We have a dashboard deployed on a Power BI Server On-premise. So no Azure AD solutions please.
We would like to display this dashboard on an Extranet Web Application that uses Forms Authentication for its users. We currently use iFrame or redirect URL access, since those are the only options.
We don't want the Users to login again to view reports since they have already logged in to the Application. They are currently being prompted.
How can we use a common credential(preferably AD account) to authenticate/authorize each dashboard view? We want to be able to change the credentials programmatically.
You'll have to implement a custom authentication extension. You should be able to use the existing SSRS documentation, given that Power BI Report Server is essentially a direct superset of SSRS. If you want to use AD accounts, you'll have to establish a normal AD authentication flow in your application, as well as pass on a valid cookie over to the SSRS side of things. Microsoft has pretty extensive documentation, as well as samples on this:
Documentation on custom authentication:
https://learn.microsoft.com/en-us/sql/reporting-services/extensions/security-extension/authentication-in-reporting-services
Repository with samples:
https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample
Related
When I want to publish my XF.UWP app to the Microsoft store on a new pc I am presented with the following fields to fill:
Tenant ID
Client ID
Client Key
The Microsoft documentation page that guides you through the process seems to be outdated (I already reported this), and I can't find the data that I need to fill from the new Microsoft Partner Center.
The only field I am able to find is 'Tenant Id'. I Found it under gear icon - account settings - organisation profile - tennants.
Who can help me out
Like with many of Microsoft's services, the Client ID/ Client Key location is a bit vague and easier to explain with screenshots than words. But for anyone who may not understand the purpose, I'll leave a brief synopsis to explain the caveman drawings below.
The tenant ID in this scenario is the ID of your Azure AD tenant. No big surprises here. You can grab this (assuming an Azure AD organization is already linked to your Microsoft Partner Center account) from the MPC dashboard under Home > Account Settings > Organization profile > Tenants.
The client ID & client key are slightly harder to locate. This is because MPC recognizes three types of entities within the user hierarchy.
Users
Groups
Azure AD applications
To take advantage of the current automated publishing pipeline for the Microsoft Store, you must create or manage the Azure AD application associated with your project, which can be done under Home > Account settings > User management > Azure AD applications.
If you are familiar with GCP or Google API integration, the Azure AD app is the equivalent of a service account. A given Azure AD application can be assigned any permission within the scope of your project or even your organization based on the scenario. In my experience, the Manager role has always been sufficient.
Click an existing app to manage or create a new one from scratch; either way, you will soon reach the Client ID / Client Key panel, where you can add, view (one time only), and delete keys for your application. The values generated here can be utilized in the Microsoft Store submission workflow seen in the OP's screenshot above. Happy publishing!
References: Add users, groups, and Azure AD applications to your Partner Center account
Do you have Azure AD linked to your account?
If so, those keys should be available here:
https://partner.microsoft.com/en-us/dashboard/account/v3/usermanagement#users
If not, it can be configured here:
https://partner.microsoft.com/en-us/dashboard/account/TenantSetup
leading to:
https://partner.microsoft.com/en-us/dashboard/Account/CreateTenant
I am trying to work out an application using
Dotnet Core 1.0
MySQL as the data store
Authetication and Authorization
Entity Framework
Ubuntu 16 machine
I have succeeded in creating a sample API to fetch data from MySQL database using entity framework. Now I want to introduce Authentication using email as username and Password.
I tried several method from different blogs but unable to achieve this.
What I am trying to achieve is Custom Authentication for the api where user will send username and password to login Api. The login Api will return an access token and refresh token. Using this access token, the user can call other APIs.
Later on I want to add Google and Facebook Authentication too.
Is there a way to do this?
Everything you want to achieve is possible. However there are some caveats.
Yes you can do this. You will need to use the resource owner grant which is turned off in identityserver 4 by default. I suspect the reason for this is because passing user credentials into an application is an anti-pattern, it is there to typically support legacy systems, also it does not authenticate users in the explicit sense because the credentials could come from an un-trusted source (as an example). You can read up about the grant's generic value here. You can find samples here.
The safer pattern is to use something like Implicit Flow which is good practice if you cannot guarantee trust between clients and your API.
As for social logins this is possible. There are tonnes of samples online but here are the official docs.
There is a project on github, https://github.com/diogodamiani/IdentityServer4.MongoDB and a corresponding nuget package that will send you in the right direction. It's obviously MongoDb, but the same premise applies.
Am developing a Windows Store 8.1 app using C# and xaml.
I am doing Single sign on using Azure Active Directory Account login.
I do not want users to be redirected to the Microsoft Account login screen, and then come back. I want to supply them with the login credential screen where we capture their username and password, and then we want to programatically do the authentication against Azure AD, and get back the claims identity.
How can i achieve this?
This is not a supported scenario for security concerns. One of the value propositions for AAD is that the password management, across the whole login lifecycle, is managed and secure. This is particularly important for scenarios in which AAD is securing a 3rd-party SaaS solution. A developer should not be able to have access to a user's credentials at any point.
All that said, it sounds like there is another question here which is answerable: How can I customize the login screen that AAD gives me?
AAD Premium does offer features for adding custom branding to your tenant. However, you still will be working with a screen that is provided for you.
Can anybody explain the detailed step by step procedure for form authentication in sql reporting services 2008 r2 .I am new to ssrs ,I need details about how to configure in rsreportserver,web.config files and how to write coding for authentication for ssrs .Is there any special procedure for ssrs forms authentication and how to verify in C# code and where to redirect ?
See these links for some examples & other information from Microsoft:
http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/cc281383.aspx
http://msftrsprodsamples.codeplex.com/wikipage?title=SS2008R2%21Security%20Extension%20Sample
http://www.codeproject.com/Articles/675943/SSRS-Forms-Authentication
The high level summary is:
Create custom authentication process (login form, credential source, backend code to wire it all together)
Extend LogonUser() method of SSRS webservice
Modify configs to expect forms auth, and allow your custom code to run within the app pool
I've done this a few times now, and honestly, it's easier than it sounds.
I am developing windows phone-8 app In this I need to register e-mail and password and after I have to login with registered user-name and password.I am using HttpWebRequest Class but don't know how it is possible please share with me any info or link regarding that.
You don't even need a separate web server running an auth service. Instead, you could use Windows Azure Mobile Services. There are several reasons for that, the main being the fact that you can easily manage outgoing data (register users) and check for existing data (authenticating users).
You can use the Azure Mobile Services client if you need an abstracted out data access layer.