Questions tagged [azure-active-directory]
Microsoft Azure Active Directory (Microsoft Azure AD) now known as Microsoft Entra ID is a modern developer platform and IAM service that provides identity management and access control capabilities for your cloud applications. It uses industry standard protocols like OAuth2.0, OpenId Connect, and SAML2.0.
azure-active-directory
18,335
questions
225
votes
28
answers
299k
views
How to get the azure account tenant Id?
My question is: Is it possible to get the azure active directory tenant id without using powershell command?
I found this two blogs and with this help, I'm already able to get the tenant ID and ...
- 2,515
189
votes
3
answers
248k
views
What format is the exp (Expiration Time) claim in a JWT
I am using ADAL library to get access token for a resource. Does anyone know what format is the expiration time in ? more specifically
"exp" (Expiration time) claim.
JwtSecurityToken class ...
- 6,412
171
votes
7
answers
114k
views
Difference between "enterprise application" and "app registration" in Azure
Could someone please tell me what the difference is between "enterprise application" and "app registration" in Azure.
Appreciate if you could give me an example & why some application cannot be ...
- 1,998
137
votes
8
answers
173k
views
What is the difference between an Azure tenant and Azure subscription?
I am struggling to distinguish how an Azure Subscription and an Azure tenant are different? I have tried figuring it out using examples but each time I come to the conclusion that they are the same ...
- 1,371
112
votes
8
answers
111k
views
AADSTS70005: response_type 'id_token' is not enabled for the application
AADSTS70005: response_type 'id_token' is not enabled for the
application
I am getting above error even after setting "oauth2AllowImplicitFlow": true, in manifest.
- 1,139
98
votes
9
answers
163k
views
Azure Blob Storage "Authorization Permission Mismatch" error for get request with AD token
I am building an Angular 6 application that will be able to make CRUD operation on Azure Blob Storage. I'm however using postman to test requests before implementing them inside the app and copy-...
- 9,217
94
votes
7
answers
87k
views
Difference between Service Principal and Managed Identities in Azure
I would like to know if it is always recommended to use Managed Identities in Azure , mostly system assigned or a Service Principal?
When should Service Principals be used in Azure compared to a ...
- 2,149
85
votes
8
answers
107k
views
"Use a tenant-specific endpoint or configure the application to be multi-tenant" when signing into my Azure website
I'm getting this error after I sign into my Azure website:
AADSTS50194: Application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx' is not configured as a multi-tenant application. Usage of the /common ...
- 7,864
76
votes
2
answers
47k
views
Azure AD App Application Permissions vs Delegated Permissions
I am creating an Azure AD app and noticed there are two permissions types, Application Permissions and Delegated Permissions. What is the difference between the two and under what scenario should I ...
- 863
73
votes
4
answers
106k
views
AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
I created a spa application owned by my organization only, but there was a problem when I requested code. How can I resolve it?
- 769
66
votes
21
answers
111k
views
Correlation failed in net.core / asp.net identity / openid connect
I getting this error when a Azure AD user login (I able to get the user´s claims after), im using a combination of OpenIdConnect, with asp.net Identity core over net.core 2.0
An unhandled exception ...
- 1,089
61
votes
5
answers
44k
views
TokenValidationParameters no longer working after upgrade to 5.0.0
I have the following code which was working when I was using
System.IdentityModel.Tokens.Jwt, Version=4.0.20622.1351
private static void ConfigureAzureAD(IAppBuilder appBuilder)
{
appBuilder....
- 5,236
59
votes
13
answers
150k
views
Graph API - Insufficient privileges to complete the operation
When trying to access the Graph Service Client using I am receiving the error:
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
After researching this ...
- 905
53
votes
2
answers
35k
views
Azure AD vs Azure AD B2C vs Azure AD B2B
Before Azure AD B2C and Azure AD B2B come into the picture, usualy I added my applications to Azure AD of our tenancy and office 365 users could access the applications using their account (SSO).
I ...
- 3,406
52
votes
1
answer
14k
views
Are Azure Subscription ID, AAD Tenant ID, and AAD App Client ID considered secret/PII?
I would like to log the following in my telemetry for diagnostic and usage purposes:
Azure Subscription ID
AAD Tenant ID
AAD App Client ID
Should I treat them as secrets/PII and hash/encrypt them?
(...
- 37.7k
51
votes
11
answers
95k
views
BrowserAuthError: interaction_in_progress: Interaction is currently in progress with azure/[email protected]
I has this error when trying to loginRedirect in React app using @azure/[email protected] and @azure/[email protected]. The login data returns correctly but the exception is raised in the ...
