What we are trying to do is set up our MVC .NET application with Azure Connected Services within Visual Studio. We are trying to connect to the Existing Azure AD Application. We have the correct domain selected, and also the correct redirect URI
We need to be able to read directory data to determine user group but we don’t have client secret
This is the error we get
Make sure your existing Azure AD application is registered as:
Accounts in this organizational directory only (Devchat only - Single tenant) or Accounts in any organizational directory (Any Azure AD directory - Multitenant).
Other types are not supported to be updated in this case.
You can refer to this document to register an application for a quick test.
Related
I am planning to move some of my applications from AzureAD authentication to Azure B2C. I have an existing Azure AD Tenant that has a custom domain assigned and verified and I use this for all of my internal Office 365 and AzureAD authenticated applications. I do not want to change any of this as it is working well.
I then created an Azure B2C tenant using the instructions provided here https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant. That also worked and I have been able to register applications and create sample Flows.
However, I now want to assign a custom domain to the Azure B2C tenant and I would like to use the same domain that I am using for my existing applications in the AzureAD tenant. I use subdomains on my web server to separate the various applications.
I used the instructions here to create the custom domain in my Azure B2C tenant and add the TXT record to my domain registrar. https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow.
However, when I try to verify my domain, I get a message stating that
This domain has been previously configured on
[Azure Domain Prefix].onmicrosoft.com using an existing Azure AD or Office 365.
To verify this domain name, you will first need to remove the domain
name from the existing directory.
I tried adding the subdomain to the Azure B2C tennant, but understandably this "domain" was not able to be found in the verification step.
Does anyone know how I can get around this? My understanding is that I can't add the B2C functionality to an existing AzureAD tenant and I really don't want to move everything from my existing AzureAD tenant, nor create a new domain.
I have now worked out why I had this problem and will post an answer to help anyone else.
The issue was that I was trying to add my top-level domain to the Azure B2C instance. However, if I followed the instructions more closely, I would have seen that I should be registering login.[my-doimain].com.au. I found the following graphic from https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow useful to understand B2C a bit better.
I am using Microsoft Graph API to send messages to private users in Microsoft Teams. I registered an App in Azure Active Directory, gave proper permissions and called the API and was able to successfully send the message.
My question is what would be the most efficient way to deliver this integration to different clients? Do we have to register an App in every azure directory of the client individually, or is there a way I can publish the app that I have created with all the API permissions required and the administrators can install the app in their azure directory
You would have to publish your application in your home tenant as a Multi-tenant application.
When a user from the client's tenant access your app, they will be prompted for login and post that either the user or an admin will have to consent to the app and the required permissions. This will create a service principal in the corresponding user's directory where the consent objects are stored. This way you don't have to register application in each directory.
You can follow the steps listed here for more detailed instructions to convert your application into a multi-tenant app.
Currently, I developing Microsoft ChatBot that needs login via Microsoft Graph.
After I log in the error display as below.
When you registered your app, you chose one of three supported account types:
Accounts in this organizational directory only (i.e. one Azure AD tenant only)
Accounts in any organizational directory (i.e. any Azure AD tenant)
Accounts in any organizational directory and personal Microsoft accounts (i.e. any Azure AD tenant and any personal Microsoft account)
If you chose the first option, your app is not considered "multi-tenant", and you cannot use the "common" endpoint, as the error message indicates. You have two options here:
If your application is to be used by users from multiple organizations, change the intended audience to "Accounts in any organizational directory" (Azure portal > Azure Active Directory > App registrations > Authentication).
If your application is only intended to be used by one organization, then update your code to use the tenant-specific endpoint (i.e. https://login.microsoftonline.com/{tenant-id}/..., instead of https://login.microsoftonline.com/common/...).
I have a web app which uses a business network model to read from the blockchain and display the assets + execute transactions.
I have already defined my ACL file. Using the playground, as admin, I can create new ID cards and then use these cards to restrict the access in transactions and assets to participants, but how can I associate these ID cards to my web application so the users can see only what they are allowed to see?
I used the generator-hyperledger-composer to generate my angular project.
Thanks
Use REST services from your application. Your angular project can connect to the REST server.
Set up REST server authentication and choose a Passport-based authentication mechanism/strategy that best suits your setup -> https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html and configure REST server multi-user mode -> https://hyperledger.github.io/composer/integrating/enabling-multiuser
The latter shows how (given that you've created business network cards that contain a user's blockchain identity) you can configure multi-user mode and interact witih the REST server - using a browser and Wallet in this example.
Info on deploying a REST server is here -> https://hyperledger.github.io/composer/integrating/deploying-the-rest-server
Is it possible to have a wcf service role live in a virtual directory (or the equivalent not sure if that word is the appropriate one for Azure) of a web role on Azure.
For example:
www.mydomain.com <- contains the web role or website
www.mydomain.com/myservice.svc <- contains the WCF service
I've seen people suggest that you can change the config to allow for virtual directories, however I have RDPed into both VMs and they appear not to share the same files on disk.
I am Azure newbie, please forgive the terminology. But is it possible to do what I am wanting?
A web site and a WCF service can be accessed using the URLs you listed above if they are both in the same web role. You will get the URLs you describe above if you do the following:
Create a new cloud project in Visual Studio, specifying a Windows Azure Cloud Service.
At the prompt, add an MVC web role.
At the next prompt, select Internet Application and press OK.
When the project is created, right click on the MVC project and choose Add --> New Item --> WCF Service.
Press F5. The default ASP.NET MVC home page will show up. Then navigate to http://yourlocalhostaddress/Service1.svc. You'll see the typical "You have created a service" landing page for a new WCF service.