FAQ Database Discussion Community
c#,wpf,azure,azure-mobile-services,azure-active-directory
After a lot of digging around I've got my WPF application signing users in via Azure Mobile Service. My Mobile Service is connected to an Azure Active Directory that I have set up. However, when I log the user in with MobileServiceClient.LoginAsync(...) the MobileServiceUser UserId is in an unreadable hash...
azure,azure-active-directory,ws-federation,adfs3.0
I'm trying to federate on premise ADFS 3.0 instance with Azure Active Direcotry instance. The idea is to allow AAD (azure) users to authenticate to an application which trusts the ADFS instance. I added azure AD to claims provider trusts in ADFS (using it's federation metadata document path) then I...
azure,oauth,active-directory,azure-active-directory
I have currently set up a AAD instance and I am authenticating my users against it via my web app, and it’s working great. When I added and configured the application on AAD, I added the required Application and Delegated Permissions to access the Office365 Calendar API. However, the only...
asp.net,iis,azure,azure-active-directory
I have been doing some tests with Azure Active Directory trial license in my data center. Our company has our own hosting services and physical hardware, and for now we would like to keep it that way (though we may investigate moving it all to cloud services in future). For...
azure,azure-mobile-services,azure-active-directory,adal
I have created an application in my Azure AD. I switch into the Mobile Service and go to the identity tab. For MS identity is asks for a client ID. I found the Client ID in the Azure AD configure tab. However, I had no idea what to use for...
c#,azure,azure-active-directory
I can't for the life of me figure out how to query Azure Active Directory's Graph API to get all users that belong to a particular AppRole. First I tried something like: client.Users.Where(u => u.AppRoleAssignments.Any(r => r.Id == "some-guid")); But that won't compile because AppRoleAssignments is a IPagedCollection so you...
azure,azure-active-directory
A customer made me a co-administrator of his Azure subscription. However, I am unable to edit his Active Directory, ie add/edit users, create applications, etc. Why can't I access that? I'm thinking perhaps the Subscription is owned by the AD and not the other way around. What do each of...
web-api,azure-active-directory,openid-connect
I'm having trouble with 401 responses that cause a redirect (302) to the login page. My application uses both MVC and Web API. I'm using OpenID and Azure Active Directory to authenticate users, my auth setup is as follows: private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; private static string appKey =...
azure-active-directory
I was trying to resolve an user in Azure web site based on his microsoft email Id (v-Id) using AAD Graph API. Please provide any samples or URLs for this
asp.net,azure,active-directory,openid,azure-active-directory
Let's see if you experts have a clue of what's going on here. Context We have a web application running on Azure Web Sites. This WebApp uses OWIN + OpenID Connect to authenticate users against an Azure Active Directory tenant. Also the application uses the Azure AD Graph API to...
c#,linq,azure-active-directory
I started with the sample .NET Graph API Console app which I got working. I want to be able to query Azure AD for all users with a specific license. I think I have to do some sort of nested LINQ query. This was my first attempt IUserCollection userCollection =...
azure-active-directory
Our current process is BizTalk expose a web service for vendor to call in, where the request header contains pre-assigned user name and password. Upon receiving service call, BizTalk validates the credential against the database, extract and attach some metadata from db record to the inbound message (e.g. city, vendor...
azure,oauth-2.0,azure-active-directory
I am getting this error when trying to get the Token from Azure Active Directory. I have got the code and everything looks great, but now I am getting this? I have tried to give the application all kinds of different permissions? Access Denied { "error":"invalid_grant", "error_description":"AADSTS65001: No permission to...
azure,oauth,claims-based-identity,azure-active-directory
I want my application to accept OAuth tokens when hosted using Azure Websites. I have the following: web.config of web app <appSettings> <add key="ida:Realm" value="https://example.com/development" /> <add key="ida:AudienceUri" value="https://example.com/development" /> <add key="ida:Tenant" value="example.com" /> </appSettings> Startup.cs of web app using System; using System.Collections.Generic; using System.Linq; using System.Web; using Microsoft.AspNet.SignalR; using...
.net,azure-active-directory
it is possible to get the groupId from the group name using graph api, i am trying to validate if a user is part of a security group in azure active directory, but only know the group name at a time, i think https://graph.windows.net/mytenantdomain/isMemberOf only supports groupId...
azure,azure-active-directory
I'm a developer that has an Azure account for my own dev stuff. I log into my dev account using [email protected] Next, I set up a client with their own Azure account, then invited myself via [email protected] and set myself as a co-administrator for the client's subscription. When I subsequently...
c#,asp.net-mvc,azure,azure-active-directory,adal
I developed my mvc app based on this example: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet Authentication works perfect with Azure AAD, and I can see the user is logged on: http://screencast.com/t/v7G6OgXC However in the following controller I want to print out some APP properties, and I get the error above 'authority' should be in Uri...
api,azure,graph,azure-active-directory,graph-api-explorer
Even though I've added apps from gallery to Azure AD, I cannot see when i try to pull the data. But i can see the custom apps added. Like if I've added 7 apps; 2 from gallery(Google Docs, One drive) & 5 custom(native/web apps); I am able to see only...