- 4,706
51
votes
6
answers
20k
views
EF Core Connection to Azure SQL with Managed Identity
I am using EF Core to connect to a Azure SQL Database deployed to Azure App Services. I am using an access token (obtained via the Managed Identities) to connect to Azure SQL database.
Here is how I ...
- 1,013
48
votes
4
answers
144k
views
How to validate Azure AD security token?
The following code gives me Azure AD security token, I need to validate that token is valid or not. How to achieve this?
// Get OAuth token using client credentials
string tenantName = "mytest....
- 16k
46
votes
3
answers
37k
views
Access Token Issuer from Azure AD is sts.windows.net Instead Of login.microsoftonline.com
I'm trying to validate an access token obtained from azure active directory.
I obtained the token from https://login.microsoftonline.com/{{my tenant guid}}/v2.0
The issuer in the token that comes back ...
- 3,257
43
votes
3
answers
79k
views
How do I resolve the error AADSTS7000218: The request body must contain the following parameter: 'client_secret' or 'client_assertion'
This is how I have written code and trying to get the output.
The request body must contain the following parameter: client_secret or client_assertion
static async Task<AuthenticationResult&...
- 541
42
votes
13
answers
101k
views
Bearer error - invalid_token - The signature key was not found
I have an Angular 7 application interfacing with a .Net Core 2.2 API back-end. This is interfacing with Azure Active Directory.
On the Angular 7 side, it is authenticating properly with AAD and I am ...
- 5,766
40
votes
7
answers
93k
views
"Remote machine is AAD" but "The logon attempt failed"
I setup Remote Desktop Connection and the computer says: AzureAD\username already has access:
Very good, let's try to connect using AzureAD\username:
Unfortunately it says:
Your credential did not ...
- 11.3k
40
votes
1
answer
26k
views
How to set multiple audiences in Asp.Net Core 2.0 "AddJwtBearer" middleware?
I have an Asp.Net Core 2.0 WebApi which is authenticating against AAD:
services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
...
- 5,350
40
votes
10
answers
133k
views
AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '<AppId>'
I have a .NET Core 2 app template that is configured to use Azure AD out of the box.
The configuration is:
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "...
- 2,964
38
votes
8
answers
33k
views
Azure Application not registered with AAD
Getting below error while logging to container registry
Command:
docker login <MY_REGISTRY_NAME>.azurecr.io
Error Message:
Error response from daemon: Get https://<MY_REGISTRY_NAME>....
- 512
37
votes
4
answers
87k
views
IDX10501: Signature validation failed. Unable to match keys
Please help me to understand the difference between JWT token validation from the ASP netcore application and the netcore Kestrel hosted application.
There are two applications that verifies token ...
- 3,937
37
votes
7
answers
31k
views
Azure Portal: Bad Request - Request Too Long
I just received the following error when I tried to run a built-in b2c edit policy from portal.azure.com. I have 2 tabs of the portal open. Why am I receiving this error?
Bad Request - Request ...
- 15.6k
36
votes
1
answer
15k
views
What's the difference between Azure AD B2C tenant and normal Azure AD tenant?
I've seen so many people are very confused about what we can do in Azure AD B2C tenant and the difference between a B2C tenant and normal Azure AD tenant. The main questions are:
What's the ...
- 9,284
36
votes
4
answers
13k
views
Why is "Application permissions" disabled in Azure AD's "Request API permissions"?
I'm trying to give a console app permission to call an API in Azure AD.
When I go to "Add permissions," "application permissions" is grayed out and I can only select "delegated permissions."
My ...
- 4,569
35
votes
3
answers
37k
views
Identityserver 4 and Azure AD
I'm looking into using Identity Server 4 for authentication within a C# based MVC application. I'd like to use accounts stored in Azure AD as a source of valid users but the documentation only seems ...
- 573
34
votes
8
answers
57k
views
Getting access tokens from Postman: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests
We recently made a switch from Implicit Grant Flow to Authorization Code Flow with PKCE for our application, and now we're having some trouble getting access tokens from Azure AD from Postman. The app ...
- 2,502
34
votes
5
answers
58k
views
Azure active directory - Allowed token audiences
I am trying find documentation on "ALLOWED TOKEN AUDIENCES" in Azure,
but there does not appear to be any. The value that I have placed in there
was the resourceid that was returned with the token.
...
- 2,587
34
votes
2
answers
8k
views
Getting Azure Active Directory groups in asp.net core project
I created a new project using Visual Studio 2015 and enabled authentication using work and school accounts against Azure Active Directory.
