I have an App to be used in my SharePoint tenant. From App developer I got the Client ID, Client Secret, App domain, return Url.
During my app registration through Appregnew.aspx, I have used wrong return url, and client secret. Now if I click on that app, it throws me error "An error occurred....".
To Use that App, I need to update my registered App with my correct client secret and return url. I am not finding any way .. How to Update or Unregister the SharePoint App.
To get your app registration details use below link
{SiteUrl}/_layouts/15/appinv.aspx
Then update your details using below link with existing Client ID(do not use generate client ID and client secret)
{SiteUrl}/_layouts/15/appregnew.aspx
This will update your app registration details for existing client ID.
Use link for more details
https://msdn.microsoft.com/en-us/library/office/jj687469.aspx
Not official/documented way but it works for me for SharePoint Online
1) I have installed Azure AD PS
2) Then run the following PS script
Connect-MsolService
$appPrincipal = Get-MsolServicePrincipal -ServicePrincipalName client_id
Remove-MsolServicePrincipal -ObjectId $appPrincipal.ObjectId
3) Then go to {SiteUrl}/_layouts/15/appinv.aspx and try lookup app by client_id. You can get Unexpected error or no info(like new id)
4) Then go to {SiteUrl}/_layouts/15/appregnew.aspx and register app again with same client id
Install the AzureAD PowerShell module.
Then run the following commands to remove your registered SharePoint app:
Connect-AzureAD
$app = Get-AzureADServicePrincipal | Where-Object {$_.AppId -eq "your client ID"}
Remove-AzureADServicePrincipal -ObjectId $app.ObjectId
After that you can follow the instructions in Santosha Epilis answer.
I have found the solution as well, for doing the same task but through the azure portal
Take a look ;)
This worked for me:
Install-Module MSOnline
Connect-MsolService
$appPrincipal = Get-MsolServicePrincipal -ServicePrincipalName client_id
Remove-MsolServicePrincipal -AppPrincipalId $appPrincipal.AppPrincipalId
Or, you will need to go to your Azure AD portal.
Click on the Azure Active Directory portal.
Search for the Enterprise Applications => All applications (remove all filters)
Filter by All applications and by your Shp App Id.
Related
I am trying to authenticate user from my bot using azure active directory.
I have done all the steps accordingly as per official documentation.
Unfortunately,while I run the bot emulator it doesn't prompt user login and anything only shows 401 directline.conversationUpdate. See the screen shot below:
I am trying this example from Git Hub
Note: I have also integrated ngrok exe and configured like below:
Based on your capture, pls have a check that if you have configed your app id and secret correctly as 401 error means you have not authorized successfully. At this period, the most related thing here is app id and secret.
You can find app id here in your bot :
And click "Manage" to create a secret.
Once the auth card pompted up, pls make sure that your account to login belongs to the tenant that you configed in OAuth Connection Settings on Azure portal.
I've some issues with a ASP.Net API and Google Authentication.
I work with VS 2017 and .net FW 4.6.1.
In this app the login can be made by create a new app user or use a Social network authentication like Google Account.
So I create a Google Project with a Credentials for Web Application and refer my dev env web site and my prod public web site.
In dev mode with Localhost it works perfectly but with my public domain name I get a
error=access_denied
The /signin-google?state=.... request, after choosing a google account, take 1 min and redirect to the home page with the access_denied error.
Do I need to regenerate the call to /api/account/externallogin with the publish website ? (I've already change the redirectURI)
Is the Google Project Name important to access to the API ?
Must the client ID be different between Dev and Prod ?
I've followed this tutorial to implement the authentication in my web site for more details :
http://csharp-video-tutorials.blogspot.com/2016/12/aspnet-web-api-google-authentication.html?_sm_au_=iVVDF8LpPKL6W0sQ
Thanks
I have a Web API running in an Azure Web App. It is used from a .NET WinForms client application. In the same Azure Web App, there is also an ASP.NET MVC site.
Users authenticate to the site and the .NET client using Azure AD credentials. This should be multi-tenant. The MVC app works fine multi-tenant, but I have trouble getting the client to run multi-tenant.
