azure-active-directory

问题 I have a React SPA and I'm using msal to authenticate Microsoft users using loginRedirect. After the login, I'm acquiring an access token silently using acquireTokenSilent to call a web API. When acquiring the access token fails and interaction is required, I'm using acquireTokenRedirect. When I use acquireTokenRedirect, what I see is: 1. The user is redirected to login.microsoftonline.com. 2. A 302 response is returned with Location header that contains the redirect url + the access token. 3

问题 We currently have an Azure organisation, containing several projects and related boards etc, linked to a specific Azure Active directory and tenant id. Does anyone know if there is a way I can move the organisation and all child objects to a new tenancy/Azure Active directory? We need to do this as we wish to decommission the original active directory. I've googled for solutions and can see that other people were waiting for Microsoft to provide a solution. 回答1: I've done the same using the

问题 Using Azure AD, OIDC implicit flow, I can obtain an access token from a v2 endpoint. The authorization endpoint I am using looks like this: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize?client_id=<client-id>&redirect_uri=https://localhost:44321/signin-oidc&response_type=id_token%20token&scope=openid%20api%3A%2F%2Fdev-api-gateway%2FAtlas&response_mode=form_post&nonce=123 Yet, it seems that I get a 'v1' access token. What am I doing wrong? 回答1: The acquired token version

问题 We are trying to figure out a way to synchronize users from Azure Account into the Keycloak? Unfortunately, we could not find a documentation for it Do you know a proper way to do it ? I want to use Azure as an external DB that I can use to authenticate my users. Thank you 回答1: I want to use Azure as an external DB that I can use to authenticate my users For that you can use Keycloak's User Federation functionality: Many companies have existing user databases that hold information about users

问题 I'm using the 'adal-node' npm package to authenticate with an AzureAD. This is all working fine and I get a token back. However, the when examining the 'aud' claim in the JWT token I see the audience GUID is prefixed with 'spn:'. I think this is causing me problems when I try to use the JWT token on an already existing Web API. When I authenticate via a WebApp using the same AzureAD the 'aud' claim is NOT prefixed with 'spn:' and I am able to called endpoints on the WebAPI. Can anyone shed

问题 I have an Angular application that talks to the WebAPI and the users are authenticated against Azure Active Directory I followed the sample here https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi and was able to authenticate user against AD and pass that along to the Web API. However I want to access the Graph API in the Web API and get the current user profile information. How can I set it up? Updated to give more context on the setup: I have a web site

问题 I have create a webapi secured with azure active directory. I need to test this now and trying to use fiddler with an authorization header. I am trying to generate the token with below code. Target obj = (Target)cmbTarget.SelectedItem; AuthenticationResult authenticationResult; string aadInstance = obj.AADInstance; // "https://login.windows.net/{0}"; string tenant = obj.Tenant; //"rudderless.onmicrosoft.com"; string apiResourceId = obj.ApiResourceId; //"15b4ac7f-23a8-4958-96a5-64159254690d";

问题 I have create a webapi secured with azure active directory. I need to test this now and trying to use fiddler with an authorization header. I am trying to generate the token with below code. Target obj = (Target)cmbTarget.SelectedItem; AuthenticationResult authenticationResult; string aadInstance = obj.AADInstance; // "https://login.windows.net/{0}"; string tenant = obj.Tenant; //"rudderless.onmicrosoft.com"; string apiResourceId = obj.ApiResourceId; //"15b4ac7f-23a8-4958-96a5-64159254690d";

问题 I have an existing WebForms application that currently uses Windows Authentication that I want to authenticate through Azure AD. The app is already configured in Azure (I have the AppID and TenantID), but the application still authenticates via Windows Authentication. Changes were made to the application by following this guide. Most guides use MVC as their example, and I couldn't find a thorough walk through for existing WebForms applications. Do I need to change something in the web.config

问题 In my iOS app I'm currently authenticating through the MSAL iOS SDK and it's working fine. Somewhere in the app I'm also required to show a website (opened via UIWebView) that also requires the same Azure AD authentication. Since I'm already authenticated through the SDK and have an access token, is there any way to bypass authentication process in the web view? 回答1: You can use one of the following for cookie sharing: 1. ASWebAuthenticationSession in MSAL + open URL in Safari browser MSAL