microsoft-identity-web | Helps creating protected web apps and web APIs | Azure library
kandi X-RAY | microsoft-identity-web Summary
kandi X-RAY | microsoft-identity-web Summary
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of microsoft-identity-web
microsoft-identity-web Key Features
microsoft-identity-web Examples and Code Snippets
Lines of Code : 14License : Permissive (MIT License)
Copypublic String generateRandomAlphabet(int length, boolean lowerCase) {
int low;
int hi;
if (lowerCase) {
low = 97;
hi = 122;
} else {
low = 65;
hi = 90;
}
def __len__(self):
return len(self.alphabet) ** self.length Community Discussions
Trending Discussions on microsoft-identity-web
QUESTION
I have a standalone Blazor WASM site (client), a separate .NET 6 web API (server) with protected endpoints and I'm trying to call MS Graph from the API.
I've read just about every article I could find on the configuration required to make this work and I'm stuck with the incremental consent failing. I get the following error when trying to access a server API which uses MS Graph:
Configuration...Error acquiring a token for a downstream web API - MsalUiRequiredException message is: AADSTS65001: The user or administrator has not consented to use the application with ID '[redacted]' named '[redacted]'. Send an interactive authorization request for this user and resource.
Created AAD app for Web API (server), added secret for Graph configuration, set the app URI and created
access_as_userscope under "Expose an API" in AAD.Added the client ID (from the following step) to the
knownClientApplicationssection in the manifest for the server app registration in AAD.For API Permissions I added Graph scopes
User.Read,User.Read.All, andGroup.Read.Alland provided admin consent in the AAD UI.Configured
appsettings.jsonin the API to add the Graph APIBaseUrland above scopes from step 2 along with the correct AzureAD domain,TenantId,ClientId, andClientSecretvalues for MSAL to function.Configured MSAL on the server:
ANSWER
Answered 2022-Mar-10 at 22:30The issue here is use of the AddMicrosoftGraph method when the API application is being built.
The GraphServiceClient created by AddMicrosoftGraph will have default access to delegated permissions which are assigned to users as opposed to application permissions which are assigned to applications. This is why the MsalUiRequiredException is being thrown which is usually resolved by prompting the user to login.
You can read more about delegated vs application permissions here.
What you can do instead is use the AddMicrosoftGraphAppOnly method to create a GraphServiceClient that will use credentials specific to your API to retrieve the relevant data needed from the Microsoft Graph API.
QUESTION
I have an API that I need to secure with AzureAD so that it can use SSO.
The API has a Swagger UI, so I have (after reading many, many tutorials/explanations/issues):
- Created an App Registration in Azure
- Created a scope for my API
- Added my scope as an API permission
- Changed the "accessTokenAcceptedVersion" to 2 in the manifest
- Set up Swagger to use the OAuth2 flow with appropriate config and values
- Set up the API using Microsoft.Identity.Web and added configuration to allow sign-in to a single tenant
as per: https://github.com/AzureAD/microsoft-identity-web/wiki/web-apis, setup in the API is as follows:
...ANSWER
Answered 2022-Mar-03 at 15:58Finally found the issue.
I was missing app.UseAuthentication();. Adding that line, fixes the issue and it works as expected :)
QUESTION
I've been struggling with the Func that I attach to OnTokenValidated not doing what it should be.
After lots of trying different things:
...ANSWER
Answered 2022-Feb-10 at 17:41I raised the above on the MSAL Github account and after chatting to one of the contributors, the answer is that in the registration of the Options that contains the event handler it needs to be registered as:
QUESTION
I'm working on figuring out how to use Microsoft Graph API in a ASP.NET Core 3.1 Razor Pages application. I found this guide and got most of it to work (along with retrieving a token) until I realized I need to get access to the API without a user.
At the moment, I am stuck because I am not able to retrieve a token using the ITokenAcquisition GetAccessTokenForAppAsync method. It keeps resulting in a NullReferenceException. I don't know if my startup setup is wrong or what, but I can't figure it out.
System.NullReferenceException: 'Object reference not set to an instance of an object.'
I'm aware of the Get access without a user guide which I understand and can get to work, but I specifically want to use GetAccessTokenForAppAsync method because it will manage refreshing tokens for me. Otherwise, I'd have to keep querying for a new token with every API call and constantly generating valid tokens seems like a bad idea.
Startup.cs ConfigureServices method:
...ANSWER
Answered 2021-Aug-29 at 14:08First of all I have successfully reproduced your issue, as you can see below:
You are getting this because of private readonly ITokenAcquisition _tokenAcquisition;
Note: This is actually a service which helps you to aquire access token on behalf of application. You cannot consume this service as constructor variable.
Solution:
Instead of that you should use ITokenAcquisition service as below way:
QUESTION
I'm using Azure B2C, I would like to use Google to sign in users. I would like to do something like this in my asp.net core page to achieve it:
...ANSWER
Answered 2021-Aug-06 at 15:26To redirect users to an external identity provider, do the following:
Check the domain name of your external identity provider. For more information, see Redirect sign-in to a social provider.
Complete the Support advanced scenarios procedure.
In the OnRedirectToIdentityProviderFunc function, add the following line of code to the OnRedirectToIdentityProvider function:
QUESTION
I have a curl script which requests a new access token from Azure AD. I need it to return a claim of some kind for my API, either a role or a scope either will work.
