FAQ Database Discussion Community


How to get user name, email, etc. from MobileServiceUser?

c#,wpf,azure,azure-mobile-services,azure-active-directory
After a lot of digging around I've got my WPF application signing users in via Azure Mobile Service. My Mobile Service is connected to an Azure Active Directory that I have set up. However, when I log the user in with MobileServiceClient.LoginAsync(...) the MobileServiceUser UserId is in an unreadable hash...

federate azure active directory with on premise ADFS

azure,azure-active-directory,ws-federation,adfs3.0
I'm trying to federate on premise ADFS 3.0 instance with Azure Active Direcotry instance. The idea is to allow AAD (azure) users to authenticate to an application which trusts the ADFS instance. I added azure AD to claims provider trusts in ADFS (using it's federation metadata document path) then I...

Azure Active Directory Login: Web App Permissions, User Consent not triggered

azure,oauth,active-directory,azure-active-directory
I have currently set up a AAD instance and I am authenticating my users against it via my web app, and it’s working great. When I added and configured the application on AAD, I added the required Application and Delegated Permissions to access the Office365 Calendar API. However, the only...

How do I authenticate via Azure Active Directory with multi-tenant ASP.NET applications?

asp.net,iis,azure,azure-active-directory
I have been doing some tests with Azure Active Directory trial license in my data center. Our company has our own hosting services and physical hardware, and for now we would like to keep it that way (though we may investigate moving it all to cloud services in future). For...

How do I secure an Azure Mobile Service with Azure AD? ADAL.JS

azure,azure-mobile-services,azure-active-directory,adal
I have created an application in my Azure AD. I switch into the Mobile Service and go to the identity tab. For MS identity is asks for a client ID. I found the Client ID in the Azure AD configure tab. However, I had no idea what to use for...

How to get all users that belong in an AppRole using Azure Active Directory Graph API

c#,azure,azure-active-directory
I can't for the life of me figure out how to query Azure Active Directory's Graph API to get all users that belong to a particular AppRole. First I tried something like: client.Users.Where(u => u.AppRoleAssignments.Any(r => r.Id == "some-guid")); But that won't compile because AppRoleAssignments is a IPagedCollection so you...

Why as a co-administrator of a subscription am I unable to edit the Active Directory?

azure,azure-active-directory
A customer made me a co-administrator of his Azure subscription. However, I am unable to edit his Active Directory, ie add/edit users, create applications, etc. Why can't I access that? I'm thinking perhaps the Subscription is owned by the AD and not the other way around. What do each of...

Web API 401 Redirect Azure Active Directory OpenIdConnect

web-api,azure-active-directory,openid-connect
I'm having trouble with 401 responses that cause a redirect (302) to the login page. My application uses both MVC and Web API. I'm using OpenID and Azure Active Directory to authenticate users, my auth setup is as follows: private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; private static string appKey =...

Access Window Azure Active Directory from web API controller to resolve user based on id (v-id)

azure-active-directory
I was trying to resolve an user in Azure web site based on his microsoft email Id (v-Id) using AAD Graph API. Please provide any samples or URLs for this

OData error: “A value without a type name was found and no expected type is available.” when calling Azure Active Directory Graph API

asp.net,azure,active-directory,openid,azure-active-directory
Let's see if you experts have a clue of what's going on here. Context We have a web application running on Azure Web Sites. This WebApp uses OWIN + OpenID Connect to authenticate users against an Azure Active Directory tenant. Also the application uses the Azure AD Graph API to...

How can you use LINQ to find Azure AD users with specific licenses using the Azure AD Graph API Client Library 2.0

c#,linq,azure-active-directory
I started with the sample .NET Graph API Console app which I got working. I want to be able to query Azure AD for all users with a specific license. I think I have to do some sort of nested LINQ query. This was my first attempt IUserCollection userCollection =...

Azure Active Directory as simply user/role validation service

azure-active-directory
Our current process is BizTalk expose a web service for vendor to call in, where the request header contains pre-assigned user name and password. Upon receiving service call, BizTalk validates the credential against the database, extract and attach some metadata from db record to the inbound message (e.g. city, vendor...

Azure AD OAuth2 No permission to access user information

azure,oauth-2.0,azure-active-directory
I am getting this error when trying to get the Token from Azure Active Directory. I have got the code and everything looks great, but now I am getting this? I have tried to give the application all kinds of different permissions? Access Denied { "error":"invalid_grant", "error_description":"AADSTS65001: No permission to...

