I'm developping a multi-tenant MVC website.
I have made already a costum azure website that could sign up multiple tenants Azure directories.
When I try make a multi-tenant cloud service with a WebRole, the sign up process of a new tenant fails with the message:
Access cannot be granted to this service because the service listing is not properly configured by the publisher. (ERROR CODE:1028)
I noticed that the replyUrl of the MVC TenantController for the service application was different (then for the azure website) and I tried to enable the SSL properly but with no succes.
Building a Multi-tenant Application with Windows Azure Active Directory (Single Sign-on, Graph access and Role based Authorization)
The solution that I tested was pure generated code from the Visual Studio 2013 'new project' wizard where I choose : Windows Azure Cloud Service / 1 WebRole / MVC ( Organizational Authentication , Multiple organizations, Single Sign On read directory data).
Does some one have a solution for this problem ?
Thanks in Advance
Run your application on HTTPS with SSL. if SSL is not configured then it will trow an error.
Related
I'm working on on-premise web application (front end hosted on IIS) that currently uses traditional form-based authentication. Our client wants the application to support "single sign on", which basically means he wants the users to automatically log in to the application. AFAIK there are two ways I can take to achieve the desired effect:
Most articles that I found suggest using some kind of Identity Provider system (like Active Directory Federated Services), which my application can communicate with over SAML/OIDC in order to obtain user's claims.
On the other hand, I could set up IIS to use Integrated Windows Authentication and get user claims directly from Active Directory through Kerberos/NTLM. This approach seems easier.
Given that my application will not be used outside of intranet, it is hosted in environments using Microsoft products (Active Directory, Windows Server, users using Windows machines), is there any reason I should consider the first approach?
I found a lot number of examples how o do this.
https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/hosted-with-azure-active-directory?view=aspnetcore-6.0
And it works fine when I run it locally in debug.
Everything is fine, until I want to publish the application up to an Azure APP Service.
I create an App Service and connect the server registration to it
I add on the client registration the URL of the APP Service https://xxxxx.azurewebsites.net/authentication/login-callback
In Visual Studio 2022 I publish the server application up to the App Service
To my surprise, the application does not work from the published site...
I get the response:
Sign in
Sorry, but we’re having trouble signing you in.
AADSTS700054: response_type 'id_token' is not enabled for the application.
I can not find an example that go all the way to a published APP service...
So what is wrong in my thinking here?
You need to register the app in Azure AD.
Your error message is: "'id_token' is not enabled for the application"
To fix this under Advanced Settings, Implicit grant check the box "ID tokens".
Here's the situation: I have an account in the azure active directory of my company with several subscriptions. I am building an ASP.NET Framework application for a client. This application is going to be hosted in their own azure environment, so to set this up, they added my email address to their azure active directory. Now in the azure portal I can use the button "change active directory" to either view my company's resources or my client's.
I set up a keyvault in my client's azure environment and I added keyvault as connected service to my application using these instructions. My application is running locally in local IIS, so I set up the application pool to use my user account so it has access to my azure subscriptions.
The issue here is that I still get an error when I try to run the application. The ysod says that azure gives a 401 response when trying to access the keyvault. I see that it's trying to use the guid that is associated with my company's azure active directory (I don't know what the name of this guid is). Obviously, I can't access resources from my client's azure environment with my company's azure active directory.
As an attempt to get more information, I built a small console application and used the same procedure to add keyvault as a connected service, since the internet says that the console application gives more details than the ASP.NET application. However, when I run my console application, I don't get any errors at all and I can access my client's keyvault just fine.
This makes me believe that there is some setting in my user account or IIS that I need to change to make this work, but I can't find what it is.
How can I make my ASP.NET Framework application, running locally in IIS, access a keyvault as connected service in my client's azure environment?
This should work, try to follow this to re-login your user account in VS and make sure you have modified your ASP.NET Framework project.
If it still not work, you could ask your client to create a work account for you in their Azure AD tenant and add it to the keyvault access policy, then use the account to login VS and test.
net application on visual studio and i need to make connection with sharepoint costum list to update/insert/delete.
Is there any tutorial or anyone can give some help?
There are multiple things you need to consider.
Code to write
Download and reference SharePoint Client dll's (e.g. SP 2013 -> 15
here)
Check out these samples -> https://msdn.microsoft.com/en-us/library/office/ee539976(v=office.14).aspx
Authentication
'Normal' service account authentication
AddIn Authentication (https://dev.office.com/sharepoint/docs/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins)
For a test drive i recommend the first authentication option, as the AddIn option requires a lot of configurations steps...
Make sure the service account of your Web Application (IIS Pool Account Identity or any other credentials) has sufficient permissions in SharePoint
Create the ClientContext as seen in the samples above
I am trying to accomplish the following:-
To build an Asp.net MVC 4 web application from scratch.
I want to use the current users and groups that are found on our company production active directory server.
In asp.net I know that we can have two types of authentication; Form Based & Windows based.
On my development machine I did the following tests:-
I set the authentication to be “windows based” and I was be able to access the asp.net MVC application without entering my username and password.
I set the authentication to be Form-based and I modify the query string to connect to the Active Directory instead of connecting to the sql databases tables. And I was able to access the application by typing username#domain and the password.
But my questions are:-
When deploying the web application on production, how will “windows authentication” works. Let say the user tries to access the application from external device, then can he still login to the system . Or “windows authentication” will not work for internet application.
Will form-base authentication connected to AD be the best approach to follow in my case?
If “windows authentication” will work when users access the application from external machine. Then what are the differences between having “windows authentication” & Form-based that is connected to an Active directory in this case?
Best Regards