I can get an access token however its not returning a role claim or a scope or anything of that nature.
When used in the web API
...ANSWER
Answered 2021-Aug-10 at 09:50The solution was to add AllowWebApiToBeAuthorizedByACL this removes the error message and allows to backend services to communicate without the need for roles or claims.
System.UnauthorizedAccessException: IDW10201: Neither scope or roles claim was found in the bearer token.
I had added it but it wasnt working after digging around in the source code for Microsoft.Identity.Web. I found that I was on an older version of
Microsoft.Identity.Web which was apparently prior to the addition of the AllowWebApiToBeAuthorizedByACL check. I deleted the NuGet Package and readded it at 1.15.2 and it works.
QUESTION
I have created a web app in .net core 3.1 and authenticate users against Azure AD. After successful authentication I'm fetching user information from Microsoft Graph API. All are working fine locally but whenever I'm publishing it to Azure, it is also working fine for the users who are logged In at the first time but getting exception if the users already logged In (Previous Logged In) into the web app. This application is also working fine if the user logged Out who is already logged In and logged In again. If the user already logged In and trying to get user details through Microsoft Graph, getting exception:
...ANSWER
Answered 2021-Jul-26 at 07:30I am unable to reproduce your problem based on the official sample code. But from your error message, I see that your error message is from your local pc.
at SentimentAnalysisApp.Controllers.HomeController.Index() in D:\Workspaces\Controllers\HomeController.cs:line 70 (15cafa0a)
Your description is that everything is normal in local, but after the release, the problem appeared.
So I give the following suggestions and suggest troubleshooting:
QUESTION
How do I increase token lifetime for daemon app on Azure B2C? I have problem finding correct setting on Azure Portal.
I am setting up Azure B2C security. Everything is fine, I have daemon app which acquires token, saves it to cache, and calls API which check tokens validity. Subsequent calls check token lifetime and if expired, silently gets new one.
I have a requirement that token lifetime has to be more than default 1 hour.
I have found how to increase token life time for user-flow under Azure AD B2C | User flows / policy/properties.
But daemon apps don't use user flows. Is there another place to configure this? Is it somewhere in manifest and have I missed it? Do I not understand deamon apps and client credentials flow correctly?
I am using recommended libraries described here https://github.com/AzureAD/microsoft-identity-web/wiki .
...ANSWER
Answered 2021-Mar-19 at 13:49As you said, the lifetime of an access token is 1 hour by default. If you want to customize the lifetime of the token (increase or decrease), you need to use powershell to create a token lifetime policy, and then assign the policy to the service principal to set the token lifetime.
However, as far as I know, B2C currently does not support daemon-based client credential flow.
QUESTION
Should I be using OpenIdConnectDefaults.AuthenticationScheme when authenticating with Azure ADFS?
I have an ASP.NET Core application that has recently been upgraded from 3.1 to .NET 5.
Previously, it had been using the following NuGet package:
...ANSWER
Answered 2021-Feb-22 at 04:26The fact that I'm having to use a magic string "preferred_username" rather than ClaimTypes.Upn gives me some doubt.
preferred_username is not a magic string, it's documented as one of the claims that AAD adds to the id token payload, see https://docs.microsoft.com/azure/active-directory/develop/id-tokens#payload-claims.
The underlying library used by the ASP.NET Core OpenID Connect provider used to map claims to match well-known claims in the .NET world. Maybe Microsoft.Identity.Web disables that specific behaviour.
I blogged about this a while back at https://mderriey.com/2019/06/23/where-are-my-jwt-claims/.
QUESTION
I'm trying to use my own MSAL code to work together. Developed with .NET Core 5 MVC. I have similar problem as I found in below link. But I just don't know how to make it work with the proposed answer. Or in other words, I'm still confuse how this integration is done.
[It is mandatory to use the login component in order to use the other components]It is mandatory to use the login component in order to use the other components
[Quickstart for MSAL JS]https://github.com/microsoftgraph/microsoft-graph-toolkit/blob/main/samples/examples/simple-provider.html
I also have read following article too: [Simple Provider Example]https://github.com/microsoftgraph/microsoft-graph-toolkit/blob/main/samples/examples/simple-provider.html
[A lap around microsoft graph toolkit day 7]https://developer.microsoft.com/en-us/office/blogs/a-lap-around-microsoft-graph-toolkit-day-7-microsoft-graph-toolkit-providers/
is there someone can pointing to me more details explanation about how to archive this.
Can someone explains further below response further. How to do it. Where should I place the code and how to return AccessToken to SimpleProvider?
Edited:
Update my question to be more precise to what I want besides on top of the question. Below is the code I used in Startup.cs to automatically trigger pop up screen when user using the web app. When using the sample provided, it is always cannot get access token received or userid data. Question 2: How to save or store token received in memory or cache or cookies for later use by ProxyController and its classes.
//Sign in link under _layouts.aspx
Sign in
ANSWER
Answered 2020-Dec-15 at 21:06Since you are using MVC, I recommend using the ProxyProvider over the Simple Provider.
- SimpleProvider - useful when you have existing authentication on the client side (such as Msal.js)
- ProxyProvider - useful when you are authenticating on the backend and all graph calls are proxied from the client to your backend.
This .NET core MVC sample might help - it is using the ProxyProvider with the components
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install microsoft-identity-web
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