Why isn't my Azure Website accepting OAuth tokens?

azure,oauth,claims-based-identity,azure-active-directory
I want my application to accept OAuth tokens when hosted using Azure Websites. I have the following: web.config of web app <appSettings> <add key="ida:Realm" value="https://example.com/development" /> <add key="ida:AudienceUri" value="https://example.com/development" /> <add key="ida:Tenant" value="example.com" /> </appSettings> Startup.cs of web app using System; using System.Collections.Generic; using System.Linq; using System.Web; using Microsoft.AspNet.SignalR; using...

how to get the groupId from group name in AAD graph API

.net,azure-active-directory
it is possible to get the groupId from the group name using graph api, i am trying to validate if a user is part of a security group in azure active directory, but only know the group name at a time, i think https://graph.windows.net/mytenantdomain/isMemberOf only supports groupId...

Azure, login to separate accounts with one email

azure,azure-active-directory
I'm a developer that has an Azure account for my own dev stuff. I log into my dev account using [email protected] Next, I set up a client with their own Azure account, then invited myself via [email protected] and set myself as a co-administrator for the client's subscription. When I subsequently...

'authority' should be in Uri format Parameter name: authority

c#,asp.net-mvc,azure,azure-active-directory,adal
I developed my mvc app based on this example: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet Authentication works perfect with Azure AAD, and I can see the user is logged on: http://screencast.com/t/v7G6OgXC However in the following controller I want to print out some APP properties, and I get the error above 'authority' should be in Uri...

Azure Graph API

api,azure,graph,azure-active-directory,graph-api-explorer
Even though I've added apps from gallery to Azure AD, I cannot see when i try to pull the data. But i can see the custom apps added. Like if I've added 7 apps; 2 from gallery(Google Docs, One drive) & 5 custom(native/web apps); I am able to see only...

WAAD Authentication with WebAPI OData service consumed by Excel PowerQuery

asp.net-web-api,odata,single-sign-on,azure-active-directory,powerquery
I've created a WebAPI OData 3.0 web service with an OWIN middleware, which is configured for authentication with Windows Azure Active Directory. The ODataControllers are marked with an [Authorize] attribute, and the IAppBuilder is configured as follows: app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters { ValidAudience...

Azure Active Directory for Web API and clients using OAuth for multiple environments

angularjs,azure,asp.net-web-api,azure-active-directory
I am wondering what the best approach is for handling multiple environments with Azure Active Directory. Is the only way to do this to add an application for the WebAPI and clients for each environment. So for local I would have a localhost-webapi with a sign on like https://localhost/webapi and...

Create Azure AD ClientCredentials Key from PowerShell

powershell,azure,azure-active-directory,adal
In the Azure Portal I can create an Application, Key and Permissions to the Graph API. I can get a Token using: AuthenticationContext ac = new AuthenticationContext("https://login.windows.net/graphDir1.onmicrosoft.com"); ClientCredential cc = new ClientCredential("b3b1fc59-84b8-4400-a715-ea8a7e40f4fe", "FStnXT1QON84B5o38aEmFdlNhEnYtzJ91Gg/JH/Jxiw="); AuthenticationResult authResult = ac.AcquireToken("https://graph.windows.net", cc); Using the Azure Active Directory Module for Windows PowerShell I can create...

Check Office365 session

azure,office365,azure-active-directory
Is there any solutions to understand from my MVC application that user already signed in into Office365? Currently I'm using the code below to authenticate to my MVC application: var authContext = new AuthenticationContext("https://login.windows.net/MyTenantId"); var authResult = authContext.AcquireToken("https://MyTenantId/AppWebApi", "ClientId", new Uri("redirect uri")); By this code user is suggested to enter...

Azure Active Directory and Windows Authentication

azure,visual-studio-2013,.net-4.5,azure-active-directory
I'm using Visual Studio 2013, .NET 4.5. and trying to find out if it's possible to authenticate against Azure Active Directory with a web app using windows authentication instead of organizational authentication? I don't need a separate sign on page or registration, so rather than send them to an azure...

Authenticating a PHP Web App with Azure Active Directory and Azure Mobile Services

azure,azure-mobile-services,azure-active-directory
I've got an existing mobile app that is integrated with Azure's mobile services. The mobile services are currently connected to Azure Active Directory with MFA enabled. I'm attempting to build a separate PHP-based web application that uses this existing mobile service and authentication. Authentication The only active directory of users...

Missing assembly reference Microsoft.IdentityModel.Clients.ActiveDirectory

c#,xamarin,monodroid,azure-active-directory,assembly-references
I'm currently developing a Xamarin.Android application in VS2013. I want to implement Azure Active Directory in my app following this guide. Then I add Microsoft.IdentityModel.Clients.ActiveDirectory nuget package as described. Then I want to add an AuthenticationResult attribute, but then I got a missing assemble reference error. Even when I explicitely...

