azure-active-directory

问题 I'm using cypress for writing E2E tests for my UI (Note that it's a PowerBI report, hence it's kind of special case). When I am testing with a public report, it works fine. But when it's a private PBI report, I am having trouble with login part. After some research, I found this approach promising for Azure AD based auth, and added this login function in my commands.js file: Cypress.Commands.add('login', () => { cy.request({ method: 'POST', url: 'https://login.microsoftonline.com/{TENANT}

问题 I'm trying to access the signed in user's Profile Photo in the context of an email app which uses EWS to connect to Office 365. The app is registered on portal.azure.com with the following required permissions: Office 365 Exchange Online -> Access mailboxes as the signed-in user via Exchange Web Services Windows Azure Active Directory -> Sign in and read user profile The EWS part works just fine, I'm able to sign the user in, get the access and refresh tokens, and perform EWS operations using

问题 Service principle can be created without role via az ad sp create-for-rbac --skip-assignment Q1. What's the use of a service principal without a role? Q2. Can a service principle exit without attaching to any scope/resource? If so what's the use of such independent service principle? 回答1: Q1. What's the use of a service principal without a role? The parameter --skip-assignment skip assigning the service principal to the subscription. So to be precise, your question should be without an RBAC

问题 Service principle can be created without role via az ad sp create-for-rbac --skip-assignment Q1. What's the use of a service principal without a role? Q2. Can a service principle exit without attaching to any scope/resource? If so what's the use of such independent service principle? 回答1: Q1. What's the use of a service principal without a role? The parameter --skip-assignment skip assigning the service principal to the subscription. So to be precise, your question should be without an RBAC

问题 Trying to set up Azure AD OAuth client credentials grant flow for my web api. I'm following the document in https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow. I have to expose my API to a 3rd party. I've created the APP in Azure AD (this is for the client that is requesting my API), generated the secrets and was able to get a response from oauth2/token endpoint. My questions are below: What is the best way to validate the token? Is it by passing

问题 I try to use the quickstart of sign-in with Microsoft but when I try to log an error appear: in my config file i have this parameters: and in the app config i have this paramter: i dont know what is happening :( Thanks for the help! :D 回答1: Your Redirect_Path should be same with azure portal Redirect URIs . Note: Protocol matters. AAD will treat http://localhost/logfinal/ and https://localhost/logfinal/ as different reply URLs. If you are still having an issue after following the steps above,

问题 I was trying to implement AAD in my APIM instance based on this article and this article. Unfortunately when it came down to Developer console, right after I picked Authorization code as the Authorization method a popup showed up and showed me the following error: AADSTS900144: The request body must contain the following parameter: 'scope'. It failed on https://login.microsoftonline.com/{Directory (tenant) ID }/oauth2/v2.0/authorize?response_type=code&client_id={client id}&redirect_uri=https:

问题 I am trying to integrate Selenium tests to CI. The problem I am facing is all the users (even test user) is protected by Multi-factor authentication and when I will run test cases on the server with each login there will a prompt user for the Multi factor. We are running selenium test cases on SPA using adal-angular.js and adal.js How to resolve this issue? Is there any way to create a logical switch on API server or SPA to bypass the authentication prompt? Thanks. 回答1: You cannot do this

问题 I created a web application which is working with an Azure Active Directory authentification. Everything works fine on localhost, but I'm getting the following error when I publish the application into Azure: AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '656cc46c-f858-4a45-bf83-698791e052f1'. What I tried: In Azure, I configured the Reply URL of the application in question to be: http://gp-rh.azurewebsites.net/signin-oidc

问题 I'm trying to write a web portal that users can use to reset their own Azure AD password. Because of the requirements of my client, the Azure AD SSPR is not an option . To achieve this I'm using Microsoft Graph. According to the documentation, it is possible to reset a users password using Microsoft Graph if you have User.ReadWrite.All or Directory.AccessAsUser.All permissions. Then the permissions documentation, the remarks it states that even if you have the Directory.ReadWrite.All