Here is what the generated configure function looks like:
...
- 5,516
31
votes
5
answers
111k
views
AADSTS700016: Application with identifier 'some_id' was not found in the directory 'some_another_id'
I need a federated authentication with custom policy (when user authenticated I need him to appear marked as Federated in b2c users, not Others or something else what I could achieve with single ...
- 311
31
votes
3
answers
25k
views
Azure Active Directory as Domain Controller for Azure Virtual Machines
Azure Active Directory is "as a service" offering from Azure. I have seen documentations and content from Microsoft stating that can be used for SSO and other Web application for unified auth.
Will ...
- 16.3k
31
votes
12
answers
111k
views
IDX20803: Unable to obtain configuration from
I know this question has been answered, but I don't understand what people exactly do (about certificates, ssl) and they all use a localhost but not me.
I used this sample as my example OpenIdConnect
...
- 823
31
votes
8
answers
40k
views
Azure App registration Client secrets expiration
Has Microsoft changed the expiration date for Client secrets to be max 2 years? It is not possible to select "Never" anymore?
- 1,679
30
votes
6
answers
22k
views
What are the differences between Service Principal and App Registration?
I understand that App Registration represents an app that might have UI for users to login.
I understand that a Service Principal is for applications like scheduled batch processing applications.
But ...
- 8,812
30
votes
4
answers
23k
views
How to add application to Azure AD programmatically?
I want to automate the creation of my application in Azure AD and get back the client id generated by Azure AD.
Are there PowerShell commandlets to do this? Is there some other means, like an API of ...
- 355
30
votes
1
answer
14k
views
What is the exact difference between native app and web app in Azure Active Directory
When we register an application in the Azure Active Directory for using graph api, I see there are two types of application Web application and Native application.
While creating web application ...
- 1,928
30
votes
4
answers
50k
views
Failed to create an app in Azure Active Directory. Error: Insufficient privileges to complete the operation
I am trying to setup Azure DevOps 'Release' Pipeline, when I am trying to add Azure Resource Manager service Connection, I am getting error like 'Failed to create an app in Azure Active Directory. ...
- 1,093
30
votes
1
answer
4k
views
Standalone PWA breaks login
We have a PWA written in Angular for which we use AzureAD (using ng-adal) for the login.
When we log in, a series of redirects are being made until we get back to our app (with the auth ticket). If ...
- 7,176
30
votes
2
answers
12k
views
NameIdentifier vs ObjectIdentifier
I have a multitenant ASP.NET application using OpenIdConnect and Azure AD as an Identity provider for Office 365. When the user is authenticated I receive my claims in ClaimsPrincipal.Current.
I ...
- 4,465
29
votes
1
answer
46k
views
Azure: Service Principal ID vs Application ID
According to this documentation: Application and Service principal are clearly two different things. Application is the global identity and Service principal
is per Tenant/AAD
But This Documentation ...
- 2,934
28
votes
7
answers
65k
views
Get all user properties from Microsoft graph
We have an application which has used a local AD to fetch user info. Some customers want to move to the cloud and are using Azure AD. We extended the app to sign users in via owin and now we're ...
- 389
28
votes
6
answers
33k
views
How to get current user identity in Azure Function with Azure Authentication?
I have created a new Function App, enabled App Service Authentication / Authorization for it ("Use Authentication / Authorization to protect your application and work with per-user data") and disabled ...
- 9,892
27
votes
3
answers
27k
views
Keyword not supported: 'authentication' error for azure integrated connection
Getting Keyword not supported: 'authentication' error while trying to connect an azure DB through 'Active Directory Integrated' option in .NET core 2.1 project.
Note: I am using EF core to connect ...
- 469
27
votes
7
answers
46k
views
Get the user's email address from Azure AD via OpenID Connect
I'm trying to authenticate users to my site with their Office 365 accounts, so I have been following the guidance on using the OWIN OpenID Connect middleware to add authentication and successfully ...
- 39.7k
26
votes
3
answers
57k
views
Using authProvider with MS SDK for graph calls in C#
I'm trying create a C# console application to connect to graph API and get a list of users from AzureAD from a tenant. I have registered the app and the admin has given me the following
Tenant Name ...
- 505
26
votes
1
answer
50k
views
Where Do I Find The Issuer URL In Azure Active Directory?
I am trying to add Active Directory Authentication to my Azure App Service.
The AD I am using is in a different tenant to the App Service so I need to use Advanced Settings instead of Express (where ...
- 7,936