I have an existing web API using ASP.NET web API 2 which has it own token based authentication using x-auth-token.
I want to add Azure logic apps to this existing API, but the logic apps have to use that API for authentication. Azure AD, Facebook, Google... are not an option.
Is this possible? How?
In this case you would want to specify the header directly under the headers property of the action.
"Http": {
"conditions": [],
"inputs": {
"headers": {
"x-auth-token": "the auth token"
},
"method": "POST",
"uri": "https://myapiendpoint.com/action"
},
"type": "Http"
}
As a best practice you would want to specify the actual token value as a parameter of type 'securestring'. You can find more information on secure parameters here
https://msdn.microsoft.com/library/azure/mt643789.aspx
So what I did was create a IOperationFilter (Swashbuckle) in ASP.NET and add the x-auth-token parameter to the Swagger export when required. Then the parameter shows up correctly in Azure and be filled in with the response of the previous authentication action.
Related
I am using microsoft.Identity.Web package on my .netcore API project which calls Graph API to get the directory objects of the user.
In the appsettings file the downstream api settings are provided as below,
"DownstreamApi": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "Directory.Read.All"
},
The relevant permission(Directory.Read.All) is setup in the app registration.
But even if I leave the "Scope" parameter blank the API is giving me the directory objects.
So if the settings is of the format below it still works. Then what is the need of this scope parameter?
"DownstreamApi": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": ""
},
The scope claim might not had reflected in the token and so you might not seeing any difference with scope assigned.
user_impersonation is the default delegated permission /scope that exists initially for every Web app or API in Azure AD.
Please make sure to add the required delegated permissions or application permission in portal.And grant consent if required.
In your case add directory.read.all Application permission
ex:I added user.read
Appsettings:
"DownstreamApi": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "user.read"
},
In startUp.cs
Public void ConfigureServices(IServiceCollection services)
{
string[] initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration)
// acquire a token to call a protected web API
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
//
//othercode
...
}
And in controller we need to specify scopes and send to request headers to get access token for required scopes.
References:
call Microsoft Graph | Microsoft Docs
(OR) active-directory-aspnetcore-webapp-openidconnect-v2 (github.com)
How can I create a new Azure App Registration without the user_impersonation OAuth2Permission? - Stack Overflow
If client_credentials is the grant type you may need to use https://graph.microsoft.com/.default for scope in the application settings which will give you the permissions defined for your app.
"DownstreamApi": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "https://graph.microsoft.com/.default"
}
Try to use /token endpoint in request and not common
Please see:
ASP.NET Core - Call Graph API Using Azure Ad Access Token - Stack Overflow-Reference
Is there any method to add a android app to exiting firebase project programmatically and i need the google-services.json as result then i need to add sha key with that same app using node-js
online documentation not solve my problem or i don't understand how to do it from that documentation
Thankyou for your answer i flowed it and facing another issue
#admin and #Frank van Puffelen please check
when i try to create android it showing this error.
{ "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } }
I send post request from live api test window
and in parent i set it as `projects/343202254462`
{ "displayName": "testing", "name": "te4sting", "packageName": "io.asdasd.fdsfdsf", "projectId": "324324324", "appId": "wdeqwe" }
There is a REST api, Firebase Management API, which lets you control the apps connected and other such admin work. Friendly note, make sure you restrict all client api keys from using this api!
REST Resource: v1beta1.projects.androidApps
create POST /v1beta1/{parent=projects/*}/androidApps
I am working on a .net core app and have to integrate O365 security groups for roles assignment, does someone have sample code to share, will be very helpful.
I have already used Azure AD app registration concept for O365 authentication and its working perfectly. .Net core app is hosted on IIS, when accessed by typing in url in browser, it redirects users to login.microsoftonline.com, once authenticated, users then see dashboard part of .net core app.
Not so sure about how O365 groups can be used in .net core app for permissions management, so looking for some sample snippet, thanks in advance.
You can query graph api either as your app or impersonate the user, to read which groups the user is in and then use those Id to filter views or what ever you need to do.
you can use the "List memberOf"
https://learn.microsoft.com/en-us/graph/api/user-list-memberof?view=graph-rest-1.0
Hope it helps.
Office365 security groups can be used for permissions management in your app, by verifying if a user is a member of a security group. You can achieve that by using Microsoft Graph API as MohitVerma suggested.
First, define groups to roles mapping in your app (configuration file seems to be a good place for that). Each group has a unique id, which you can get using e.g. Office365 or Microsoft Graph and map to a custom role in your config.json file:
{
"AppRoles": [
"Admin": "d17a5f86-57f4-48f8-87a0-79761dc8e706",
"Manager": "9a6a616e-5637-4306-b1fe-bceeaa750873"
]
}
Then, after successful login to the app, call the Graph API to get all groups the user belongs to. You will get a list of groups, each containing id property:
GET https://graph.microsoft.com/v1.0/me/memberOf
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": [
{
"#odata.type": "#microsoft.graph.directoryRole",
"id": "43a63cc2-582b-4d81-a79d-1591f91d5558",
"displayName": "Company Administrator",
"roleTemplateId": "62e90394-69f5-4237-9190-012177145e10"
},
{
"#odata.type": "#microsoft.graph.group",
"id": "d17a5f86-57f4-48f8-87a0-79761dc8e706",
"createdDateTime": "2017-07-31T17:36:25Z",
"displayName": "Admins group",
"securityEnabled": true
}
]
}
You can use MS Graph SDK for .NET to make a request and to create a group objects form the response:
var userGroups = await graphServiceClient.Me.Groups.Request().GetAsync();
Finally, verify the id of each group with your custom roles, e.g.:
public string GetRole(IEnumerable<Group> userGroups, IConfiguration config)
{
foreach (var group in userGroups)
{
switch (group.id)
{
case config.GetSection("AppRoles:0"):
return "Admin";
case config.GetSection("AppRoles:1"):
return "Manager";
default:
return "Unknown";
}
}
}
Make sure to grant permissions for your app to access Microsoft Graph.
First of all i am a newbie at jmeter. I searched a lot of documents but unfortunately i did not find to answer for my problem. I have a web api rest service with following sign. I can't send dictionary format parameter.
[HttpPost,ActionName("DummyService")]
public Dictionary<string,string> DummyService([FromBody] Dictionary<string,string> parameters)
I used Parameters section and BodyData section but parameters are always null.
How can i achieve that?
Thanx in advance.
I believe you need to pass some form of a JSON Array to your web service, in order to do it:
Switch to Body Data tab
Put your JSON payload there like:
{
"Parameters": [
{
"Key": "Key1",
"Value": "Value1"
},
{
"Key": "Key2",
"Value": "value2"
}
]
}
Most likely you will need to add a HTTP Header Manager to your test plan and configure it to send Content-Type header with the value of application/json
(optional) Consider upgrading to JMeter 3.0, looking into screenshot it seems you're sitting on an older version
See Testing SOAP/REST Web Services Using JMeter guide for more information on setting up JMeter for API testing
I am attempting to setup Authentication with ApiGility.
I have added a Login route, and when I access this route with no authentication in place I am expecting to receive:
{
"type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html",
"title": "Forbidden",
"status": 403,
"detail": "Forbidden"
}
As I do on my other ApiGility app.
However when I attempt to access the end point it is readily available despite having set Authentication.
Is there something that can affect this?
Here are some screenshots of my settings:
End point for login:
Fields
Authorized methods
Login Method - just returns true for now
Authentication setup
I updated ApiGility via composer and it started to work.