I've written my own web service in ASP.NET Core 2 that authenticates against AzureAD and provides a JSON endpoint which I'm trying to consume in Power BI. When I set authentication to Organizational Account and click sign in, I get the following error:
We were unable to connect because this credential type isn’t supported
for this resource. Please choose another credential type.
Is there something I need to change in my service so that it will work correctly with Power BI?
According to this, AAD auth is not supported:
I am afraid that the AAD authentication type is not supported in Power BI Desktop, please vote up the following ideas.
https://ideas.powerbi.com/forums/265200-power-bi-ideas/suggestions/31405525-support-azure-active-dir...
https://ideas.powerbi.com/forums/265200-power-bi-ideas/suggestions/15039609-active-directory-authent...
Regards,
Lydia
I ended up using auth tokens to get around this unfortunate limitation.
Related
In 'Autodesk Construction Cloud APIs' I try to use GET method for projects/{projectId}/issues.
This is the documentation for the API: Get issues API Link
I am using Postman and for other API's it works without problems, but for some reason for this API I got the following error:
image of the error:
I know my ProjectId and Token are fine. I am wondering if it has to do with some access the admin must to give me.
best regards,
It looks like your access token is 2-legged. Instead, you will need to use a 3-legged one since its Authentication Context is user context required.
See:
https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/basics/
https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token/
https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token-implicit/
We have an API management instance in azure.We have also enabled the management API. There we have set a SAS token & that has been used in the application. Here, we have to change the SAS token in every 30 days. If the token is expired, that will result into an application outage. Is there any way to get notified via email or any other means about the token expiry (in advance). I did some research on this, but , unfortunately could not find anything useful.
I don't believe there is built-in support for this.
You could instead have a logic app that takes in a SAS Token as input and schedules emails based on the expiry of the token.
TIP Apart from an email, you could do more interesting workflows like sending actionable messages using office 365 outlook or https://learn.microsoft.com/en-us/connectors/teams/#post-an-adaptive-card-to-a-teams-channel-and-wait-for-a-response connectors and even create a work item in Azure Devops or create an issue on GitHub, depending on what you use.
Alternatively you could create Azure AD application with client id and client secret, give it permissions to do what you need to be done in APIM and use its credentials to do all the same operations via ARM.
Is it possible to use any tokens from an Outlook add-in for use with authenticating EWS Managed API operations that create or update items?
Apparently the token returned from mailbox.getCallbackTokenAsync can only be used in read operations. I can indeed verify that is a problem because attempts to send emails or call UserConfiguration.Update result in an error:
The requested web method is unavailable to this caller or application.
I have been testing these methods from an ASP.NET Web API App Service in Azure, called from JavaScript in the Outlook add-in.
Apparently mailbox.getUserIdentityTokenAsync can be used to validate a user, but it is not clear if that can be used in conjunction with OAuthCredentials for ExchangeService.Credentials.
Are there any options here? I cannot ask the user for their username and password to authenticate with Exchange. I am certainly willing to use Graph or the Mail API, but AFAIK there are no ways to update user configuration items with those APIs.
You're looking for makeEwsRequestAsync(). Both CreateItem and UpdateItem operations are supported makeEwsRequestAsync.
You can find the full list of supported EWS operations in the documentation under EWS operations that add-ins support.
There is also support for calling into Microsoft Graph via the add-in but as you noted, Microsoft Graph supports a very limited number mailbox configuration options.
I am trying to work out an application using
Dotnet Core 1.0
MySQL as the data store
Authetication and Authorization
Entity Framework
Ubuntu 16 machine
I have succeeded in creating a sample API to fetch data from MySQL database using entity framework. Now I want to introduce Authentication using email as username and Password.
I tried several method from different blogs but unable to achieve this.
What I am trying to achieve is Custom Authentication for the api where user will send username and password to login Api. The login Api will return an access token and refresh token. Using this access token, the user can call other APIs.
Later on I want to add Google and Facebook Authentication too.
Is there a way to do this?
Everything you want to achieve is possible. However there are some caveats.
Yes you can do this. You will need to use the resource owner grant which is turned off in identityserver 4 by default. I suspect the reason for this is because passing user credentials into an application is an anti-pattern, it is there to typically support legacy systems, also it does not authenticate users in the explicit sense because the credentials could come from an un-trusted source (as an example). You can read up about the grant's generic value here. You can find samples here.
The safer pattern is to use something like Implicit Flow which is good practice if you cannot guarantee trust between clients and your API.
As for social logins this is possible. There are tonnes of samples online but here are the official docs.
There is a project on github, https://github.com/diogodamiani/IdentityServer4.MongoDB and a corresponding nuget package that will send you in the right direction. It's obviously MongoDb, but the same premise applies.
I need this for a Metro Style app, which can't use Passive authentication, and doesn't have WIF.
So far I've managed to get a SAML token from ADFS 2.0.
I now need to send this token to login.MicrosoftOnline.com, which will return me an SWT token to give to [mysite].sharepoint.com, which will give me cookies to include with REST requests.
ADFS 2.0 and login.MicrosoftOnline both talk WS-Trust. I've found many samples on the web that shows how to send the token request to MicrosoftOnline, but they all rely on sending the username and password along. In this case, however, MicrosoftOnline doesn't have permission to authenticate the password directly. My only option is to give it the SAML token.
The username and password I'm using works fine when using passive authentication, so the credentials is not the problem.
Samples can be in any language (except klingon), but .Net is preferred.
A bit late, I did not see your question until today. I did manage to send a saml token to Sharepoint online with this code (using usr/pwd): http://sharepointwinrt.codeplex.com/
Maybe it will give a starting point for you.
Cheers,
Juanma