Microsoft Identity Platform

From MgmtWiki
Revision as of 09:04, 13 April 2021 by Tom (talk | contribs) (Registration)

Jump to: navigation, search

Full Title

Microsoft Identity Platform allows sign in with a Microsoft personal or work account.

AKA Microsoft Graph in early 2021 as a replacement for Azure AD Graph.

Context

Problems

  • The package Microsoft.Identity.Web requires that a new trusted signer key is added to nuget.config (2020-10-06). The following command fixed this.
nuget.exe trusted-signers Add -Name Microsoft2021 -CertificateFingerprint AA12DA22A49BCE7D5C1AE64CC1F3D892F150DA76140F210ABD2CBFFCA2C18A27 -FingerprintAlgorithm SHA256

Install and Run

Run the following command in PowerShell to open port 5000 of board:

 netsh advfirewall firewall add rule name=”ASP.NET Core Web Server port” dir=in action=allow protocol=TCP localport=5000

Troubleshooting

We're unable to complete your request

unauthorized_client: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.

User Application Development

  • Since this platform is based on OpenID Connect (OIDC) user applications are considered to be clients ins the sense described in OAuth 2.0.
  • Apps first call PublicClientApp = PublicClientApplicationsBUilder.Create(ClientID).{other options}.Build().
  • call PublicClientApp,GetAccountsAsync() and pick one of the proffered accounts.

Registration

  • The Microsoft Graph API offers a single endpoint, https://graph.microsoft.com, to provide access to rich, people-centric data and insights in the Microsoft cloud, including Microsoft 365, Windows 10, and Enterprise Mobility + Security.
  • Configure how end-users consent to applications The guidance "reduce the risk of malicious applications attempting to trick users into granting them access to your organization's data, by allowing user consent only for applications that have been published by a verified publisher." was not followed during development and needs to be enabled.
  • Admin consent workflow allows the user to ask an admin to approve an app.

References