asp.net-web-api,odata,single-sign-on,azure-active-directory,powerquery
I've created a WebAPI OData 3.0 web service with an OWIN middleware, which is configured for authentication with Windows Azure Active Directory. The ODataControllers are marked with an [Authorize] attribute, and the IAppBuilder is configured as follows: app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters { ValidAudience...
angularjs,azure,asp.net-web-api,azure-active-directory
I am wondering what the best approach is for handling multiple environments with Azure Active Directory. Is the only way to do this to add an application for the WebAPI and clients for each environment. So for local I would have a localhost-webapi with a sign on like https://localhost/webapi and...
powershell,azure,azure-active-directory,adal
In the Azure Portal I can create an Application, Key and Permissions to the Graph API. I can get a Token using: AuthenticationContext ac = new AuthenticationContext("https://login.windows.net/graphDir1.onmicrosoft.com"); ClientCredential cc = new ClientCredential("b3b1fc59-84b8-4400-a715-ea8a7e40f4fe", "FStnXT1QON84B5o38aEmFdlNhEnYtzJ91Gg/JH/Jxiw="); AuthenticationResult authResult = ac.AcquireToken("https://graph.windows.net", cc); Using the Azure Active Directory Module for Windows PowerShell I can create...
azure,office365,azure-active-directory
Is there any solutions to understand from my MVC application that user already signed in into Office365? Currently I'm using the code below to authenticate to my MVC application: var authContext = new AuthenticationContext("https://login.windows.net/MyTenantId"); var authResult = authContext.AcquireToken("https://MyTenantId/AppWebApi", "ClientId", new Uri("redirect uri")); By this code user is suggested to enter...
azure,visual-studio-2013,.net-4.5,azure-active-directory
I'm using Visual Studio 2013, .NET 4.5. and trying to find out if it's possible to authenticate against Azure Active Directory with a web app using windows authentication instead of organizational authentication? I don't need a separate sign on page or registration, so rather than send them to an azure...
azure,azure-mobile-services,azure-active-directory
I've got an existing mobile app that is integrated with Azure's mobile services. The mobile services are currently connected to Azure Active Directory with MFA enabled. I'm attempting to build a separate PHP-based web application that uses this existing mobile service and authentication. Authentication The only active directory of users...
c#,xamarin,monodroid,azure-active-directory,assembly-references
I'm currently developing a Xamarin.Android application in VS2013. I want to implement Azure Active Directory in my app following this guide. Then I add Microsoft.IdentityModel.Clients.ActiveDirectory nuget package as described. Then I want to add an AuthenticationResult attribute, but then I got a missing assemble reference error. Even when I explicitely...
asp.net-mvc,web-api,asp.net-web-api2,azure-active-directory,openid-connect
I'm trying to create a protected controller via Azure AD application roles. Here is an exempt from Startup.Auth, which is basically provided by Visual Studio template: public void ConfigureAuth(IAppBuilder app) { ApplicationDbContext db = new ApplicationDbContext(); app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = Authority,...
c#,azure,azure-active-directory,change-password,http-patch
I'm currently developing a web app in C#. I'm using Azure AD to store the user infomation, so I would like to be able to change the password at some point if the user wishes to do so. Currently the way I'm changing the password is by using a http-patch...
oauth,ms-office,ews,multi-tenant,azure-active-directory
I am developing a multi-tenant web app managing the mail, contacts and calendar of users. On the AzureAd management portal, I registered my app as multi-tenant and I manage to get OAuth tokens for both people out and inside my tenancy, replacing the tennantId by "common" when querying the Authentication...
asp.net-mvc,azure,claims-based-identity,azure-active-directory
Is there a way to add custom claim to my ClaimsPrincipal once the user is authenticated? When using ASP.NET identity for individual accounts, one could add custom claims to the ClaimsPrincipal when the principal was created but I can not find the way to do this when using the Organizational...
azure,azure-active-directory
I have an Azure AD tenant build say it is footenant. Among the users I have an account like this: [email protected] This is not an Azure AD account. I push in it's access panel some applications. But I absolutely don't understand how I can connect to the tenant's access panel...
c#,json,azure,single-sign-on,azure-active-directory
I want to deserialize Json result into a model. I am using Azure Single sign on method. when I am login with new new created user in ad (new user in your organization) i am getting proper user info. but if i created new user in AzureAd with "User with...
azure,single-sign-on,azure-active-directory,adal
We got a ADAL premium license and we are able to assign more then one role to a user successfully. But we can across this problem where a user 'Rob' is in 2 different groups i.e. (Group A and Group B) and we assigned Group A to 'Spanish Translator' and...
azure,asp.net-web-api,azure-active-directory
I'm playing with Azure AD authentication and authorization scenarios and not all clear for me. Currently I'm looking at SinglePageApp-WebAPI-AngularJS-DotNet sample project. And one thing that I can't understand. On the client side we get access token using implicit grant flow - that is clear. Then we send request to...
c#,azure,authorization,azure-active-directory
I am querying my Azure AD graph API for a user's group memberships. I can make the query just fine, but the results are only the groups that the user DIRECTLY belongs to. None of the nested groups are listed. I'm trying to find out if a user belongs to...