Azure AD application roles

asp.net-mvc,web-api,asp.net-web-api2,azure-active-directory,openid-connect
I'm trying to create a protected controller via Azure AD application roles. Here is an exempt from Startup.Auth, which is basically provided by Visual Studio template: public void ConfigureAuth(IAppBuilder app) { ApplicationDbContext db = new ApplicationDbContext(); app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = Authority,...

Azure AD Change Password with patch call

c#,azure,azure-active-directory,change-password,http-patch
I'm currently developing a web app in C#. I'm using Azure AD to store the user infomation, so I would like to be able to change the password at some point if the user wishes to do so. Currently the way I'm changing the password is by using a http-patch...

Microsoft Graph API Accessing basic info of a user that is outside tenancy

oauth,ms-office,ews,multi-tenant,azure-active-directory
I am developing a multi-tenant web app managing the mail, contacts and calendar of users. On the AzureAd management portal, I registered my app as multi-tenant and I manage to get OAuth tokens for both people out and inside my tenancy, replacing the tennantId by "common" when querying the Authentication...

Add custom claims to ASP.NET MVC with organizational account (multiple tenants)

asp.net-mvc,azure,claims-based-identity,azure-active-directory
Is there a way to add custom claim to my ClaimsPrincipal once the user is authenticated? When using ASP.NET identity for individual accounts, one could add custom claims to the ClaimsPrincipal when the principal was created but I can not find the way to do this when using the Organizational...

How I connect to Azure Access Panel with a Microsoft Account

azure,azure-active-directory
I have an Azure AD tenant build say it is footenant. Among the users I have an account like this: [email protected] This is not an Azure AD account. I push in it's access panel some applications. But I absolutely don't understand how I can connect to the tenant's access panel...

Azure Active Directory Users (type=User with an existing user account) Json to List Model is giving null

c#,json,azure,single-sign-on,azure-active-directory
I want to deserialize Json result into a model. I am using Azure Single sign on method. when I am login with new new created user in ad (new user in your organization) i am getting proper user info. but if i created new user in AzureAd with "User with...

Getting Roles for Group Membership Azure AD

azure,single-sign-on,azure-active-directory,adal
We got a ADAL premium license and we are able to assign more then one role to a user successfully. But we can across this problem where a user 'Rob' is in 2 different groups i.e. (Group A and Group B) and we assigned Group A to 'Spanish Translator' and...

Validate access token for WEB API protected by Azure AD

azure,asp.net-web-api,azure-active-directory
I'm playing with Azure AD authentication and authorization scenarios and not all clear for me. Currently I'm looking at SinglePageApp-WebAPI-AngularJS-DotNet sample project. And one thing that I can't understand. On the client side we get access token using implicit grant flow - that is clear. Then we send request to...

Azure AD Graph API User memberOf nested groups

c#,azure,authorization,azure-active-directory
I am querying my Azure AD graph API for a user's group memberships. I can make the query just fine, but the results are only the groups that the user DIRECTLY belongs to. None of the nested groups are listed. I'm trying to find out if a user belongs to...

Setting a valid Azure AD uri for PhoneGap

cordova,mobile,oauth-2.0,uri,azure-active-directory
I am working on a mobile app, using the PhoneGap framework. For the next part of the project, I need to allow users to authenticate themselves through their Windows 365 account of the company. For this I'm using Azure AD, with the following AngularJS based library. I have already succeeded...

Getting username and group info from Azure using adal4j

azure,active-directory,azure-active-directory,adal
I am developing a mobile app in which I need to authenticate a user against Azure AD. Basically the user will be prompted their organisational email and password, which the mobile phone app sends to the backend server which will authenticate. I have the 'public-client-app-sample' of 'azure-activedirectory-library-for-java' working, and can...

Azure AD User management delegation

azure,active-directory,azure-active-directory
I am using Azure AD to create users, groups for an application that sits outside of Azure AD (hosted internally) I want the ability to delegate the user management to an admin of that application (create users, assign groups etc) I can see that in the Premium Azure AD subscription...

Authentication failed with Azure Active Directory in Windows Phone

windows,azure,windows-phone-8,azure-active-directory
I am follow the window phone authentication tutorial with Add authentication to your Mobile Services app. And I choose using Azure Active Directory way to make authentication. But the question is: it always fails and shows The remote procedure call failed. (Exception from HRESULT: 0x800706BE) at the following code protected...

