The New Azure Converged Auth Model and Office 365 APIs

Microsoft is currently working on a new authentication and authorization model that is simply referred to as “v2” in the docs that they have available right now. I decided to spend some time taking a look around this model and in the process have been writing up some tips and other useful information and code…

0

Getting an Azure Access Token for a Web Application Entirely in Code

I generally find using Azure Active Directory for securing my resources to be a joyous thing, but the simplicity of use is pretty much vastly overstated by the marketing folks at Microsoft. I’ve used it quite a bit and yet still find myself simultaneously in seemingly uncharted and undocumented waters. As is unfortunately a little…

0

Do You Need An Account In Azure Active Directory if Using ADFS?

Today’s topic is a little spin on a question that seems to be coming up more frequently, specifically when folks are using a combination of Azure Active Directory and ADFS. That question is, if I’m using ADFS do I really need to have an account in an Azure Active Directory (AAD) tenant? Well, of course,…

0

How to Fix the OpenId Access Denied When User Won’t Grant Rights at Login

Okay, so the title may not be the clearest thing ever here today, but it’s tough to do in just a few words, so let me explain the scenario a little more fully.  Suppose you create an ASP.NET application and you configure it to be secured by Azure Active Directory.  When you do that you…

0

Using Roles in Azure Applications

I was spending some time today (finally) looking at how to get what I really consider the baseline functionality of claims – apps, users and roles – all working together with one of my Azure AD apps.  Azure has been pushing out pieces of an RBAC-based infrastructure for a few months now, and I wanted…

0

How To Delete An App You Consented to in Azure AD

In many ways this is a companion piece to the post I just published on solving an issue with multi-tenant applications in Azure AD:  "The Account Needs to be Added as an External User in the Tenant with Azure AD Apps".  This is actually a question I see come up fairly frequently, and one that…

0

The Account Needs to be Added as an External User in the Tenant with Azure AD Apps

This is an error I see pop up in various discussions forums every now and then and tracking it down can be somewhat difficult.  I had this happen recently in a scenario that I think probably is or will be one of the more common scenarios so I figured I'd write it up here.  In…

0

Desktop SharePoint Apps for SAML Secured SharePoint Sites

Continuing on with the theme of SAML secured SharePoint sites and SharePoint Apps, this next posting looks at another common application model, which is using what I call a desktop app to connect to SharePoint.  By “desktop”, I mean an app that doesn’t have an HttpContext, like a console application or winforms app.  It could…

3

Developing Low Trust Provider Hosted Apps with SAML Authentication in SharePoint 2013

Low trust provider hosted apps in a SAML secured SharePoint web application is a scenario that did not work when SharePoint 2013 was released.  Things have changed fortunately, so here's a quick run down on what you need to do in order to build these apps on premises.  The first thing you need to do…

3

An Updated ClaimsTokenHelper for SharePoint 2013 High Trust Apps and SAML

When Visual Studio 2013 came out, it introduced a new class and simplified methods for obtaining a ClientContext to use with the Client Side Object Model (CSOM) to access SharePoint 2013 sites.  A new SharePointContext class was added to simplify the programming model, but internally it still called the TokenHelper class that originally shipped with…

8