I am unable to login to my Visual Studio 2019 and I get the warning message We need to refresh the credentials for this account
Based on input from Visual Studio 2017 - How to fix error: We could not refresh the credentials for the account , I have deleted the folder "C:\Users\{username}\AppData\Local\.IdentityService" but it did not resolve the issue
I have checked the logs and I see below message
AcquireTokenException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access
I am using Microsoft Authenticator app to authenticate the request but refresh error keep pops in even though I successfully authenticate myself.
Note: I have ZScalar as firewall. I have even tried switching off ZScalar, but no luck
Related
When trying to create a storage account in azure from VS Code's Bash Terminal, I get the following error:
error retrieving default location: The client '' with object id '' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '' or the scope is invalid.
If access was recently granted, please refresh your credentials.
After successfully logging into Azure using az login, I still get the error.
The error means your logged user account/service principal as mentioned in the error does not have enough permission,
to solve the issue, navigate to your subscription in the azure portal -> add it with a role e.g. Contributor like below.
Note: To add the role, your account logged in the portal need to be the Owner or User Access Administrator of the subscription.
After some time past, I was able to run my bash scripts without issues. I ran AZ login again and changed to my subscription. I did all of this before, but I believe it worked this time because the previous session timed out. Previously when I logged into that session I didn't have the necessary permissions and logging in again without previously logging out did not refresh my permissions.
When I try to connect to Dynamics 365 CRM with the Plugin Registration Tool I get the following permission error:
"You don't have permission to access any of the organizations in the
Microsoft Common Data Service region that you specified. If you're not
sure which region your organization resides in, choose "Don't know"
for the CDS region and try again. Otherwise check with your CDS
administrator. Parameter name: EMEA"
I have the System Administrator role
I can sign-in to the web interface and work with no issues
I'm sure of our region, tried to login with and without it ("Don't know" option)
Also tried with an application password as our organization uses multi factor authentication
Using the latest version of the tool on Nuget (9.0.0.9506 in the about dialog)
I can connect to my trial server the same way
We had a user who was able to connect with the same user roles set
This seems machine and account independent. Other users including the organization creator are getting the same error
We are directly connected to the internet, no proxies
One solution I've read suggested cleaning the cache files which don't appear on my system. And we get the same error on clean installations.
Solved by leaving the "Show Advanced" checkbox unchecked and not entering User ID / Password. Then a second dialog opens for credentials and 2FA authentication which just works.
You don't need an application password, as you'll be asked for MFA in the next step.
I don't know how our old teammate was able to sign in with the "Show Advanced" option selected. He was getting the same dialog and continue.
I'm currently working on a VSTS Application, but every time I try to Login using my Visual Studio account, it keeps showing the Authorization dialog again. I have to re-authorize my App every time, which keeps generating authorizations on my Visual Studio profile, where the App is registered.
I'm using the OwinOauthProvider for Visual Studio.
https://github.com/TerribleDev/OwinOAuthProviders/tree/master/src/Owin.Security.Providers.VisualStudio
Is there any way to configure to provider to just authorize once and use the authorization for subsequent logins? Or any other suggestions to create a single-sign on from my App and connect to the VSTS Api's?
UPDATE:
Additional links on the issue:
https://github.com/TerribleDev/OwinOAuthProviders/issues/135
https://visualstudio.uservoice.com/forums/330519-team-services/suggestions/9261621-bypass-oauth-grant-step-for-previously-authorized
(vote for it if you're experiencing the same)
There is access token and refresh token, the access token will be expired after an hour, but the refresh token will be expired after one year.
So, you can refresh the access token according to the refresh token instead of let user to authorized again.
Based on this thread (VSTS API Refresh Token Expires), Christopher said that:
We obviously must honor the user's right to revoke a previously
granted authorization
Update:
I analyzed the whole workflow, that is by design, when you request the VSTS external login, the accept page is required, you can’t control it in your code or other ways.
my problem is that every time I start VS, I see
HTTP code 407: Proxy Authentication Required
in the Output window.
This is despite me having entered the credentials AND having agreed to remember the credentials.
So now I have to go to Team->Manage Connections. This opens Team Explorer with a "Manage Connections" link. That gives me a window where my Team Foundation Server is already configured but under Team Project Collections I see the 407 error. Below that I need to click Switch User. This gives me a login promt where --- and here comes the funny part --- I just type the first letter of my login and click on the suggested name, which autofills username and password and after that I get a succesful connection.
So WHY does not this work automatically? All information is obviously already there! Is this a known bug or am I missing some further options?
So I deployed my website this morning to my test server using "Build Deployment Package" in Visual Studio.
In IIS we import the website and deployed it as a new site, everything is fine there.
But when we launch the browser, we hit an error:
HTTP Error 401.0 - Unauthorized
You do not have permission to view this directory or page.
Most likely causes:
The authenticated user does not have access to a resource needed to process the request.
We tried to give all access to users for folders and also alternate from anonymous login to form Authentication without success.
Help would be appreciated! Maybe I missed a permission somewhere..
I found my problem:
For some reason, visual studio was not compiling my resources and Dlls in the package.
I had to set all resources in project at Embedded in properties and I manually copy my dlls on the server