I would like to see an example of the set of messages that I need to authenticate the rest Api Azure , ie the get and post specified in this list but examples. The web page is
https://msdn.microsoft.com/en-us/library/partnercenter/dn974935.aspx
https://azure.microsoft.com/es-es/documentation/articles/resource-manager-api-authentication/
There are two blogs which shows how to authenticate the REST API with ARM via get the access token and use the token to authorize a REST call.
For C#, please see How to call the Azure Resource Manager REST API from C#.
For Java, please see Authenticating Azure Resource Management REST API requests using Java.
Meanwhile, you can refer to Azure samples about Azure AD via access https://github.com/Azure-Samples?utf8=%E2%9C%93&query=active-directory.
Hope it helps. Any concern, please feel free to let me know.
Related
I have a IoT Hub and Device Update Service configured.
Now my requirement is to upload the files from Blob container to IoT Hub Updates. This I need to do with REST API. I had the below API.
POST https://XXXXXXXXXX.api.adu.microsoft.com/deviceupdate/XXXXXXXXX/v2/updates?action=import
But, I don't understand on how to authenticate this POST request.
I see some documentation that we need to use TENANT ID and CLIENT ID for authentication. But I dont have anything in my hand right now. How to get this ?
So, Kindly provide me the best solution to use this API and Authenticate it.
In order to use this API you will need to authenticate as mentioned in the Security Section here: https://learn.microsoft.com/en-us/rest/api/deviceupdate/2020-09-01/updates/import-update
azure_auth_implicit, azure_auth_code , azure_auth_application or azure_auth_password
Read how to Register your client application with Azure AD here.
Most Azure services (such as Azure Resource Manager providers and the classic deployment model) require your client code to authenticate with valid credentials before you can call the service's API. Authentication is coordinated between the various actors by Azure AD, and provides your client with an access token as proof of the authentication.
we have a website which is accessible after azure AD authentication with Open ID connect.
So now the requirement is, we need to develop a .net core web api and need to access this web api from above website.
Need some guidance on developing this web api and how can we access this web api from website securely. Can we use the token method or the JWT or any other way instead of secret key and api key.
Please share any useful link if possible.
Much Thanks
Anuraj
For dotnet core web API project sample you can see here which build on using openID connect.
Once you have build API you need to register it on azure portal. Beside you have assign permission on your application which you are looking forward to access from out side.
Here you can have a look on how to register app on azure portal
After successful registration make sure you have allowed API permission you need like below screen shot:
Here is same thread for API permission guide line you can have a look on.
This is also helpful for you to test it on postman example.
IF you have any complexities regarding implementation let me know. Thanks
You can rely on Microsoft documentation to understand how to properly create a .NET Core Web API with MVC.
Also yes you can use token or JWT or OAuth2 or any authentication method. Here's an useful link: https://auth0.com/blog/securing-asp-dot-net-core-2-applications-with-jwts/
You can then try to code something and eventually ask a more specific problem about coding here in SO.
I created api from WSO2 appfactory preview api publisher. But when I call it from REST client it says the service doesn't exists where in yahoo weather api in the same api store gives OAuth error (which is expected without a token). The backend service runs nicely.
"404Status reportNot FoundThe requested resource (/usdToLkr/0.0.2) is not available."
My API is given here
http://apimanager.appfactorypreview.wso2.com:8280/usdToLkr/0.0.2
What I am doing wrong?
Is it blocked in appfactory preview?
First of all, if you create an API, you have to publish it by publisher.
Then you have to login from WSO2 Appfactory preview and via resources page, you should click on subscribe to API and login to API store via that.
Then you have to first subscribe to the particular API via your created application.
Then the consumer and application keys should be generated manually or automataically once you click on the Renew API keys or API button.
Then if you have provided a working production/sandbox URL during the API creation, it should work.
If you try out with the REST client, you should provide required header values. You get an OAUTH error because you havent provided the token.
A working API invocation sample for App factory preview can be seen from this documentation.
Using REST client to test an API can be seen from this documentation.
Are you looking for an online API management / gateway solution? If so, you should use WSO2 API Cloud instead.
Also, see the tutorials covering the scenarios you mentioned here.
Referring to the document https://developers.google.com/accounts/docs/OAuth2ServiceAccount, was able to obtain an access-token.The above mentioned document doesn't provide any details regarding the API's that can be accessed using Service Account.Can anyone list the API's which can be accessed using access-token obtained from Google service account?
Unfortunately, we don't have an exhaustive list of the support in this area. In general, you should be able to access a Google API if that API does not require the user to do something in a web interface to configure their account before doing API access. Service Accounts can't log in. So if the service needs some interactive input from a user on a Google wesite, often their APIs will not work with Service Accounts. Hope this helps.
I am building a social website that will expose REST API (WCF WebAPI) to the world so any developer would be able to create a client application for the website, integrate it with other services, etc.
I would like to implement Facebook/Twitter-style access control mechanism for the API. So that developers will register their apps on the developer section on the site, create a key and use that app key in OAuth workflow to get access to the API.
Since I use Azure in this project, I consider leveraging Azure ACS to facilitate OAuth processes. However, I am unable to find any code sample or manual for app authorization with ACS.
Can someone share such example or at least give me a direction for my own research? If I can achieve Facebook/Twitter behavior with another OAuth library (e.g. DotNetOpenAuth), that would be cool, too.
Thank you in advance.
ACS is a good choice for this sort of thing. Your scenario is pretty much OAuth Delegation, which ACS supports.
You should look into ACS with OAuth 2 Delegation sample in:
https://connect.microsoft.com/site1168/Downloads (It is called Wif Oauth CTP version)
Note that in this sample custom authentication is used for autheticating the user. Since ACS provides Single Sign On with Idps, you can instead use ACS here (e.g with Facebook).
If you go this path, you can find more information on how to use a custom home realm discovery page in the following sample:
http://msdn.microsoft.com/en-us/library/hh127794.aspx
Finally, you will neeed to have a web page where your client apps will manage their settings. For this you will be required to use ACS management service. You can find detailed information on using ACS management service in:
http://msdn.microsoft.com/en-us/library/gg185970.aspx