azure-active-directory

问题 In Azure AD B2C custom policy, In a ValidationTechnicalProfile, while calling an external REST API, if the REST API returns HTTP error codes like 404 not found, or 401 unauthorized, the "ContinueOnError" attribute does not take effect. Instead the user journey ends abruptly throwing an error "Unable to validate the information provided" to the user interface in case of a self asserted technical profile. However the ContinueOnError attribute works as expected when the REST API returns error

问题 In Azure AD B2C custom policy, In a ValidationTechnicalProfile, while calling an external REST API, if the REST API returns HTTP error codes like 404 not found, or 401 unauthorized, the "ContinueOnError" attribute does not take effect. Instead the user journey ends abruptly throwing an error "Unable to validate the information provided" to the user interface in case of a self asserted technical profile. However the ContinueOnError attribute works as expected when the REST API returns error

问题 I am using MSAL to acquire token from an auth app in Azure using integrated windows authentication. The code is: var tenant = $"https://login.microsoftonline.com/<myTenantId>"; var clientId = "<myClientId>"; var scopes = new string[] { "https://graph.microsoft.com/.default" }; var publicApplication = PublicClientApplicationBuilder.Create(clientId).WithAuthority(tenant).Build(); var token = await publicApplication.AcquireTokenByIntegratedWindowsAuth(scopes).ExecuteAsync(); This throws the

问题 I have code working in development that authorizes against Azure AD in a multi-tenant setup using the MSAL library (with the Microsoft Angular wrapper for MSAL). This code all works as expected when I am running it against localhost:5001 . My configuration contains a redirectUri for https://localhost:5001 and my application in Azure AD has its "Redirect URI" value set to the same. However, when I move this to production, it is continuing to try to redirect me to localhost:5001 on a successful

问题 I have code working in development that authorizes against Azure AD in a multi-tenant setup using the MSAL library (with the Microsoft Angular wrapper for MSAL). This code all works as expected when I am running it against localhost:5001 . My configuration contains a redirectUri for https://localhost:5001 and my application in Azure AD has its "Redirect URI" value set to the same. However, when I move this to production, it is continuing to try to redirect me to localhost:5001 on a successful

问题 I have code working in development that authorizes against Azure AD in a multi-tenant setup using the MSAL library (with the Microsoft Angular wrapper for MSAL). This code all works as expected when I am running it against localhost:5001 . My configuration contains a redirectUri for https://localhost:5001 and my application in Azure AD has its "Redirect URI" value set to the same. However, when I move this to production, it is continuing to try to redirect me to localhost:5001 on a successful

问题 I have a web application deployed on Azure with the Azure Active Directory security enabled (the express setting). So, when I try to access the application, I need to be a part of the AD to have access. I would like to add more features to the application, like displaying the current user logged in, implement a logout, managing permissions etc... I believe I can achieve all of things with Azure Graph API. However, to do this, I will need to test some stuff locally. Is there any way to

问题 I have a web application deployed on Azure with the Azure Active Directory security enabled (the express setting). So, when I try to access the application, I need to be a part of the AD to have access. I would like to add more features to the application, like displaying the current user logged in, implement a logout, managing permissions etc... I believe I can achieve all of things with Azure Graph API. However, to do this, I will need to test some stuff locally. Is there any way to

问题 Our company is considering using AAD B2C as the backing store for our SaaS user accounts. Our plan is use Resource Manager templates to deploy the Azure infrastructure (web, storage, sql, etc) for each client. AAD B2C will be part of that if this works out, but as of now there doesn't appear to be a way to include AAD B2C in resource manager templates. My view of the intent of the B2C product is that it serves as a replacement for the auth and user store components of an app, and should

问题 I'm by no means an expert on MSAL/JWT/Graph authentication, but I'm hoping someone can explain this issue more clearly to me, or help me understand if there's a workaround or better approach. Essentially, there are certain scenarios where I might end up with a Microsoft Graph JWT token. Two examples I can think of easily are using the Microsoft Graph Toolkit or using Tabs SSO in Microsoft Teams. In both cases, I can get relevant identity information for the user from the JWT token I would