I found a lot number of examples how o do this.
https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/hosted-with-azure-active-directory?view=aspnetcore-6.0
And it works fine when I run it locally in debug.
Everything is fine, until I want to publish the application up to an Azure APP Service.
I create an App Service and connect the server registration to it
I add on the client registration the URL of the APP Service https://xxxxx.azurewebsites.net/authentication/login-callback
In Visual Studio 2022 I publish the server application up to the App Service
To my surprise, the application does not work from the published site...
I get the response:
Sign in
Sorry, but we’re having trouble signing you in.
AADSTS700054: response_type 'id_token' is not enabled for the application.
I can not find an example that go all the way to a published APP service...
So what is wrong in my thinking here?
You need to register the app in Azure AD.
Your error message is: "'id_token' is not enabled for the application"
To fix this under Advanced Settings, Implicit grant check the box "ID tokens".
Related
I am facing a problem when using WindowsIdentity.RunImpersonated.
I am running an ASP.NET Core 6 Web API as self-hosted (.exe) and using HTTP.Sys as host (instead of Kestrel). I am impersonating a user before making a HTTP call to another Web API from within this Web API.
Currently logged on user in this Windows 10 box is a domain user who is part of local admin group. The user I am impersonating is the same (currently logged on user).
When running the Web API by double clicking on it
Inside this impersonation, while calling HostBuilder.Build(), the call is failing with an error
System.IO.DirectoryNotFoundException
The path in the exception is of the folder from where this Web API process is running. I checked in the .NET Core code and it is failing in
new PhysicalFileProvider(_hostingEnvironment.ContentRootPath);
When running web API by right click on exe and "Run as admin"
No issues, HTTP call goes to other Web API and proper response is returned.
Even though I am logged on in this Windows machine with Admin privileges, still I have to run the Web API process explicitly as "Run as Admin" to make things work. This is what I am not getting.
Could someone please help here?
Here's the situation: I have an account in the azure active directory of my company with several subscriptions. I am building an ASP.NET Framework application for a client. This application is going to be hosted in their own azure environment, so to set this up, they added my email address to their azure active directory. Now in the azure portal I can use the button "change active directory" to either view my company's resources or my client's.
I set up a keyvault in my client's azure environment and I added keyvault as connected service to my application using these instructions. My application is running locally in local IIS, so I set up the application pool to use my user account so it has access to my azure subscriptions.
The issue here is that I still get an error when I try to run the application. The ysod says that azure gives a 401 response when trying to access the keyvault. I see that it's trying to use the guid that is associated with my company's azure active directory (I don't know what the name of this guid is). Obviously, I can't access resources from my client's azure environment with my company's azure active directory.
As an attempt to get more information, I built a small console application and used the same procedure to add keyvault as a connected service, since the internet says that the console application gives more details than the ASP.NET application. However, when I run my console application, I don't get any errors at all and I can access my client's keyvault just fine.
This makes me believe that there is some setting in my user account or IIS that I need to change to make this work, but I can't find what it is.
How can I make my ASP.NET Framework application, running locally in IIS, access a keyvault as connected service in my client's azure environment?
This should work, try to follow this to re-login your user account in VS and make sure you have modified your ASP.NET Framework project.
If it still not work, you could ask your client to create a work account for you in their Azure AD tenant and add it to the keyvault access policy, then use the account to login VS and test.
I have an ASP.NET API and works great as local and using Postman.
Then I decided to publish to Azure since I tried on other free host SOMEE and never worked.
Principal API page on Azure works fine but when I tried to call a controller shows the error
{"Message":"An error has occurred."}
and I don't even know where to check more details about this error.
I tried the same on a Somee.com host and same thing happens
Azure portal offer to you some resources to investigate your issue
Log stream (in your App Service page, under Monitoring section), can give you some info of you api call.
Advanced Tools (in your App Service page, under Development Tools), can give you more information of your app settings, deployment info, wwwroot folder, etc...
It can be a deployment issue(related to the app service configuration, maybe you are using a docker container?) or a simple error in your connection string, so review your app service settings:
it's usually one of these(some) problems.
all the best
I was able to redirect the login link to azure ad on my localhost, but I get a useless error message on the deployed version:
I created the ad b2c application and it looks lie this :
On visual studio, the asp.net core web project was created using the out-of-the-box way :
As you can see I also created the policies. Like I said, it works fine when I tested the same approach on localhost (instead of the app URL, I use https://localhost:45341/signin-oidc), but when I deploy, it does not work. What I am missing?
PD: The project I created is not using a windows server, but instead, linux, that might be the issue? I haven't found any tutorial online, all the ones out there are examples within localhost.
As the error message says "For local debugging, development environment can be enabled by setting the ASPNETCORE_ENVIRONMENT environment variable to Development, and restarting the application".
You can just do like this simply to resolve this issue:
Go to Azure, click on your Web App –> "Configuration" –> click “+New application setting” and add the “ASPNETCORE_ENVIRONMENT” and “Development”.
Don't forget to restart the application and wait a few minutes for it to take effect.
I've developed a deployed a small ASP.Net MVC web application into an Azure App Service application.
The application is using Google third party login provider for authenticating users.
Periodically, the login functionality stops working, the user clicks the Google button to login, the page reloads and they are not logged in. There's seemingly no error generated (I've connected ELMAH and nothing is logged).
If I restart the App Service application in Azure, the login starts working again for a period of time.
I've also connected the remote debugger to the app from Visual Studio and the act of doing this seems to cause the logins to being working again, so I'm stumped as to how to troubleshoot this issue further.
Does anyone have any experience or thoughts about what this could be please?
Thanks very much!