AD-AUT | Algorithm Design Course @ AUT | Learning library

I already read and tried this, this, and many other resources, without success.

I have a UWP app that calls an AAD-protected HTTP-triggered Azure Function. I created the two app registrations on the AAD section of the Azure portal. The API app registration specifies a scope and has an application ID URI of api://5e6b2b53-.... On the “Authentication” blade, I set https://login.microsoftonline.com/common/oauth2/nativeclient as redirect URI. I already set the same value as the redirect URI of the UWP app registration (I don’t know if it’s correct). I also set:

On the Function app registration. I also set the following redirect URI for the Function app registration, but I don’t understand if it’s required:

The UWP app registration uses the right scope I defined on the Function app registration. Both the app registrations are multi-tenant. The code I use on the UWP app to call the protected Azure Function is:

We use PowerShell to set up an Azure deployment, which, among other Azure resources, creates an app registration.

The simplified code is as follows:

I am trying to secure the Azure functions using Azure Active Directory following the note.

When the link https://xxxfunction1.azurewebsites.net/api/function1 is entered, the browser redirects to AAD:

https://login.microsoftonline.com/[tenent]/oauth2/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Fxxxfunction1.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=[client_id]&scope=openid+profile+email&response_mode=form_post&nonce=[nonce]state=redir%3D%252Fapi%252Ffunction1

and the error returns:

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application

The platform configurations in the AAD client:

The Authentication & Authorization in Azure function xxxfuntion1 is configured to AzureAD client xxxfunction1app:

The same error with Advanced mode:

Any idea why it says the error on the reply URL please?

I have a web API that I authorize against custom JWT like this:

We are building a ASP.net core Web API with Angular SPA client. For Authentication we have implemented Azure AD with multi tenants. For the Web API authentication/authorization we have followed this Microsoft sample. This uses the Microsoft.Identity.Web MSAL library for authenticating the authorisation code that originated from the Angular SPA. On the Azure AD application registration we manage the correct scope of the application, but we are not able to understand how claims are managed.

In previous applications I had run the authentication server IdentityServer4 as middleware in my application, allowing the authentication and issuing of claims in my application. I was using UserManager to add or remove claims on the User. Claims information was stored in the User tables of my database, and were then included in the issued cookie and available to the SPA and the Web API.

In the current application we are fully relying on Azure AD, and now I feel I am missing a piece of the puzzle to manage the user claims (and their inclusion on the cookie/token). Question: How can I manage claims that are specific to our application while user management and authentication takes place on Azure AD rather than in my application?

To clarify: This Microsoft document mentions three ways of using application roles: Azure AD App roles, Azure AD Security Groups and Application Role manager. It's the last one I feel is the correct functionality I need:

With this approach, application roles are not stored in Azure AD at all. Instead, the application stores the role assignments for each user in its own DB — for example, using the RoleManager class in ASP.NET Identity.

A small selection of the documentation I have reviewed but didn't give me the answers:

• This previously linked Microsoft document does mention using the RoleManager class in ASP.NET Identity, but does not explain how to implement this as integration with Azure AD such that the cookies/tokens include the roles (or roles converted to claims).

• I have read about using MS Graph schema extensions and including these in claims however, the article also states that any application with consent can read and write these extended properties. Implying this is not a secure way to provide any claim to the application as the values could be touched from outside the application

• Documentation explaining how to verify user claims.

• Tailspin scenario, mentions using roles on the application rather than security groups. But there is no indication or hint how this is included as claims in Azure AD. And following this it's clear that it's not controlled in the application.

• This document and this explains about transforming claims or adding custom claims, but this is basis conditions on the user account rather than the application setting the claims. These conditions would also need to be managed on the domain rather than in the application.

• Similar question? But no answer.

I am using AzureAD as a login provider for a .net core 3.1 app, using Microsoft.AspNetCore.Authentication.AzureAD.UI nuget package, and it is all set up and working.

AzureAD only allows users from the tenant access, if the user is not in the tenant then it shows them a sensible error page.

If a user has access to the site but needs a specific role to view a page they get redirected to /Account/AccessDenied/ page.

However if the user has no role assigned but is in the tenant, azure ad does a POST to my site's /signin-oidc/ with the following POST body:

I am trying to switchover to Azure AD for my identity platform on a Blazor WASM app I am building. I have followed this documentation from Microsoft incredibly closely.

When I log in to the app, the client app is able to display the logged in user's name, which comes from the AuthenticationState object.

However, on the server side, when I sent a an HTTP request (POSTing a comment for example), the HttpContext.User.Claims are empty, and the following line I was using previously to get the userId returns null:

I am learning to build apps in Flutter. Now I have come to alert dialogs. I have done them before in Android and iOS, but how do I make an alert in Flutter?

Here are some related SO questions:

• How to style AlertDialog Actions in Flutter
• adding dropdown menu in alert dialog box in flutter
• Show alert dialog on app main screen load automatically
• how to refresh alertdialog in flutter
• Alert Dialog with Rounded corners in flutter

I'd like to make a more general canonical Q&A so my answer is below.

I am setting up Azure AD applications for my Service Fabric cluster, so I do not need to rely on Cert Auth to connect to the cluster.

We use a Service Principal from an App Registration that has Contributor access to the subscription to run the ARM template to set up the cluster. Is there a way that I can make the Service Principal an Admin on the Cluster AD Application as well?

Our deployment script is in Powershell and saw this post: Deploying ServiceFabric apps using AzureAD Authentication on how to automate connecting, but I need a way to connect with a Service Principal.