azure-active-directory

问题 So I've successfully integrated Azure AD authentication in my angular site as per the instructions in msal-angular and now I'm at the point where I'm looking to define and leverage roles and permissions to provide more granular control of what a user can and can't do. From what I've been able to determine I can define roles by following this set of instructions (https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles) but msal-angular doesn't seem to expose this

问题 I've got AngularJS and Web.API WAAD authentication up and running. For client side I use great library ADAL.JS. For backend I use Microsoft.Owin.Security.OAuth. This part went quite smooth. Now I want to implement authorization based on roles (which will be mapped to WAAD groups). Groups are not included in authentication token so I must ask Azure Graph API for them. I saw various ways to do it, using custom claims providers, adding web services to project, etc. Some examples already

问题 I have my website(Azure App Service) deployed in two regions under Microsoft Azure . https://abcd1-westus.azurewebsites.net/ https://abcd2-centralus.azurewebsites.net/ I created a Traffic Manager Profile to control the distribution of user traffic for service endpoints. The DNS Name of Traffic Manager Profile is "http://abcd.trafficmanager.net" Authentication is done by Azure AD . Once we are trying to access Traffic Manager DNS Url , it prompts for AAD login and redirect to https://abcd2

问题 I have my website(Azure App Service) deployed in two regions under Microsoft Azure . https://abcd1-westus.azurewebsites.net/ https://abcd2-centralus.azurewebsites.net/ I created a Traffic Manager Profile to control the distribution of user traffic for service endpoints. The DNS Name of Traffic Manager Profile is "http://abcd.trafficmanager.net" Authentication is done by Azure AD . Once we are trying to access Traffic Manager DNS Url , it prompts for AAD login and redirect to https://abcd2

问题 I'm trying to log into an Azure SQL server from SSMS using my Azure active directory account. I've followed this guide: Configure and manage Azure Active Directory authentication with SQL I've added my account as an admin: And my account also shows up as the Active Directory admin in the properties of the SQL database: Then, I try to log in with SSMS, with Active Directory authentication: I login with my account and get the MFA notification, but after that I get the following error: Any tips

问题 I'm trying to log into an Azure SQL server from SSMS using my Azure active directory account. I've followed this guide: Configure and manage Azure Active Directory authentication with SQL I've added my account as an admin: And my account also shows up as the Active Directory admin in the properties of the SQL database: Then, I try to log in with SSMS, with Active Directory authentication: I login with my account and get the MFA notification, but after that I get the following error: Any tips

问题 I am trying to create an Azure AD app with an updated manifest that has access to Windows Azure AD. I have been able to successfully create / configure a new App Registration but run into issues when i try to configure the Manifest. I have tried using the sample code provided my MS (https://docs.microsoft.com/en-us/cli/azure/ad/app?view=azure-cli-latest#az-ad-app-create) with an updated 'resourceAppId' from an already existing App Registration however bash throws an error az ad app create -

问题 I would authenticate to Azure using Azure AD library for Angular. Here's my msalModule MsalModule.forRoot({ clientID: "ClientTenantID", authority: "https://login.microsoftonline.com/common", redirectUri: "http://localhost:4200/", consentScopes: [ "user.read", "ClientID/access_as_user"], popUp: true, unprotectedResources: ["https://www.microsoft.com/en-us/"], protectedResourceMap: protectedResourceMap, logger: loggerCallback, correlationId: '1234', level: LogLevel.Info, piiLoggingEnabled: true

问题 I followed step-by-step docs to add authentication to a sample skill as part of a virtual assistant bot created via the Virtual Assistant Template. I have created an Azure Active Directory V2 app registration for the skill and added an OAuth connection linked to that app in the skill bot in Azure portal. I have also updated OAuthConnections in appsettings.json of the skill. appsettings.json "oauthConnections": [ { "name": "calendarconnection", "provider": "Azure Active Directory v2" } . . .

问题 Just wondering if there's any way to get only the users placed inside an azure ad group. I've tried something like this: var membros = await obtemUtilizadores .Filter("'odata.type' eq '#microsoft.graph.user'") .Select("id,userprincipalname,mail,displayname") .Expand("extensions($filter=id eq 'assistenciasExtensions')") .GetAsync().ConfigureAwait(false); It translates into this url: https://graph.microsoft.com/v1.0/groups/xxxxxx/members? $filter='odatatype eq 'microsoft.graph.user'& $select=id