azure-active-directory

问题 I have an angular application and an DotNet core web api application. The web api exposes 2 permissions. The angular has susbscribed to those permissions (see screenshot). In the code, I tried this export const loginRequest: { scopes: string[] } = { //scopes: ['user.read', 'openid', 'profile'], //--> I commented out this line. scopes: [] }; export const tokenRequest: { scopes: string[] } = { scopes: ['api://da8b9450-d9b7-4b7f-9667-fdae9a7c8359/API.Access', 'api://da8b9450-d9b7-4b7f-9667

问题 I have an Azure AD registered App and a AD user. I would like to use authorization flow in my c# console app to first get the authorization code as mentioned in this article https://docs.microsoft.com/en-us/graph/auth-v2-user and then exchange that auth code to get an access token. I would eventually like to store the access token and refresh token and use it for offline scenarios. I created a Httpclient and did a post request to get the authorization code but the Microsoft Consent screen

问题 I'm implementing a new "registered" application in Azure AD for which i need to get the user's Samaccountname value as preferred claim during the user authentication process. The apps can work with oidc request, so i'm trying to find a way to add a new claim in the user's profile (get https://graph.microsoft.com/oidc/userinfo ) containing the SamaccountName attribute "extension_cda8b3eafdfb4aa0b27ca9860634fd74_sAMAccountName" synchronized from local active directory. unfortunately after many

问题 My C# program uses the Microsoft.Graph Nuget. And it needs be able to ensure that it has the correct Microsoft Graph application permissions. I know how to add permissions in AD, but I want my program to be able test it has the permissions it needs. Example of what I want to achieve : var graphClient = new GraphServiceClient(authenticationProvider); if(!graphClient.GetPermissions().Contains("AdministrativeUnit.Read.All")) { throw new Exception("Missing Permission AdministrativeUnit.Read.All")

问题 I'm trying to authenticate Microsoft Azure AD with my laravel web app. Currently I'm referring Azure Active Directory SSO with Laravel. I managed to retrieve the data from the microsoft azure ad but the problem is it doesn't redirect to /home view instead it redirect to login view. I have one idea which is to link the email from Microsoft and email from the model so that it can directly go to home page. But i dont know how to pass the Microsoft data (from provider) to controller. The code(in

问题 I am trying to get a msi token for a specific User defined identity. Our app service has 2 user defined identities and I want a token on behalf of one of the user assigned identity. Here is the code: HttpWebRequest req = (HttpWebRequest)WebRequest.Create( "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/&object_id=<ObjectId>&client_id=<clientId>"); req.Headers["Metadata"] = "true"; req.Method = "GET"; try { // Call /token

问题 I'm using SignalR to send notification to angular. But i want to make it user specific. The user is logged in with azure ad. And i have a [Authorize] on the hub but the authorisation fails. But in my controller it works fine. What i have tried so far. I tried this services.AddAuthentication from the microsoft site. https://docs.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-2.2 But then my controller can't verify the token because the token isn't in the url but in the

问题 I am following Authentication code flow with PKCE and my Identity provider is Azure Active directory. I have created a App , "client-app" from App Registrations. In the manifest I have added appRoles like the following. "appRoles": [ { "allowedMemberTypes": [ "User" ], "displayName": "StoreGroupManager", "id": "47fbb575-859a-4941-89c9-0f7a6c30beac", "isEnabled": true, "description": "Consumer apps have access to the consumer data.", "value": "StoreGroupManager" } ] I am assigning this role

问题 We need to read out distribution lists from a contact folder of a dedicated exchange/outlook mailbox (O365). The process must run as a service with no user interaction. Unfortunately the Graph API does not support distribution lists (not even the Graph beta version does). Because of this we have to use another API - I tried using EWS. I succeeded by granting full_access_as_app permission to our service. However this allows to read and modify ANY data in ANY mailbox which is a security risk.

问题 I have one Salesforce profile and one permission set in Salesforce. As per the requirement, there are two user personas in our Salesforce application. Persona 1 -> SF Profile Persona 2 -> SF Profile + Permission Set To achieve the above configuration using Azure AD auto-provision, we have created two security groups and added relevant business users into those two groups. Currently, we struggling to determine the best approach on how to assign the Salesforce permission sets to the users in