL for Windows Phone 8.1 Problems

I'm creating a Windows Phone 8.1 app (Windows Runtime) that will need to authenticate against an Azure Active Directory OAuth endpoint. I'm using the ADAL for WP81 nuget package as the authentication manager to get the OAuth token back. The problem I am struggling with, is where I need to...

How can I get the JWT access_token after loging in with ADAL.js?

I see that adal.idtoken is stored in the cache. However, it doesn't look like a JWT which is what I think I need to pass to my azure mobile service to get a AUMO auth token.