At one point in recent history, VB.Net was one of the most popular development languages around. In fact, there are many legacy applications written in VB.Net and even still, VB.Net is still in the top 10 languages ( source: https://www.techworm.net/2018/02/popular-programming-languages-2018-according-tiobe-pypl.html ). I will show a simple console application using VB.Net to authenticate using MSAL.Net Of course, the first step, as in everything Azure, starts with setting up an app registration…
Read MoreTroubleshooting ASP.NET Core Azure AD-protected Web API Authorization issues
There is plenty of content on the internet that shows you how to use ASP.NET Core Authentication pipeline to protect a Web API with Azure Active Directory. This is all working great except when your Web API returns a 401 Unauthorized error without providing much information. You can end up spending a lot of time, pulling your hair out trying to figure out what can go wrong even though you…
Read MoreWalkthrough: How to protect an ASP.NET Core Web API application with Azure AD
Pre-requisite: The ASP.NET Core Web API project in this tutorial uses Visual Studio 2017 with .Net Core runtime version 2.2 Application Registration: We will need to create an App Registration for the web API and an App Registration for the client app calling the web API in Azure Active Directory. Web API: From the Azure portal, navigate to the Azure Active Directory blade -> App registrations -> New registration to…
Read MoreAADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for ‘AAD Graph’ in the requested permissions in the client’s application registration.
Let’s get started… You are getting the following similar message… AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for ‘AAD Graph’ in the requested permissions in the client’s application registration. Or, The admin has not consented in the tenant. Or, Check the application identifier in the request to ensure it matches the configured client application identifier. Please contact your…
Read MoreWhy am I getting a Login Request after initial login using iOS MSAL?
Does your app keep asking you to login after initial login when implementing iOS MSAL? Did you implement this in your Android without any issues? Did you look over all your code a million times and your configurations look correct but still cannot figure out why this is happening? Well, you are in luck because we go over why this happens and how to fix it! SCENARIO Using MSAL SDK…
Read MoreHow to inject custom data into the ‘state’ parameter in an OpenID Connect MVC Application
It’s often desirable for an Azure Active Directory (Azure AD)- integrated application to maintain application state when sending request to Azure AD for login. The recommended way to achieve this is to use the ‘state’ parameter as defined in the OpenID Connect standards. Also mentioned in our documentation, the ‘state’ parameter is used for both preventing cross-site request forgery attacks and to maintain user’s state before authentication request occurs: For…
Read MoreSetup Postman to call Microsoft Graph using a Client Credentials Grant Access Token from the v2 endpoint
To use the V1 endpoint, please refer to this post. Our documentation for the client credentials grant type can be found here. You can setup postman to make a client_credentials grant flow to obtain an access token and make a graph call ( or any other call that supports application permissions ). This is very useful for testing code you plan to run as a script or in a Daemon…
Read MoreHow to set your MSAL.js app up to automatically sign-in if you already have a session signed in on another tab
Our MSAL.js sample is an excellent example for using MSAL in a javascript page. However, it only demonstrates logging in by clicking on a button. If you’re launching your app from myapps portal or are otherwise already logged into the portal with the browser, it would make sense to just use that session to perform your sign-in for your MSAL app without requiring the button click. This is actually easily…
Read MoreInfinite sign in loop between MVC application and Azure AD
In a previous post I talked about an infinite redirect loop issue between an MVC application and Azure AD when performing sign in. In this post, we will look at another scenario which can lead to the same type of problem. Background Applications running an old version of OWIN middleware can run into this issue because of a known Katana bug. Due to a cookie mismanagement issue in the old…
Read MoreHow to acquire bearer token non-interactively with a federated user
You are looking for a way to acquire an access token from Azure Active Directory without user interaction. We highly recommended to always use an interactive user sign-in experience as this is the most secured method. Especially when your organization has conditional access policies which require Multi-Factor Authentication. If at all possible, please use the methods for interactive sign-in. Here are some general guidance on how to non-interactively acquire a…
Read More