NetLog: Alternative to Fiddler and HAR captures

Have you run across where you can’t get a standard Fiddler capture, and furthermore, HAR captures from developer tools is truncating the information you need to see? I ran across the NetLog tool built into Chromium based browsers. So, this will work in the new Microsoft Edge, Chrome, and Electron. Here are couple known limitations before we get started… POST request bodies are not captured. Sites running in compatibility mode…

Read More

AADSTS50000: There was an error issuing a token or an issue with our sign-in service

This error can occur during Azure AD authentication process or during any token acquisition flow using the token endpoint. There are multiple causes for this error to happen. Below are a few scenarios that can lead to the error . Root Cause 1: the user password is either expired, invalid, or out of sync This can happen more predominantly in a hybrid environment. The authenticated federated account’s password may be…

Read More

Using MSAL.js v2 in a SPA App to call a web API protected by Azure App Service’s Easy Auth with Azure AD

There are a couple of ways to call an Easy Auth enabled web API. You can either call the web API with: an Easy Auth session cookie (via a previously authenticated browser session to the web API) or An Azure AD Bearer JWT token In this post I will show you how to use MSAL.JS v2 in a Single Page Application (SPA) to get an access token for the web…

Read More

Retry Invoke-RestMethod requests in PowerShell when an error occurs

In this blog post, I will show you how you can trap a specific type of error when making a graph request using the Invoke-RestMethod commandlet and pause and retry the request x number of times before quitting. This is very helpful and is actually recommended to do error handling when making requests to Microsoft Graph. The key here is to set the Url that you’re going to be calling…

Read More

Getting Azure Key Vault secret with Azure.Identity and Azure.Security.KeyVault

In my last post, I talked about using ADAL (now deprecated) with the KeyVaultClient class to get an access token using OAuth2 Client Credentials Grant flow and query Azure Key Vault with that access token. In this post, I’ll talk about using a couple of new classes in the Azure SDK for .NET library to accomplish the same goal. We will use Azure.Identity name space for our Azure AD token…

Read More

Some tips and tricks with Fiddler capture

Recently, I came across a couple of scenarios where I could not get Fiddler to capture SSL traffic easily. Below are the some tips and tricks that may help in these situations. Scenario 1: Capture Node.js web traffic in Fiddler In the same command window where you run npm start to start the node server, run the below set commands first to set the proxy info before running npm start.…

Read More

Using OpenID Connect OWIN middleware to validate an Azure AD JWT token signed with a symmetric key

Azure AD by default uses a certificate to sign an OAuth2 JWT token using an asymmetric algorithm (RS256). Alternatively a JWT token can be signed with a “shared” secret using a symmetric algorithm (HS256). Asymmetric signing algorithm is always more secure in preventing the token to be tampered with compared to a symmetric algorithm since the private key is always kept at the Identity Provider (IDP) and the token consumer…

Read More

How to use postman to perform a Client Credentials Grant flow with a certificate

This post will demonstrate a couple of things: How to create a signed jwt token (aka Client Assertion) using Powershell. How to use this generated Client Assertion in Postman to get an Access Token Using Client Credentials Grant Flow. To get an Access Token using Client-Credentials Flow, we can either use a Secret or a Certificate. This post will use a self-signed certificate to create the client assertion using both…

Read More

MSAL.Net in PowerShell – Use .pfx file for Client Credentials Flow

This post will show you how to authenticate for the client credentials flow in PowerShell with MSAL.Net using the .pfx file for the certificate authentication instead of loading the certificate from the certificate store. This post is in part based on this: Using PowerShell to Configure a signing certificate for a SAML-based SSO enterprise application Also, special thanks to my team members Bac Hoang and Will Fiddes for assisting with…

Read More