I am trying to set up an ASP.Net MVC project that will use Azure Active Directory. I keep getting an error informing me that my user verification failed.
Here are the steps leading to the error message:
In VS 2013 Web Express, select New ASP.Net Web Application
Select MVC Template
Click change authentication button
Select Organizational Accounts option
Fill out form and click
A window pops up asking to verify password of my MS account
At this point I get an error message telling me that my user verification failed.
I do have an Azure Account. I do have directory set up in AAD.
Anyone have some guidance on setting up this project?
I found the answer in a page on the ASP.Net site. Organizational account authentication options
Don’t enter credentials for a Microsoft account (for example, contoso#hotmail.com) in the sign-in dialog box.
The sticking point was I did what the above quote says I should not do.
Related
I am trying to separate the Administrator Authentication and Organization Authentication in the OpenAM. The version that I'm using is AM-7.2.0.
I just changed the Organization Authentication from the embedded ldap to OpenDJ. And I found that I cannot login to the console page with the amadmin account.
I tried to access http://am.example.com:8080/am/console but it shows "Page Not Found". When I check with the webapps/am/console/ folder. There is only images/PrimaryProductName.png.
May I know how can I make the console page with the above url available? or it is no longer used for Administrator Authentication?
I have an ASP.NET 4.5 web forms app running on an IIS 7.5.
I created a page where the user inputs some information and selects some stuff.
At the bottom of the page I have a button that generates a word document.
How ?
I am using Microsoft Word Object Library and I have uploaded a word document template. In it I have added MergeFields which I am refering in the code behind and initializing them. This works great locally.
When I uploaded the app on the server..big surprise:
Server Error in '/' Application.
Retrieving the COM class factory for component with CLSID {000209FF-0000-0000-C000-000000000046} failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
The weird thing about it is that I have a few more files in the folder where I uploaded this word document template. Those are working fine inside the same application. I am using some excel templates. It's clearly a thing of not having access but why and how can I fix it ?
I tried to follow the instructions and right clicked on it to see the security properties. It already has the groups added and full rights assigned.
Why can't it access it ? It might be good to mention here that I am using impersonation.
I would really like to know if there is a way to fix this or do I need to write all the word manipulation code using a different library ?
Thank you!
I've tried this with several MS accounts that have Azure/AAD accounts in place and have attempted using both Visual Studio 2015 as well as 2017 and am getting the exact same bug/error.
Using the default ASP.NET MVC template with AAD integration out of the box (no code changes at all). The App is registered in my AAD account, and I see the tenantId and other GUIDs are in the Web.Config as they should be. I also traced the call stack as far as I could and the tenantId is initialized properly yet I still get this error:
Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID.
This happens after the permissions acceptance screen.
Here is a screenshot as well:
As requested, here is the Web.Config:
So the resolution was very simple. But this is not documented anywhere, not even in Vittorio Bertocci's book on the subject - which leads you to believe that you can log in as the Azure subscription owner after creating the Visual Studio project without any additional setup in Azure.
Since the new portal is in preview the UX is not really all that obvious. Here are the steps to take after creating a new ASP.NET project with Active Directory integration:
You have to log into Azure (in the new portal)
Click on Active Directory.
Go to your "App Registrations"
You will see your new application there. click on it.
Inside of the "Essentials" panel at the top of the app registration blade you will see a link with the header "Managed application in local directory" and the link will have the same name as the blade you are already in (This is the confusing part). Click on that link...
You are now one blade deeper and are able to see how many users this application has. It will likely be 0. - This is the issue!
Click on "Users and Groups" in the menu on the left side and you can start adding users.
Please note that the above steps may change as AAD comes out of preview in the new portal.
I want to add a "Provider Hosted App" in SharePoint 2013 with App Only Policy.
But as soon as I enable "Allow the app to make app-only calls to SharePoint" in the App solution in Visual Studio, the app cannot be added with success in SharePoint any longer.
In SharePoint Error Message I got this error:
"Access required"
"Sorry, you don't have access to this page"
I checked the ULS Log (SharePoint Log), there I saw a "Claims Authentication" Error with message (event ID "g220"):
"No windows identity for dom\myusr"
Some other info:
The user I used is already Site Collection Administrator.
I do not use any other scope permission in the app.
I can add the app successfully if I do not enable app only policy checkbox.
The SharePoint uses claims authentication. And in the ULS Log what I see, that as if it cannot resolve my user because it does not have claim authentication prefix.
My questions:
Have I missed something?
How can I add the app successfully?
Thanks for any helps!
Best regards
-motyus-
Detail steps to reproduce error:
Enable app only policy in Visual Studio 2012
Add and trust the app in SharePoint
I got an error message in SharePoint
I check in ULS Logs and this is what I got
i am trying to enable roles in asp.net but,i am getting few errors and after trying my best i am not able to get them resolved.
I am new to visual studio interface. I tried creating a login page as ASP.NET web application. Then as we have to configure the page to connect to the database to retrieve user details, i clicked on the ASP.NET configuration under Website control.. I was taken to the configuration page with three tabs.. Security was the tab that i was supposed to configure.. But i am not able to go through to the security tab. I get the following error message.
There is a problem with your selected
data store. This can be caused by an
invalid server name or credentials, or
by insufficient permission. It can
also be caused by the role manager
feature not being enabled. Click the
button below to be redirected to a
page where you can choose a new data
store. The following message may help
in diagnosing the problem: Unable to
connect to SQL Server database.
I also clicked on the button to select a new data store, but there was only one default data store available.
i enabled my role manager tag to true,but again i am facing the same problem
Any process to configure the security tab would be helpful.
Use steps below:
Configure your database in order to maintain ASP.NET Application Services. You can see here how to do it
Edit your web.config file. See details here
Go to ASP.NET Configuration Tool under Website control and create required roles.