azure-active-directory

问题 There seems to be a current issue with logging into Microsoft Online with Mac OS and iOS devices utilizing the newest version of Safari (12). The updates on Safari 12 are shown here: https://developer.apple.com/safari/whats-new/ Due to some of the new Security and Privacy updates, there seems to be a cookie issue that is causing infinite redirection when logging into the endpoint: http://login.microsoftonline.com This new update causes Safari on Apple device users to go into a redirect

问题 There seems to be a current issue with logging into Microsoft Online with Mac OS and iOS devices utilizing the newest version of Safari (12). The updates on Safari 12 are shown here: https://developer.apple.com/safari/whats-new/ Due to some of the new Security and Privacy updates, there seems to be a cookie issue that is causing infinite redirection when logging into the endpoint: http://login.microsoftonline.com This new update causes Safari on Apple device users to go into a redirect

问题 I am integrating a SAML Service Provider with MS AAD and I have found an issue with Single Logout. My Service Provider only supports logout binding "HTTP-POST". And it seems that AAD only supports logout binding "HTTP-Redirect". I think so based on the SAML metadata I got from AAD - this is the only SingleLogoutService element I can see: <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx

问题 I am adding Azure AD Authentication to an ASP.NET Core application. The Application is registered in Azure AD and has custom roles setup in the manifest. These roles are used for Authorization policies within the app. Everything is working when users log in, they get redirected to sign in to Azure and come back with a Cookie containing their Claims. My issue is that unless the Cookie is deleted in the browser, these Claims persist and aren't refreshed when Roles in Azure change. For example

问题 Net core Web API project. I registered app in azure AD for Web API app. I configured swagger and I registered one more app in Azure AD. I am trying to do authorization on my webapis based on groups. In appsettings.json I have all the values. Below is my startup looks like. public void ConfigureServices(IServiceCollection services) { services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); services .AddAuthentication(o => { o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }

问题 The "Grant admin consent" button in the current Azure AD app registration experience (under Azure portal > Azure AD > App registrations > (app) > API permissions) is sometimes greyed out. In the legacy experience, I could always click the button. What's the difference between the two? 回答1: The "Grant permission" button in the legacy app registration experience behaves differently depending on what you're allowed to do: If you're allowed to do tenant-wide admin consent, the button grants the

问题 When migrating from v2 to v10 version of a azure SDK javascript library , we have been facing an issue. We need to create a blobServiceClient using the JWT accessToken that has been received from acquireTokenWithAuthorizationCode function in the adal-node library. The options seem limited to us and the examples are few. SimpleTokenCredential class have been removed from the azure-sdk-for-js and thus it cannot be instantiated. Going, through the javascript source code for the azure-sdk-for-js

问题 I have a SignIn V2 policy in Azure Active Directory B2C I also enabled JavaScript Because I use it to manipulate some elements in the form. This configuration works well in Google Chrome, but whenever I try to run it in Internet Explorer 11, I get SCRIPT1002: Syntax error In the console, and the login button doesn't respond. This happens when JavaScript is enabled. When I disable it, the page works in IE11 (But my manipulations don't). Has anyone encountered this problem before? 回答1: I found

问题 I have a Reactjs app (aka Single-page Application) that is uploaded in Dynamics 365 Customer Engagement (formerly CRM) as a web resource. This web resource or app is displayed in an IFRAME inside an entity form and therefore this small app already has direct access to Dynamics 365 data using the Xrm object. All good. What I'm trying to accomplish with this app is to get it to connect to SharePoint via Microsoft Graph API and upload files and create folders. Since the user is already signed in

问题 It looks like the Application object in Microsoft.Azure.ActiveDirectory.GraphClient allows a Webapplication to be created. I cannot see how I can use this to create a new Native application. thanks Updates: TaskCompletionSource<string> tcs = new TaskCompletionSource<string>(); tcs.SetResult(accessToken); var graphClient = new ActiveDirectoryClient( new Uri($"{GraphApiBaseUrl}{tenantId}"), async () => { return await tcs.Task; }); var password = Guid.NewGuid().ToString("N"); var cred = new