Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
pritesho
Helper I
Helper I

Single Signon from company website

I am trying to implement single signon per website user for our front end app so users don't have to log in the website twice.

 

I tried to use below code from Prologika site, however it fails on web request and I constantly get 400 - Bad Request error.

 

I have checked userid, password, client id etc. and everything is correct.  I have also tried UI based three-leg auth and that works fine.

 

Please let me know, if you have an idea or alternate to do this.  My company can pay for a license per user but does not want them to login twice.  We want users to be agnostic of Power BI log in.

 

 

Snippet

// perform two-leg OAuth
                  System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/e7b81d0a-a949-4103-83dc-feff6277c109/oauth2/token"as System.Net.HttpWebRequest;
                  request.ContentType = "application/x-www-form-urlencoded";
                  request.Method = WebRequestMethods.Http.Post;
                  using (StreamWriter streamWriter = new StreamWriter(request.GetRequestStream()))
                  {
                      string payload = String.Format("grant_type=password&client_id={0}&client_secret={1}&resource=https%3a%2f%2fanalysis.windows.net%2fpowerbi%2fapi&username={2}&password={3}", 
                          WebUtility.UrlEncode(Properties.Settings.Default.ClientID), WebUtility.UrlEncode(Properties.Settings.Default.ClientSecret),
                          WebUtility.UrlEncode(powerBIUserID), WebUtility.UrlEncode(Util.ToInsecureString(powerBIPassword)));
                      streamWriter.Write(payload);
                  }
                  using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
                  {
                      using (StreamReader streamReader = new StreamReader(response.GetResponseStream()))
                      {
                          string payload = streamReader.ReadToEnd();
                          payload = payload.Replace("access_token""AccessToken");
                          payload = payload.Replace("refresh_token""RefreshToken");
 
                          AuthenticationResult ar = AuthenticationResult.Deserialize(payload);
                          Session["authResult"] = ar;
                      }
                  }

 

Thanks in advance.

1 ACCEPTED SOLUTION
pritesho
Helper I
Helper I

Here is how I solved it:

I got it working finally.  Below is code.
 
 
Use below code to encrypt password:-
 
var secureString = new System.Security.SecureString();
var password = "pwd here";
var charArray = password.ToCharArray();
foreach (var chara in charArray)
{
    secureString.AppendChar(chara);
}
string myPassword = Util.EncryptString(secureString);
Use below code, modification in above code to point to Common login path instead of TenantId based path.
 
// perform two-leg OAuth
 System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/common/oauth2/token"as System.Net.HttpWebRequest;

View solution in original post

6 REPLIES 6
pritesho
Helper I
Helper I

Here is how I solved it:

I got it working finally.  Below is code.
 
 
Use below code to encrypt password:-
 
var secureString = new System.Security.SecureString();
var password = "pwd here";
var charArray = password.ToCharArray();
foreach (var chara in charArray)
{
    secureString.AppendChar(chara);
}
string myPassword = Util.EncryptString(secureString);
Use below code, modification in above code to point to Common login path instead of TenantId based path.
 
// perform two-leg OAuth
 System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/common/oauth2/token"as System.Net.HttpWebRequest;
Sunkari
Responsive Resident
Responsive Resident

@pritesho where util class is present.

Will it be possible to do this type of authentication in javascript?

Yes, it's obviously possible, you can use ADAL javascript client: https://github.com/AzureAD/azure-activedirectory-library-for-js

Using Power BI Embedded Azure Service.  This is new and totally legit way to do it.

Sunkari
Responsive Resident
Responsive Resident

I am little bit confused with this implementation.

 Could you please some body help me on this.

 

1 ) I have a power bi account (Ra@Pa.onmicrosoft.com) and i have created a few dashboards there and I have one azure account (ra.sun@test.com)

 

2) Download code from here for Chapter 12: http://prologika.com/power-bi-embedded-dashboards-without-authentication-ui/ and hosted as http://localhost:85Test/ in IIS.

 

3) I noticed that few things are hard coded in above solution. what details i need provided for below code and from where i need to get these details.

 

<PBIWebApp.Properties.Settings>
<setting name="ClientSecret" serializeAs="String">
<value>YourClientSecret</value>
</setting>
<setting name="ClientID" serializeAs="String">
<value>xxxxx</value>
</setting>
<setting name="Username" serializeAs="String">
<value>username</value>
</setting>
<setting name="Password" serializeAs="String">
<value>XXXX</value>
</setting>
</PBIWebApp.Properties.Settings>

4) How add my application(http://localhost:85Test) in azure active directory

 

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.