Introduction This post is to review why a user may receive the error AADSTS50058 in a Javascript setting. The full error that is shown is : AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user’s session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the…
Read MoreHow to Use the .Net Microsoft Graph SDK to Get Users and Get Next Page of Results
Introduction This post will explain how to use the .Net Microsoft Graph SDK in order to get users. This article is assuming that you have already gotten an Access Token using ADAL .NET. In order to learn more on how to get the Adal .NET token, please reference : How to Use the ADAL .NET library to Acquire a Token Interactively in a Console Application (Authorization Code Flow) Link Warning…
Read MoreUnable to Delete Azure Active Directory Application Registration
Introduction This post is meant to go over the issue when the Azure Active Directory Application Registration delete button is grayed out. This issue could occur for a few reasons, and this document will go over the current known issues with Azure Active Directory Portal issues. This post will mainly go over the issues detailed in the v1.0 endpoint (portal.azure.com). Context Some users will find that they…
Read MoreHow to Create and Add Keys to Enterprise Applications for Expired Keys
Introduction This article is broken up into a couple of different sections based on what you are trying to do. Trying to modify the service principals credentials typically is meant for accessing an application that is multi-tenanted and the client secret has expired and they need a fix to resolve a wide outage due to an expired client secret. This typically has to do with a key expiring, many people…
Read MoreFinding the Correct Permissions for a Microsoft or Azure Active Directory Graph Call
Introduction This post is to help define how one can find out which permissions are needed for a specific Graph API call. Assuming you want to have granular control over each AAD Application Registration, having the exact permissions required to do exactly what you need helps to secure your environment from users abusing permissions that you may have granted in excess. Whenever someone wants to utilize the Microsoft or AAD…
Read MoreReceiving CORS Redirection Error when Signing into App Service using Azure AD
Introduction This post is to help explain what is occurring when the CORS redirection error occurs when trying to navigate back to the login page after logging in. This doesn’t occur when the user is using a private browsing method/mode. The error that is typically received is error : “Failed to load https://login.windows.net/{GUID} (index):{GUID}/oauth2/autho…{GUID}&state=redir%3D%252F.auth%252Fme%253Fv%253D1518029528427: Redirect from ‘https://login.windows.net/…{GUID}&oauth2/autho…{GUID}&state=redir%3D%252F.auth%252Fme%253Fv%253D1518029528427′ to ‘https://login.microsoftonline.com/{GUID}/oaut…{GUID}&state=redir%3D%252F.auth%252Fme%253Fv%253D158029528427′ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present…
Read MoreReceiving AADSTS90094: The grant requires admin permission.
Introduction This post is to help provide guidance when receiving the error : AADSTS90094: The grant requires admin permission. Typically this error is received when trying to get access to an AAD application registration. Please note that there are two different Microsoft application portals: https://portal.azure.com (v1 application portal) and the https://myapps.microsoft.com (v2 application portal). For details on the different application models, please visit the following link: What’s different about the…
Read MoreHow to Get to the Keys/Secrets From Azure Active Directory
Introduction This article has been written to help find where the keys/secrets are in the Azure portal depending on how you have set up your application. It will also provide some help in regards to extending/changing the Client Secret for an Enterprise Application in a Multi-Tenanted Scenario. Custom AAD Registration Keys/Secrets In order to access the keys for an AAD application registration, you can follow the steps highlighted…
Read MoreImplementing Service to Service Authorization and Getting the Access Token with Postman Utilizing Client Credential Grant Type
Introduction This article is meant to show how one can set up a client application to obtain a service to service access token, to get access to a web API from a web App. This document will be following the grant type client credential flow to do this, and will utilize Postman to get the access token via client credentials. This tutorial will not set up the backend web API,…
Read MoreConfiguring an App Service to get an Access Token for AAD Graph API
Introduction This post should show how to create an app service, configure authentication for the service, and then configure the authentication to get permissions to the AAD Graph API on behalf of the logged-in user. This post is an extension of the Azure App Service Token Store, the link to that can be found here. This is the entire setup scenario from scratch, starting with creating the web app, and…
Read More