We are trying to authenticate internal users via Azure AD when they visit certain pages. Our servers are not on site, so we are looking for an API where we can just pass the username and password of the user and receive whether they are in our organization and which groups they are apart of. It was possible in framework. Does such a thing exist for .NET Core?
UPDATE:
Thanks for replying! It seems to be giving me the authorization code now and now I'm trying to use this to get a token to then use that access token to get the user's groups (please correct me if I'm going about this the wrong way). My problem is I keep getting a bad request error. I've gone over the parameters a bunch and can't find what I'm missing. Here is my current set up of the API URLS, am I missing something?
string postData = $"{{\"grant_type\":\"{grant_type}\",\"client_id\":\"{client_id}\",\"code\":\"{code}\",\"redirect_uri\":\"{redirect_uri}\",\"client_secret\":\"{client_secret}\"}}";
string redirectUrl = $"https://login.microsoftonline.com/{tenant_id}/oauth2/authorize?client_id={client_id}&response_type={response_type}&redirect_uri={redirect_uri}&response_mode={response_mode}&resource={client_id}";
string requestUriString = $"https://login.microsoftonline.com/{tenant_id}/oauth2/token";
UPDATE 2: I figured out what was wrong, I was passing the post data as a Json String when it needed to be x-www-form-urlencoded.
I'm not completely sure this will solve your problem but you might want to have a look at the following .NET Core sample (with MSAL.NET): https://github.com/Azure-Samples/active-directory-dotnetcore-console-up-v2
This is with the usual disclaimer that we really don't recommend anybody to use username/password. There are other much better possibilities. For the full picture, see https://aka.ms/msal-net-scenarios
Related
My redirectUrl = "https://localhost:5000/download-product2/%2Fdbforge%2Fsql%2Fsql-tools%2Fsqltoolsstd.exe/viktorbl#devart.com"
I have a code:
private readonly IIdentityServerInteractionService _interaction;
public void Login(LoginModel model)
{
if (_interaction.IsValidReturnUrl(model.ReturnUrl))
{
// do something
}
}
IdentityServer does not consider my redirectUrl valid.
Why is it change?
Help me please
To get anyone to answer this question in a specific manner, you need to be more specific.
What errors are you getting?
Are you running your IdentityServer on localhost?
Can you get to that link from the browser?
"localhost" in your URL says that the resource is hosted on your machine. If your IdentityServer instance is not hosted on the same machine, then it will not be able to connect to it (if it uses connection check for validation). But you will still be able to access it from the browser on the same machine.
However, there also might be special logic that IdentityServer applies to URL validation. Perhaps it doesn't like the ".exe" bit in the URL. This is a fairly common anti-malware practice to consider such URLs as invalid. Perhaps you can't use file download link as a redirect (which this may be based on the URL structure).
The best way to find out what the problem is caused by is to look up the validation logic yourself. IdentityServer is open source and its code is available on GitHub. You can select the version you are using, clone the repository locally and look up the URL validation logic.
The easiest way to find where the validation logic is located is to search the repository for the error message that you are getting and then tracing the code back to figure out what generates this message.
The code for all versions of IdentityServer is available here:
https://github.com/IdentityServer
I just want to know if there is a naming standard on REDIRECT URIS for :
Twitter, LinkedIn, Microsoft, Facebook and Google when using OAuth 2.0?
Because, if I write my domain like that : http://domain.com/account/external-signin.aspx every external login stop working except Twitter and Facebook. The name account/external-signin.aspx is the real URL I'm working with and that I'm supposed to give to every external login.
So, Microsoft give this error:
We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later.
LinkedIn:
Invalid redirect_uri. This value must match a URL registered with the API Key.
And Google
400. That’s an error. Error: redirect_uri_mismatch
If I remove the page extension .aspx it seems to work although I deliberately write a wrong url like http://domain.com/sign-google, http://domain.com/sign-microsoft etc...
I'm working with MVC5 and C#.
I think I missed a few things ...
Thanks for your help
So finally, here is the correct answer:
It's not you that choose the redirect URL. You must write your domain.com/signin-{suppliername} in your app management.
Example:
Microsoft : https://domain.com/signin-microsoft
LinkedIn : https://domain.com/signin-linkedin
Google : https://domain.com/signin-google
Facebook and Twitter can work with your own redirect URL. Once successfully registered, the effect is immediate. Hope this can help somebody.
Karine
This error is denoting that you're having a miss match with the URL you're returning, and the return URL registered at the API Server. When you register your application, at the server, (for Google: https://code.google.com/apis/console) you have to make sure that the URLs being used would be matching.
After this, you will not get this error, I think on the server you've set this property to, http://domain.com/account/external-signin (without aspx; as you've said that this works without the extension but not with it). So try to change it on the server too.
