Asked
Active
Viewed 167 times
1
I have a web app wrapper for my PowerApps app (I have embedded it as an iframe on the home page of my ASP.NET Core app). I also have the credentials of the Azure organization that developed this application and has access to it. So, for the first time, my built-in app asks for an email and password to sign in to a Microsoft account. And only after a successful login, I can work with it directly.
But that's not what I want.
I expect to be able to work with the application when I load this page.
So, is there a way to use the app directly without signing in to a Microsoft account?
I got the idea to make a request to the Azure AD API and get a bearer token or cookie from there, and then save it to the client, supposedly filling out a login form and clicking the login button, but "quietly". To be honest, I don't know how I can do this. I've spent hours researching this problem, but haven't found a suitable solution.
Could you help me?
Thank you in advance!
Nikolay Chugunov
- 13
- 4
-
Has your problem been solved? Is there any progress? – Jason Pan Jan 13 '21 at 02:42
-
@JasonPan, Thanks for your help! I've made some investigations of this problem and got deep into this theme. So, I've found an example https://github.com/azure-samples/active-directory-dotnetcore-console-up-v2, and been trying to start it and make a successful login. But now, I have some troubles with my Azure App settings. Application registration is required to provide clientId... – Nikolay Chugunov Jan 13 '21 at 02:50
-
@JasonPan, as a current temporary result, I have this: MsalUiRequiredException: AADSTS65001: The user or administrator has not consented to use the application. Now, I trying to resolve this trouble. – Nikolay Chugunov Jan 13 '21 at 02:53
-
[Register an application with the Microsoft identity platform](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) – Jason Pan Jan 13 '21 at 02:54
-
https://stackoverflow.com/questions/62957977/microsoft-graph-api-ropc-aadsts65001 – Jason Pan Jan 13 '21 at 02:55
-
@JasonPan, so, I have this interesting comment: // remember that Username/password is for public client applications that is desktop/mobile applications. // If you are using .NET core or don't want to call AcquireTokenAsync, you might want to: // - use device code flow (See https://aka.ms/msal-net-device-code-flow) – Nikolay Chugunov Jan 13 '21 at 02:56
-
Carl's answer is correct, hope it useful to you, If you no permission to do that, pls contact your admin. – Jason Pan Jan 13 '21 at 02:57
-
That comment is not a way to log in silently. It means that after logging in on the device, you can read and log in directly from the device when you log in again. However, if there are multiple accounts, there will still be a pop-up window to select an account and log in. Our portal site is like this. – Jason Pan Jan 13 '21 at 03:06
-
@JasonPan, so, I've got a successful response with token. But, to be honest, I dunno how to return it back to the client and save properly. I researched Local Storage and there are too many information about auth... – Nikolay Chugunov Jan 14 '21 at 17:58
-
@JasonPan, so, I think I cannot use ropc with embedded canvas app. I signed into a web app using AAD, but my embedded app still require an authentication. I use it as iframe, so, i think that my local tokens/cookies won't affect embedded in iframe auth...:( – Nikolay Chugunov Jan 15 '21 at 00:35
-
In your canvas app, you should let it support send http request when open it. When you open your iframe, you can pass in your email and password. – Jason Pan Jan 15 '21 at 01:28
-
@JasonPan, do you mean that i should make authentication request, when PowerApp is loaded? If yes, I think, you're right. And I have same thoughts. Because, I have no more ideas, how to tell – Nikolay Chugunov Jan 15 '21 at 02:13
-
Yes, it should be verified when PowerApp is initially loaded. – Jason Pan Jan 15 '21 at 02:15
1 Answers
0
Use ROPC flow, you just need to send a http request, then get the response.
There will be no pop-ups requiring you to log in.
Tips:
Http Request
Http Response
Related Posts:
Is there a way to improve the performance of MSAL-browser js login?
Jason Pan
- 15,263
- 1
- 14
- 29