Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Marco76
New Member

Problem getting PBI Desktop to send right resource_id to Azure AD (Multi-tenant)

‎07-25-2017 10:29 AM

 

Hi, 

 

I have this ODATA API: http://****azurewebsites.net/api/odata

I have it registered as multi-tenant on azure AD and App ID URI is something like: https://mytenantname.onmicrosoft.com/OdataAPI

 

I have it proteceted by Authorize attribute and i have some customHeaders on webconfig.cs:

 

 

<httpProtocol>
   <customHeaders>
        <add name="WWW-Authenticate" value="Bearer error=invalid_token, error_description=Error during token validation!, authorization_uri=https://login.windows.net/common/ouath2/authorize, resource_id=https://mytenantname.onmicrosoft.com/OdataAPI"/>
    </customHeaders>
</httpProtocol>

 

I also have clientIDclientSecret, Tenant and Audience and i use WindowsAzureActiveDirectoryBearerAuthentication

 

public partial class Startup
{
        public static string Audience = ConfigurationManager.AppSettings["ida:Audience"];
        public static string Tenant = ConfigurationManager.AppSettings["ida:Tenant"];
 
        public void ConfigureAuth(IAppBuilder app)
        {
            app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions
            {
                Tenant = Startup.Tenant,
                TokenValidationParameters = new TokenValidationParameters
                {
                    ValidAudience = Startup.Audience,
                    ValidateIssuer = false
                }
            });
        }
}

 

 

When I try to get my data from API, I can choose organizational account, I try to login but i get this error:

invalid_resource: AADSTS50001: The application named http://****azurewebsites.net was not found in the tenant named ****-****-****-****-****.  This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant.  You might have sent your authentication request to the wrong tenant.

The problem is PBI always sends to AAD, as the resource_id, the URL of API instead of the resource_id i put in API response headers. Basically, i can´t use my API ID URI as resource, and i don´t know what is wrong.

 

Any ideas?

 

Note: It works if i run API from IIS and my APP ID URI as an alias of my localhost address. That's because PBI Desktop always use as resource_id the base URL of the service which is connected.

 

 

Labels:
Message 1 of 1
401 Views
0
0 REPLIES 0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All