cordova,mobile,oauth-2.0,uri,azure-active-directory
I am working on a mobile app, using the PhoneGap framework. For the next part of the project, I need to allow users to authenticate themselves through their Windows 365 account of the company. For this I'm using Azure AD, with the following AngularJS based library. I have already succeeded...
azure,active-directory,azure-active-directory,adal
I am developing a mobile app in which I need to authenticate a user against Azure AD. Basically the user will be prompted their organisational email and password, which the mobile phone app sends to the backend server which will authenticate. I have the 'public-client-app-sample' of 'azure-activedirectory-library-for-java' working, and can...
azure,active-directory,azure-active-directory
I am using Azure AD to create users, groups for an application that sits outside of Azure AD (hosted internally) I want the ability to delegate the user management to an admin of that application (create users, assign groups etc) I can see that in the Premium Azure AD subscription...
windows,azure,windows-phone-8,azure-active-directory
I am follow the window phone authentication tutorial with Add authentication to your Mobile Services app. And I choose using Azure Active Directory way to make authentication. But the question is: it always fails and shows The remote procedure call failed. (Exception from HRESULT: 0x800706BE) at the following code protected...
asp.net-mvc,session,azure,session-timeout,azure-active-directory
This might be a noob question. I'm trying to detect session timeout. Now the default ASP.NET session timeout value is 20 minutes. However I have a site that leverages Azure AD for authentication. Is there a default value that the token expires at? Is this something that is configured or...
asp.net-mvc,owin,azure-active-directory
I am working on a ASP.NET MVC 5 app which depends on multi-tenant authentication using Azure Active Directory. I have authorization setup globally by adding AuthorizeAttribute filter. Now I want the app to be accessible only by users who belong to particular Directory Roles (Global Administrators and User Administrators to...
azure,azure-active-directory
I have 2 users in Azure AD Microsoft Account user Microsoft Azure Active Directory user User 2 always works in Graph API calls but not the user 1. https://graph.windows.net/tenantid/users/[email protected]?api-version=2013-04-05 (Email actually is url encoded as testmail%40hotmail.com). This gives the following error "{\"odata.error\":{\"code\":\"Request_ResourceNotFound\",\"message\":{\"lang\":\"en\",\"value\":\"Resource '[email protected]' does not exist or one of its...
oauth,ews,azure-active-directory
I configured an application on AzureAd to be multi-tenant, I chose to require all the permissions for Windows Azure Active Directory and Office 365 Exchange Online. I can get a user to grant permissions, get access tokens, refresh them, OAuth works for me. I always used the "common" keyword instead...
c#,azure,console-application,azure-active-directory,adal
I've created a Web API which uses Azure Active Directory for its authentication. It uses a multi-tenant AAD. To test it, I also created a console app which uses the ADAL library to authenticate against AAD so I can access my API. In the main AAD tenant all is working...
c#,sql-server,asp.net-mvc,asp.net-identity,azure-active-directory
I'm working on a MVC application using Azure's AD authentication. I have been looking for a best practice or suggested way to 'extend' the user profile data. For example, I want the users to have a date of birth stored against themselves. I have looked at this but it doesn't...
azure-active-directory,openid-connect,auth0
I'm setting up authentication with Auth0 and using OpenID Connect. I've set up my OWIN Startup class according to this example. Now my problem is that users from the Auth0 database provide different claims than users that are authenticated by an Enterprise connection (I'm using Azure AD to test this...
asp.net-mvc,azure,asp.net-mvc-5,owin,azure-active-directory
The default templates for Organizational accounts in ASP.NET MVC 5 applications use HttpModules to handle the response from Azure AD and create the corresponding ClaimsIdentity. Looking at the examples for the ADAL library, I saw that it is also possible to use an OWIN middleware for the same purpose. Which...
c#,asp.net-mvc,azure,azure-active-directory
I need to create custom properties for my Application in Azure AAD. The code was based on this blog series. I have 3 actions on my controller, one to get the APP (for testing purposes) and other ones to create the extension and list extensions. The problem is that when...
single-page-application,claims-based-identity,azure-active-directory,adal,office365-apps
Any suggestion on how to skip the selection of login url (home realm?)
powershell,azure,azure-active-directory
I am attempting to setup an Azure AD application to authenticate using a certificate. I have been using this guide to successfully set this up after failing following this guide. I wish to now automate the process so it can be added to our general build scripts, looking at the...
odata,breeze,asp.net-web-api2,single-page-application,azure-active-directory
I am having two web applications, one a SPA using AngularJS + BreezeJS and the other a WebAPI. We are building authorization in the WebAPI and the results get filtered based on user access. We want the user to sign-in into organization Azure AD in the SPA and pass the...
c#,asp.net,azure,azure-active-directory
I've created an Azure active directory user and added the user to app roles. Now i am retrieving this user and attempting to add it to more app roles. var activeDirectoryUser = client.Users.Where(u => u.UserPrincipalName == user.UserName).ExecuteSingleAsync().Result as User; As a precaution i want to first check if the user...