I'm using Azure ACS to deal with the user authentication in my site, now I'm building a Windows Form App where the user needs to authenticate with the credentials that are used in the web site.
There is anyway to implement Azure ACS with windows forms application?
Yes, use Azure Authentication Library (AAL). Here is an example. The client application is WPF, but it could just as easily be a Windows Form App.
http://code.msdn.microsoft.com/AAL-Native-App-to-REST-de57f2cc
i am not sure if you can do this directly from the application but i suggest doing so through a WCF or a web services. you can work with ACS with WCF,
http://msdn.microsoft.com/en-us/library/windowsazure/gg185912.aspx
Related
I am trying to connect to PowerApps WebApi using CDSWebApiService provided by microsoft.
https://learn.microsoft.com/en-us/powerapps/developer/data-platform/webapi/samples/cdswebapiservice
I have used the sample code that Microsoft provided to connect to Web API of Power Automate and that works fine for the normal users.
But when we turn on the MFA for the user that its giving authentication errors to call API.
Basically I am trying to call WorkFlows API.(https://learn.microsoft.com/en-us/power-automate/web-api)
Or is there any other way to call Power Automate Web API? Using CRM Service client or something else?
you should use Application user to make API calls, especially when your company has MFA enabled.
With Application user you can have clientID and secret and that can be used.
Also I think application user does not use MFA.
I have setup Single Sign-On with SAML in Azure portal but now I don't know how to do in VB codes. I need guidance on how to do in visual studio so that once I publish the web to cloud it can call SAML/Azure AD and redirect to login Microsoft and if login success will redirect to webapp.
Thank you so much for the help
Registering your app is just a way for Azure AD to know that your app wants to authenticate its users with AAD.
In your application, you will use one of the many SAML SDKs to integrate AAD authentication.
I have a mobile app which gets token directly from azure login. And I have a service which is using adal4j in spring boot. I cannot use the mobile generated token to authenticate spring service. Becase I use two different azure app registrations for mobile and web service. Is there a way to accomplish this ?
My understanding is that you have created 2 Enterprise Applications in Azure.
1) An Enterprise Application for your mobile app (Type: Native)
2) An Enterprise Application for your Web API app (Type: WebAPI)
For native app, you will not need a client secret but you will need a client secret for the Web API app.
Now coming to the key configurations:
In both of these, please update the manifest file to have oauth2AllowImplicitFlow set to true
Also, in your Web API Enterprise Application, please have the app id of your native app in the known client apps
"knownClientApplications": ["
Now, when calling your Web API through an end-point from the Native application, pass your token in your request header as "Authorization": "Bearer "
Also note: if you need to retrieve group claims, please update the manifest in both your enterprise apps to have the following setting for this property
"groupMembershipClaims": "SecurityGroup"
Update:
Under permissions in the native app, please add the Web API app registration to allow access
Yes, the OAuth 2.0 on-behalf-of flow should applies to your scenario. These steps constitute the On-Behalf-Of flow.
Azure AD issues a token for certain resource (which is mapped to an Azure AD app). When we call AcquireToken(), we need to provide a resourceID, only ONE resourceID. The result would have a token that can only be used for the supplied resource (id). There are ways where you could use the same token , but it is not recommended as it complicates operations logging, authentication process tracing, etc. Therefore it is better to look at the other options provided by Azure and the ADAL library. The ADAL library supports acquiring multiple access-Tokens for multiple resources using a refresh token. This means once a user is authenticated, the ADAL’s authentication context, would be able to generate an access-token to multiple resources without authenticating the user again.
Further details here.
I have the task to build a new API. The API will mainly be used by tablet applications.
I'm thinking of using the new ASP WebApi.
My biggest concern however is the security part. Because the apps will be build by third-party companies, we do not want that usercredentials will be entered in their application, but redirected to our site (authenticationserver).
I have done some researching and I came accross OAuth 2.0. For working with mobile devices and tablets it's probably the best to work with the 'autohorization code flow' principle -correct me if I'm wrong-.
Am I thinking in the right direction or are their simpler authentication systems to achieve my goal?
Are their any frameworks (.NET) available (or documentation) how to create an Authentication Server and how to use it in the Asp webapi?
Is it easy these days to implement oauth2.0 in an IOS app?
Thanks for any help!
OAuth 2.0 authz code based grant is suitable when client app is a Web application. Will the apps that are going to be built by third party all be Web applications? There are HTTP redirects involved in that flow.
In OAuth 2.0, there is a client, there is a resource server (Web API in your case) and there is an authorization server. There is no such thing as Authentication server. Are you referring to some thing else?
I'm working on a Windows Phone 7 application with C#.
I want to implement my login page using Facebook account. To do that I'm using codeplex Facebook C# SDK.
How can I do that?
Thanks.
You can use ACS for that. See here. (answered your other question too)
In short (assuming you are writing a native app):
Your app (e.g. REST services) trusts ACS. For this you expect a SWT (Simple Web Token) that is issued by ACS
In your app, you embed a web browser that navigates to the app, to ACS and Facebook
Once the token negotiation happens in the browser, you extract the SWT and you pass it to the native app
All subsequent calls to your API include the SWT
If you are writing a "web" app for the phone, then it all just works.
In both scenarios, you would use WIF in your backend. It it is a REST API, you need the OAuth extensions mentioned in the link. If it is a web site, it all works OOB.