azure-active-directory

问题 As the microsoft iffical said, The UWP can't use system web with aad b2c, has to use Embedded Webviews. But when I use MSAL.net, it offen mis-render the page, as the image below(in some times , the page maybe right render). And I can run the user flow and right render with my system chrome web browser . The uwp Embedded Webviews is in old edge core(maybe this is the reason?). what can I do? does Microsoft can solve the matter？ 回答1: B2C is supported in UWP. Please upgrade the application to

问题 I am trying to call graph api to get user information. I am using postman to get the token first and then using that token trying to make a request to graph api I get the token with below post request and with 4 key values for grant_type, client_id, client_secret and resource. https://login.microsoftonline.com/{{tenantid}}/oauth2/token The response is { "token_type": "Bearer", "expires_in": "3600", "ext_expires_in": "3600", "expires_on": "1555583717", "not_before": "1555579817", "resource":

问题 I'm currently writing a (Server side) Blazor application that includes the default AzureAD Authentication. This works well for authenticated users - challenging on the entrance ( _Host.cshtml ) file, redirecting and then back once authenticated. I need to have a couple of pages not requiring authentication - I don't want the user being challenged and redirected to Microsoft. What is the correct way to do this? I have experimented with the AllowAnonymousAttribute , the AllowAnonymousToPage

问题 I'm currently writing a (Server side) Blazor application that includes the default AzureAD Authentication. This works well for authenticated users - challenging on the entrance ( _Host.cshtml ) file, redirecting and then back once authenticated. I need to have a couple of pages not requiring authentication - I don't want the user being challenged and redirected to Microsoft. What is the correct way to do this? I have experimented with the AllowAnonymousAttribute , the AllowAnonymousToPage

问题 How to get AD access token from login.microsoftonline.com and pass access token to web api controller? as I need "access token" as such to pass on to another partner company website url via post request. Below code doing AAD authentication as expected but also I need "access token" as such, public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a

问题 I'm using Azure AD B2C for authentication for my NodeJS API. However, I keep receiving a 401 Unauthorized error by Azure AD B2C. When I add ignoreExpiration: true to my AAD auth options, I do not get a 401 Unauthorized error and my API works fine. However, once I remove the ignoreExpiration, I get the 401 Unauthorized error. I even generated a new token, verified that it is valid (and not expired) by decoding the token using https://jwt.io/. I even made sure it has the correct scope. The API

问题 I am developing anjular app, I need to enable SAML authentication using Azure AD in angular application. 回答1: You need the adal.js library. Good sample. 来源： https://stackoverflow.com/questions/53649726/saml-authentication-in-angular-app-using-azure-ad

问题 I have seen that some Services can add an entry into my ActiveDirectory-> EnterpriseApplications page when i just enter my Azure Account UserId and Password on their page. Using this they can use Azure RestAPI and get List of my subscriptions and Resources etc. Even I have created a custom web Application(hosted on some public server) and I want to access Subscriptions and Resources of users using the REST API. But to do that it asks me to do the AppRegistration. But i do not want every user

问题 I have seen that some Services can add an entry into my ActiveDirectory-> EnterpriseApplications page when i just enter my Azure Account UserId and Password on their page. Using this they can use Azure RestAPI and get List of my subscriptions and Resources etc. Even I have created a custom web Application(hosted on some public server) and I want to access Subscriptions and Resources of users using the REST API. But to do that it asks me to do the AppRegistration. But i do not want every user

问题 I got myself a bearer token by calling https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token with the scope https://{tenantName}.sharepoint.com/.default It's a token for a registered app in Azure AD. When I use that token to make an API call like https://infoinnobake.sharepoint.com/_api/search/query?querytext='contentclass:STS_Site contentclass:SP.Webb'&selectproperties='Title,Path'&rowlimit=500 I only reveice 401 Unsupported app only token. can some explain why? Is it possible to