Partner-Center-DotNet-Samples
Partner-Center-DotNet-Samples copied to clipboard
microsoft
Documentation for using these samples
Feature Request
Provide setup walk through for both Azure Portal and CSP dashboard with screenshots.
Describe the solution you would like Microsoft recently modified the way App Registrations work and the current documentation doesn't correlate with the current way of registering the app in the Azure Portal and the CSP dashboard.
Having a detailed walk through with screenshots of both the Azure Portal registration and the CSP Dashboard registration would be very beneficial. The screenshots should provide the exact values that are needed in the configuration for everything to work correctly.
So far I have spent many hours trying to get both the Native App and Web App registrations setup correctly without success. Assume the person who downloaded this sample knows nothing about the Azure App Registration and the CSP Dashboard app registration processes.
Also include creating the Azure Key Vault and provide screenshots of where the setting values come from.
Thank you.
Here is the web.config for the partner consent sample, questions in bold.
' AppID that represents CSP application add key="ida:CSPApplicationId" value=""' Is this a registered app in the Partner Center? And then added to my Azure AD App Registrations?
' Please use certificate as your client secret and deploy the certificate to your environment. The following application secret is for sample application only. please do not use secret directly from the config file.
add key="ida:CSPApplicationSecret" value=""' If I'm using a certificate, how do I register it? In the Partner Center, the App Registrations? The Key Vault?
'Endpoint address for the instance of Azure KeyVault add key="KeyVaultEndpoint" value=""' I assume this is just the Key Vault endpoint, correct?
' AppID that is given access for keyvault to store the refresh tokens add key="ida:KeyVaultClientId" value=""' How do I give my AppID access to the key vault?
' Please use certificate as your client secret and deploy the certificate to your environment. The following application secret is for sample application only. please do not use secret directly from the config file. add key="ida:KeyVaultClientSecret" value=""' Is this the certificate thumbprint? Where do I need to upload and register this certificate?
We have the same problem. I don't even have a higher level understanding of the secure app model. There are no flow-charts and basically everything says "just look at the samples", which don't run for me.
When I put the CSP Application Id along the other values to the config, I get the error message "Application with Id xxx-xxxx-x-x-x (shortened) is not available in tenant xxxx-xxxx-xxxx". Which makes no sense to me, because it should be our partner center app right?
Same for me - completly confused and failing on "simple" tasks like getting authentication to work. The provided documentation for setting up the app-registration and granting permissions do not line up with what i can do within the azure portal..
All im getting to work is Unauthorized access :(
Would be great to habe a step-by-step documentation as requested :+1:
Hi Guys,
I can help you to sort out issues. I spent many hours to make it work last year when the new security model was out. It works fine now for me. I guess i still remember the steps :)
My skype ID is salman_logix. You can add me and i can guide you as best i can to sort out your issue.
Regards, Salman
@SalmanMukhtar Hello, why don't you publish what you know in GitHub instead of everyone calling you on Skype.
Thank you
@btastic Well the issue is not in the code. The issue you have is related to the settings/Configuration of web/native app on azure and the permissions associated with them.
Hope that explains.
Salman
I agree with this issue. I also am having issues following the documentation. I have created two App registrations, (one for the CSPApplication and one for the key vault). I am unsure as to what to declare the ReplyURI to in my CSPApplication registration. Currently I am redirect loop, that after logging it go back to the login screen.
I agree with this issue. I also am having issues following the documentation. I have created two App registrations, (one for the CSPApplication and one for the key vault). I am unsure as to what to declare the ReplyURI to in my CSPApplication registration. Currently I am redirect loop, that after logging it go back to the login screen.
Any luck solving the issue??
Any luck solving the issue??
Not yet.
As far as i suggest, you have a configuration issue somewhere. I cannot help until i can see what you are doing.
I ran into similar issues everyone is running into. I finally figured out my issue so I hope this helps someone else.
- Ensure your partner consent app URL is added to your partner center application re-direct URLS (AAD > App Registrations > Partner Center Web App > Authentication). This should allow you to authenticate to your partner center app using MFA.
- If you are using a multitenant approach where your key vault is in a different tenant than the Partner Center Web App, ensure the you update your authority in your key vault provider class of the partner consent web app. You can find this info in AAD > Properties > Tenant ID. Then copy and paste it in the location below.
private async Task<string> GetToken(string authority, string resource, string scope)
{
var myAuthority = "https://login.microsoftonline.com/{your kv tenant info}";
Newtonsoft.Json.Linq.JObject tokenResult = await AuthorizationUtilities.GetADAppToken(myAuthority, resource, this.KeyVaultClientId, this.KeyVaultClientSecret);
return tokenResult["access_token"].ToString();
}
- If you haven't already, ensure you give your key vault service principal the correct access policies within key vault to ensure it can read and write the secrets to it.
That should allow you to save your MFA token to another tenant if you so choose. Hopefully that helps!
I got it working after spending hours in this application and document everything in my blog. You can read it here: Microsoft Partner Center DotNet Samples Secure App Model KeyVault Integration – Here is how it works