For Linkedin append your url with "signin-linkedin".e.g. if your url is http://localhost:{portnumber}, make sure its is register in linked in as "http://localhost:{portnumber}/signin-linkedin" and this will do the trick.
Happy Codding :)
I'm running a Rest-Service using ServiceStack under Apache2 in C#/Mono. The Apache-Server is using SSL and BasicAuthentication with a htpasswd-file.
If I access my Rest-Service I get the auth-Request of the apache which is good. After authenticating my RestService is accessed. Now my question is: How am I able to get the user (the apache-session user) which has requested the service and authenticated to it?
I allready tried to get the Environment-Variables but didn't get the requested Information there.
The built in Authentication of ServiceStack requires me, as I understand, to implement authentication on my own. But I want to use the authentication of the apache.
Does anyone know a sollution?
Greetings
daily
P.S.
Below are the Mono and SSL relevant Sections of my Site-config for apache:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
SSLOptions StrictRequire +StdEnvVars
SSLProtocol all -SSLv2
MonoServerPath wcs.service.de "/usr/bin/mod-mono-server4"
MonoDebug wcs.service.de true
MonoSetEnv wcs.service.de MONO_IOMAP=all
MonoAutoApplication disabled
MonoApplications wcs.service.de "/:/var/www/wcs"
A little bit later than pronounced, but here is the answer to the question.
In your ServiceStack Service you get your RequestDTO as parameter. See this link:
https://github.com/ServiceStack/ServiceStack/wiki/Access-HTTP-specific-features-in-services
Under the point Services you can see what I mean. You don't need the RequestFilter as I suggested in my answer above. However.. you have this IHttpRequest of Servicestack. On this object you can get the OriginalRequest. This is the original ASP.net-Request. You have to cast the Result to HttpRequest (ASP.net).
var orgRequest = (HttpRequest)request.OriginalRequest;
On this newly casted object you have an accessable field Param. You can now get the REMOTE_USER param which contains the SSL-User I needed.
var sslUser = orgRequest.Param["REMOTE_USER"];
I hope this may help someone running into the same problem.
Greetings, daily
I am trying to display YouTube analytics data in a .Net application (Asp.net MVC 4 to be specific) using the google api .net client
The only sample I could find for this was a JavaScript sample located here for the most parts I was able to recreate the code in .Net, The only problem is that I don't seem to be able to find the counterpart for this lines of code which returns a list of Channels for the authenticated user:
var request = gapi.client.youtube.channels.list({
// "mine: true" indicates that you want to retrieve the authenticated user's channel.
mine: true,
part: 'id,contentDetails'
});
which should be then used here in my code:
var request = youtubeAnalyiticsService.Reports.Query(
"channel=="+ channelId, fromDate, toDate,
"views,likes,dislikes" // metrics to include in report
);
What I currently do to get it to work is to copy and paste the channel Id here and therefore "hard-code" it which is not practical in this my case and used only for testing purposes.
Hopefully I'm wrong but after searching for hours I think that the .Net API might be missing this part, can anyone confirm this? and if true are there any alternatives for doing this in the .net application?
I also guess that there might be a straightforward way to just use that part of the JavaScript code in the .net application but I'm not sure how!
Any help, hint or clarification would be much appreciated :)
This should work, assuming you've already got OAuth 2 setup and youtube is a YouTubeService object that's been properly authorized:
ChannelsResource.ListRequest channelsListRequest = youtube.Channels.List("id");
channelsListRequest.Mine = true;
ChannelListResponse channelsListResponse = channelsListRequest.Fetch();
string channelId = channelsListResponse.Items[0].Id;
I started to search 3 days ago and I already reached a good point by authenticating the user's and getting back the login session which contains the following data :
access_token: "xxxx"
authentication_token: "xxxx"
expires: "1339934686"
expires_in: 3600
I want to get the user data and, if you have a previous knowledge, you will know that I need to Decode the authentication_token value to get a JSON object containing some properties including the UserID to get the user data.
When I try to include the JsonWebToken.cs class, which was supplied by Microsoft example, in my MVC site it couldn't
resolve some references such as :
System.Runtime.Serialization.Json;
DataContractJsonSerializer;
When i searched i found that i must add reference to
System.Runtime.Serialization.Json,
System.ServiceModel,
System.ServiceModel.Web.
When I did that no thing happened new.
Finally, I apologize for the long post, but my intent was to explain the problem and the steps I gone through.
I hope any body could give me a simple MVC example URL or help me with the token decoding by any why.
Maybe this will not cover your question fully, but here is a nice post where ASP.NET MVC app uses LiveID but doesn't use an ASP.NET Membership provider:
http://blog.smarx.com/posts/actually-i-m-a-cia-agent
1) Reference for documentation is here: Windows Live ID Web Authentication SDK
2) and Live Connect Developer Center