My understanding from https://learn.microsoft.com/en-us/azure/active-directory/active-directory-integrating-applications is that the Consent Framework should kick in automatically if OAuth 2.0 is used. I am using code (below) that is very close to the sample at https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapi-multitenant-windows-store/.
While I can successfully log in with a user in the tenant where the native app is defined and use the app, I cannot use the app with a user from another tenant. There is no consent asked and I get an AdalException:
AADSTS50001: The application named https://<myurl> was not found in the tenant named <sometenant>.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 3<snip>2
Correlation ID: 2<snip>a
Timestamp: 2017-01-05 01:01:10Z
I have added the ID of the native client app to the list of knownClientApplications in the web app's manifest. I am authenticating against the "common" tenant (https://login.microsoftonline.com/common). The third-party tenant user account signing in is a Global Admin in that tenant.
So, I am clearly overlooking something to enable the Consent Framework but I can't find what it is based on the sample...
Relevant native client code below
Uri RedirectUri = new Uri(sRedirectUri);
// AadInstance is the common tenant
AuthenticationContext authContext = new AuthenticationContext(AadInstance);
try
{
PlatformParameters pp = new PlatformParameters(PromptBehavior.Auto);
// Authenticate to Azure AD
Program.WebApiAuthenticationResult = await authContext.AcquireTokenAsync(WebAppIdUri, ClientID, RedirectUri, pp);
return true;
}
catch (AdalException ex)
{
MessageBox.Show(ex.Message, "Log In Not Successful");
}
Thanks for any insight!
I am trying to reproduce this issue however failed. The scenario that native client app consume the web API which both protect by Azure works well when I login the native app with the multiple tenant account. I tested the code sample from here.
And based on the error message, it seems that the resource is not correct, please ensure it is same as the APP ID URI for the web API app you register on Azure. I could get the same error message when I specify an incorrect resource.
I have two applications which access my users' calendars via a service account. Until today everything was working fine and out of a sudden one of the app cannot get a grant token. I read that this may be due to the same service account being used simultaneously (which was the case for a year but never mind) so I decided to
create a second service account
and authorize it to access the calendars
I created the service account in the Google Developers Console -> API Manager -> Credentials.
The console now looks like this:
Service account client 1 is the original service account which was working for both apps and now works for one of them only. The ga... account is the newly created one.
In order to get the ClientID I went (on the same page) to "Manage service accounts" and I get this:
The newly created account does not offer the possibility to check its ClientID. Why?
The ClientID is also available in the JSON file downloaded upon creation. I extracted it from there and tried to authorize the access in my GApps Security console:
As you can see it was refused.
What part did I miss when creating this second account?
Found it:
and after checking the checkbox below both accounts look the same, the ClientID is available and it can be authorized in the GApps console.
I want to authenticate my mvc application by microsoft. I successfully done with Facbook, Google and Twitter, but when i click on Microsoft then the error `We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later`
is coming.
I successfully created an app and paste the Client ID and Client Secret in my mvc application . But I do not know the real problem
What is the return URL that you specified for the given Client ID and Client Secret? If the site is not running under that specific URL (e.g. is running under localhost whilst you are in dev mode), you can get this error message.
In my case I had my gmail account configured as my primary Microsoft Live account once I changed this to my Hotmail account as the primary account and then created a new app with a new name Client ID and Secret it started working for me.
The gmail account worked signing in as a gmail user on my app Identity Provider being Google to give some background this is the account I used as my Microsoft Account. I suspect my Microsoft account using my gmail user name and password confused the MS identity Provider thus resulting in the error. So avoid using a different Identity Providers credentials to authenticate with a different Identity provider if testing this. One account per Identity provider not associated to other Identity providers.
Since the Google account had been my primary for the other Identity Providers when I logged into the App as this I as essentially I suspect therefore already logged in with my Microsoft account.
Step 1:-
Open Application Registration Portal of Microsoft [https://apps.dev.microsoft.com] where you have Registered your Application.
You need to make change in Redirect URIs
For example :-
The URI which is Registered
URL:- http://localhost:8000
Change to make in URI :-
Just Add :- [/signin-microsoft] at end of URL It works
URL:- http://localhost:8000/signin-microsoft
Finally save your setting and try again it will work.
In my case, it failed when I used my personal Outlook account to login.
Once I switched to an Office 365 account, it started working.