Is there a default value to the Azure Active Directory token expiration timeout?

asp.net-mvc,session,azure,session-timeout,azure-active-directory
This might be a noob question. I'm trying to detect session timeout. Now the default ASP.NET session timeout value is 20 minutes. However I have a site that leverages Azure AD for authentication. Is there a default value that the token expires at? Is this something that is configured or...

Using Directory Roles for authorization in ASP.NET MVC application using AAD

asp.net-mvc,owin,azure-active-directory
I am working on a ASP.NET MVC 5 app which depends on multi-tenant authentication using Azure Active Directory. I have authorization setup globally by adding AuthorizeAttribute filter. Now I want the app to be accessible only by users who belong to particular Directory Roles (Global Administrators and User Administrators to...

Azure AD Graph API cannot access Microsoft Account

azure,azure-active-directory
I have 2 users in Azure AD Microsoft Account user Microsoft Azure Active Directory user User 2 always works in Graph API calls but not the user 1. https://graph.windows.net/tenantid/users/[email protected]?api-version=2013-04-05 (Email actually is url encoded as testmail%40hotmail.com). This gives the following error "{\"odata.error\":{\"code\":\"Request_ResourceNotFound\",\"message\":{\"lang\":\"en\",\"value\":\"Resource '[email protected]' does not exist or one of its...

Accessing Calendar, Mail and Contacts of an OAuthenticated user

oauth,ews,azure-active-directory
I configured an application on AzureAd to be multi-tenant, I chose to require all the permissions for Windows Azure Active Directory and Office 365 Exchange Online. I can get a user to grant permissions, get access tokens, refresh them, OAuth works for me. I always used the "common" keyword instead...

ADAL user consent triggered even when admin has already consented

c#,azure,console-application,azure-active-directory,adal
I've created a Web API which uses Azure Active Directory for its authentication. It uses a multi-tenant AAD. To test it, I also created a console app which uses the ADAL library to authenticate against AAD so I can access my API. In the main AAD tenant all is working...

asp.net azure active directory user profile data

c#,sql-server,asp.net-mvc,asp.net-identity,azure-active-directory
I'm working on a MVC application using Azure's AD authentication. I have been looking for a best practice or suggested way to 'extend' the user profile data. For example, I want the users to have a date of birth stored against themselves. I have looked at this but it doesn't...

User identification claim in OpenID connect

azure-active-directory,openid-connect,auth0
I'm setting up authentication with Auth0 and using OpenID Connect. I've set up my OWIN Startup class according to this example. Now my problem is that users from the Auth0 database provide different claims than users that are authenticated by an Enterprise connection (I'm using Azure AD to test this...

Use OWIN to connect an ASP.NET MVC application to Azure AD or use the default templates

asp.net-mvc,azure,asp.net-mvc-5,owin,azure-active-directory
The default templates for Organizational accounts in ASP.NET MVC 5 applications use HttpModules to handle the response from Azure AD and create the corresponding ClaimsIdentity. Looking at the examples for the ADAL library, I saw that it is also possible to use an OWIN middleware for the same purpose. Which...

Create schema extensions in Azure AAD Request_MultipleObjectsWithSameKeyValue

c#,asp.net-mvc,azure,azure-active-directory
I need to create custom properties for my Application in Azure AAD. The code was based on this blog series. I have 3 actions on my controller, one to get the APP (for testing purposes) and other ones to create the extension and list extensions. The problem is that when...

Skip “login.windows.net” and redirect to federated ADFS

single-page-application,claims-based-identity,azure-active-directory,adal,office365-apps
Any suggestion on how to skip the selection of login url (home realm?)

setting up azure ad certificate auth using powershell

powershell,azure,azure-active-directory
I am attempting to setup an Azure AD application to authenticate using a certificate. I have been using this guide to successfully set this up after failing following this guide. I wish to now automate the process so it can be added to our general build scripts, looking at the...

Passing Authentication from WebApp to WebAPI using BreezeJS

odata,breeze,asp.net-web-api2,single-page-application,azure-active-directory
I am having two web applications, one a SPA using AngularJS + BreezeJS and the other a WebAPI. We are building authorization in the WebAPI and the results get filtered based on user access. We want the user to sign-in into organization Azure AD in the SPA and pass the...

How to check if an azure active directory user is already in an approle

c#,asp.net,azure,azure-active-directory
I've created an Azure active directory user and added the user to app roles. Now i am retrieving this user and attempting to add it to more app roles. var activeDirectoryUser = client.Users.Where(u => u.UserPrincipalName == user.UserName).ExecuteSingleAsync().Result as User; As a precaution i want to first check if the user...