Possible to consume AAD authenticated Azure functions from Power Bi and Power Apps?
In Power Bi we get this error when trying to make a web connection:
"We couldn't authenticate with the credentials provided. Please try again"
The Azure function app is registered in our AAD . The function is a C# httptrigger with this code:
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Threading.Tasks;
public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, TraceWriter log)
{
// parse query parameter
ClaimsIdentity userClaimsId = ClaimsPrincipal.Current.Identity as ClaimsIdentity;
var claims = userClaimsId.FindAll(ClaimTypes.Upn);
var groups = userClaimsId.Claims.Where(x => x.Type.Equals("groups")).ToList();
var upns = userClaimsId.Claims.ToList();
var roles = userClaimsId.Claims.Where(x => x.Type.Equals("upn")).ToList();
return req.CreateResponse(HttpStatusCode.OK, groups);
}
We are attempting to connect from Power Bi Desktop via the Get Data > Web option using an organizational account in our same AAD. When we call the function from browser it prompts for login and seems to return data.
The token that Power BI Desktop obtains from AAD when you sign in with an organizational account is for the https://yourfunction.azurewebsites.net audience. But when you configure AAD authentication for your Azure Function App, by default the audience configured is https://yourfunction.azurewebsites.net/.auth/login/aad/callback. That's why you receive an access denied.
So you can go to the AAD authentication settings of your Azure Function App, click AAD > Advanced > and enter the new allowed token audience there (see below, marked in red). Make sure to click OK, and to save the changes.
- Prevent Captive Portal auto-close after authentication (Android)
- SmartGIT does not ask for ssh key
- how to use bitbucket access token with JGit instead of user / pass
- handling username / password in cookie for login
- Why is the page still loading after an redirect?
- Return the user's role when we authenticate with ASP.NET WebApi
- why Bad state: add(LoginEvent) was called without a registered event handler. Make sure to register a handler via on<LoginEvent>((event, emit) {...})
- API Gateway Custom Authorizer: Control error message and code
- Blazor MFA Login using Entra - Setting Session Length
- What's the point of refresh token?
- Minimal API or AccountController for Login with ASP.NET Core Identity?
- authMiddleware doesn't exist after installing clerk
- Laravel 9 Registered Users Cannot login
- C# ApiController : multiple authentication methods
- Supabase onAuthStateChange keeps triggering (remix)
- Invalid Login Credentials in Oracle APEX After Resetting the Password from the Administration Panel in ADB-S
- Problem with PgBouncer auth method not same type
- AppwriteException: User (role: guest) missing scope (account), not able to get account after creating a session
- Woocommerce authentication with phone number OR normal login
- NestJS JWT Strategy requires a secret or key
- How to change mongodb password in docker compose
- 404.17 error - requested content appears to be script
- who creates the passkey (and how many will be created?)
- Enter Key with Two Login Controls
- JWT generate token with algorithm ES256
- Why can't Google Drive be mounted anymore and shows a browser popup instead of a link for authorization?
- Enable interactive render mode on Blazor templates accounts pages
- how do i link login form to html website on computer
- How to update database of parent class and [Owned] attribute class type in Entity Framework Core 8.0.8
- How to debug Bearer error="invalid_token"