We are using Asp.Net WEBAPI 2.2 with OWIN middleware for authentication. We try to integrate Azure Notification Hub for our platform. However, we could not find a best way for registrating our Android client to Azure Notification Hub through our WEBAPI backend.
Should we call another registration method after Token endpoint returns access token?,
What should we do with the registration id that notification hub returns?,
Instead of generating registration id, couldn't we use userid for our authenticated push notifications?,
and finally, is there any tutorial tells explicitly how can we authenticated push notifications from WEBAPI to Android, because official tutorials are not enough
After you get the GCM RegistrationId/Token/Handle, you need to register at your Azure Notification Hub with it and you will get an Azure Notification Hub RegistrationId that is different from the GCM RegistrationId.
Your app needs to store that ANH RegistrationId to update its registration on each app start, your backend doesn't necessarily need the ID.
You can add the User ID as a tag to the registration to identify the registrations using the User ID, see the following linked tutorial.
This official tutorial is exactly what you need: Azure Notification Hubs Notify Users - Android, WebAPI.
Related
I have a IoT Hub and Device Update Service configured.
Now my requirement is to upload the files from Blob container to IoT Hub Updates. This I need to do with REST API. I had the below API.
POST https://XXXXXXXXXX.api.adu.microsoft.com/deviceupdate/XXXXXXXXX/v2/updates?action=import
But, I don't understand on how to authenticate this POST request.
I see some documentation that we need to use TENANT ID and CLIENT ID for authentication. But I dont have anything in my hand right now. How to get this ?
So, Kindly provide me the best solution to use this API and Authenticate it.
In order to use this API you will need to authenticate as mentioned in the Security Section here: https://learn.microsoft.com/en-us/rest/api/deviceupdate/2020-09-01/updates/import-update
azure_auth_implicit, azure_auth_code , azure_auth_application or azure_auth_password
Read how to Register your client application with Azure AD here.
Most Azure services (such as Azure Resource Manager providers and the classic deployment model) require your client code to authenticate with valid credentials before you can call the service's API. Authentication is coordinated between the various actors by Azure AD, and provides your client with an access token as proof of the authentication.
I have an API that implements OAUTH Azure Active Directory Authentication. To achieve this, I created 2 App Registrations: Client and Backend.
I successfully implemented a Logic App able to call the API, so I am sure the authentication flow works.
Now, I need to call the same API from Power Apps, but unfortunately I got an error.
First, I create a Custom Connector
Then, I configure the Security section in this way:
Client ID: it's the ID of the Client App Registration
Client Secret: it's the secret of the Client App Registration
Login Url: login Url from Microsoft
Tenant Id: it's the Tenant Id of App Registrations
Resource URL: I don't know what to put here, I tried by using the ID of the Backend App Registration
Scope: It's not mandatory, but I tried to set the Application ID URI of the Backend App Registration concatenated to /.default.
When I try to create a Connection at the end of the wizard
I get this error
AADSTS650052: The app needs access to a service ("http://rts.powerapps.com") that your organization "a467080d-9919-4241-a48f-8b0002685a59" has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions.
My Client App Registration has the following API Permissions
UPDATE
Following #ChauncyZhou's suggestion and adding the Redirect URL generated by the Custom Connector to Client App Registration, I completed Custom Connector and Connection creation process.
When I test the API I get a 401 error:
The audience '97e**********************9c9' is invalid
Where 97e**********************9c9 is the Backend App Registration id. Did I make some mistake when I configured the Custom Connector? API works fine with Postman and Logic App.
When you call the same API from Power Apps, you don't need to add
Powerapps Runtime Service permission.Because you are calling your own api,Not calling the Common Data service api.
Because you add this permission, but your organization has not subscribed to or enabled, so it causes an error.So for your question, you just need to remove PowerApps Runtime Service permissions.
I am in the process of developing a new site and have decided to add progressive web app capabilities to the site. I have set it all up correctly and I can send push notifications to devices with whom I know the endpoint via FCM with a cURL command.
My question is how do you send one to all users who have enabled notifications on my site without knowing a list of all users unique endpoints.
If you are using the Firebase Cloud Messaging Web SDK you should be able to get the Firebase token and subscribe that token a topic using the server side API and then you can message the topic.
NOTE: This requires the use of the Firebase Web SDK to work. This is not supported with the raw Web Push API.
I'm trying to write a C# console app that will register an application in Azure Active Directory. It should work just as the web application project creation wizard in VS 2013 when you Change Authentication and select Organizational Accounts in Azure.
Following the fiddler trace, I can see that it authenticates the user using wsfederation and an oauth2 token and then uses the graph.windows.net graph api to configuration the AAD directoryObjects service principal and application.
I have tried to use the sample Graph API app, but it requires the app be registered first so that I have the clientId (application id) and password (key) to send in the Acquire Token request using the Windows Azure AD Authentication Library for .NET.
I've tried using a bunch of the different Azure APIs but they all have my chicken and egg problem, I want to use an unregistered client application to register an application in AAD. I need to avoid Configuring Application Authentication and Authorization for the Graph API so that the user has no manual steps.
Does anyone know how Visual Studio does it, using just the user login with browser prompt or if there is a standard application id and password that can be used to access the graph API, like there is the standard login URL, https://login.windows.net/common? Some C# samples would be greatly appreciated.
This post does the Application creation, but requires a clientId and password, which I don't think I have.
You can't register a new application using the Graph API from an unregistered client. The only reason the VS2013 flow works is because VS2013 is already registered in a special way within Azure AD -- it's a first party application and has unique permissions. In my Fiddler trace, VS2013 uses a client ID of 872cd9fa-d31f-45e0-9eab-6e460a02d1f1. Technically you can use this client ID and the redirect URI of VS2013 to initiate sign-on with Azure AD. This still involves user interaction (the user has to authenticate via browser pop-up) so it doesn't meet your requirement for "no manual steps," but it's somewhat helpful for understanding the protocol flows and how registration works.
The bottom line is that if you want to call the Graph API without user interaction (client credential flow), the client needs to be registered with the proper application permissions.
I am trying to implement the push notification feature for a Worklight application.
In the Push docs it is stated that the app should use authentication, also the sample project contains a login form used in this purpose. The problem is that my app does not require any authentication and/or login. I have the PushAdapter successfully deployed, also the required client code but I cannot get the client registered in the WL's Push notification console.
Any hints will be appreciated.
Thanks
Authentication is required for Worklight Push. Your Push adapter is going to use userid to find the device to push to. This wouldn't make any sense if the mobile device didn't authenticate with some user id.