azure-active-directory

问题 I am trying to test my ASP.NET Core 2.2 Web API with Postman. My API is protected by Azure AD. I have been using the "Web App your API" Microsoft Azure Sample on GitHub and triple-checked all of the steps. Using Postman I ask it to get a token using the OAuth2 Implicit flow and I do get a token returned. If I decode the token it seems to contain all the claims I want: aud , upn and scp all make sense. However, when I then send a request to the API using the returned token I still get a 401.

问题 Hi I am trying to implement Azure Groups based authorization in my .net core app. I have more groups like 100 to 200. I have added policies to add authorization. services.AddAuthorization(options => { options.AddPolicy("GroupsCheck", policy => { policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); policy.RequireAuthenticatedUser(); policy.Requirements.Add(new GroupsCheckRequirement("11b250bf-76c0-4efe-99f2-2d781bae43bb")); //currently hard coded but want to include all

问题 I have developed a Sharepoint Webpart. The aim of this component is simple, authenticate the user in an external website that is embedded inside de Sharepoint. The external website uses Azure AD to login the users. The problem that I have is the following. I know how to get obtain an access token, and the component works fine, with a great security leak. This is that I have public render(): void { token="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; <iframe img src="https://www.example.org

问题 I have an Azure AD app and I am trying to add custom claims to a JWT. I'm using the claims mapping feature in Azure for my specific app, and updated the app manifest in the Azure Portal to include the optional claims. However, when I log in and view the decoded access token, the claim is not present in the token. I haven't found much documentation relating to using extension attributes as claims, but from what I've found it should follow the same patterns, but it is not working as expected.

问题 We created a Webhook for receiving "Delete" notifications when a user is deleted from Azure AD. But we're not receiving any notifications when we delete a user. In AAD the user is first placed in the recycle bin, but also if we remove the user from the recycle bin, we don't receive any notifications. We've tried our code with receiving emails -> that worked. And with changing a user in AAD -> that also worked. So we changed "updated" to "deleted" and no calls are triggered. We started with de

问题 So I raised this question Azure AD Multi Tenant ,.Net Core Web API with MSAL(Microsoft Authentication Libary) which showed me how to turn on the error output. Why would I be getting this now with my token, at a guess is the aud right and the iss for a multi tenant ad token? AuthenticationFailed: IDX10511: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.X509SecurityKey, KeyId: 'YMELHT0gvb0mxoSDoYfomjqfjYU', InternalId: '2c34a300-21bb-4eb1-b3b9-1944f1be7470'. , KeyId:

问题 I am trying to configure the security for a Logic App and Azure Function. The Azure Function has an HTTP Trigger. So far I have done the following: Created the Azure Function with some basic functionality (write query in request to log). Created the Logic App (recurrence trigger, HTTP to trigger the Azure Function) Tested that the Logic App successfully calls the Azure Function Added a managed identity to the Logic App Enabled Azure AD Authentication/Authorisation on the Azure Function App

问题 I'd like to subscribe to user deletions, so that whenever a user is deleted in Azure AD, our app can react accordingly. Here's my subscription request: const now = new Date(); const threeDaysLater = new Date(now.getTime() + 3 * 24 * 58 * 60 * 1000); request.post({ auth: { bearer: {...}, }, headers: { Accept: 'application/json', }, json: { changeType: 'updated,deleted', clientState: {...}, expirationDateTime: threeDaysLater.toISOString(), notificationUrl: 'https://{...}.ngrok.io/api/azure

问题 I'm getting this error after I sign into my Azure website: AADSTS50194: Application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx' is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant. 回答1: It turns out that my account was not actually on Azure AD, so I needed to check "Accounts in any organizational directory" under "Supported

问题 I'm trying to give a console app permission to call an API in Azure AD. When I go to "Add permissions," "application permissions" is grayed out and I can only select "delegated permissions." My understanding is that application permissions is right for the console app because it runs on the back-end and users don't sign into it. From the help text for "application permissions": Your application runs as a background service or daemon without a signed-in user. The help text for "delegated