cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Helper I
Helper I

Single Signon from company website

I am trying to implement single signon per website user for our front end app so users don't have to log in the website twice.

 

I tried to use below code from Prologika site, however it fails on web request and I constantly get 400 - Bad Request error.

 

I have checked userid, password, client id etc. and everything is correct.  I have also tried UI based three-leg auth and that works fine.

 

Please let me know, if you have an idea or alternate to do this.  My company can pay for a license per user but does not want them to login twice.  We want users to be agnostic of Power BI log in.

 

 

Snippet

// perform two-leg OAuth
                  System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/e7b81d0a-a949-4103-83dc-feff6277c109/oauth2/token"as System.Net.HttpWebRequest;
                  request.ContentType = "application/x-www-form-urlencoded";
                  request.Method = WebRequestMethods.Http.Post;
                  using (StreamWriter streamWriter = new StreamWriter(request.GetRequestStream()))
                  {
                      string payload = String.Format("grant_type=password&client_id={0}&client_secret={1}&resource=https%3a%2f%2fanalysis.windows.net%2fpowerbi%2fapi&username={2}&password={3}", 
                          WebUtility.UrlEncode(Properties.Settings.Default.ClientID), WebUtility.UrlEncode(Properties.Settings.Default.ClientSecret),
                          WebUtility.UrlEncode(powerBIUserID), WebUtility.UrlEncode(Util.ToInsecureString(powerBIPassword)));
                      streamWriter.Write(payload);
                  }
                  using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
                  {
                      using (StreamReader streamReader = new StreamReader(response.GetResponseStream()))
                      {
                          string payload = streamReader.ReadToEnd();
                          payload = payload.Replace("access_token""AccessToken");
                          payload = payload.Replace("refresh_token""RefreshToken");
 
                          AuthenticationResult ar = AuthenticationResult.Deserialize(payload);
                          Session["authResult"] = ar;
                      }
                  }

 

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Helper I
Helper I

Here is how I solved it:

I got it working finally.  Below is code.
 
 
Use below code to encrypt password:-
 
var secureString = new System.Security.SecureString();
var password = "pwd here";
var charArray = password.ToCharArray();
foreach (var chara in charArray)
{
    secureString.AppendChar(chara);
}
string myPassword = Util.EncryptString(secureString);
Use below code, modification in above code to point to Common login path instead of TenantId based path.
 
// perform two-leg OAuth
 System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/common/oauth2/token"as System.Net.HttpWebRequest;

View solution in original post

6 REPLIES 6
Highlighted
Helper I
Helper I

Here is how I solved it:

I got it working finally.  Below is code.
 
 
Use below code to encrypt password:-
 
var secureString = new System.Security.SecureString();
var password = "pwd here";
var charArray = password.ToCharArray();
foreach (var chara in charArray)
{
    secureString.AppendChar(chara);
}
string myPassword = Util.EncryptString(secureString);
Use below code, modification in above code to point to Common login path instead of TenantId based path.
 
// perform two-leg OAuth
 System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/common/oauth2/token"as System.Net.HttpWebRequest;

View solution in original post

Highlighted

Will it be possible to do this type of authentication in javascript?

Highlighted

Yes, it's obviously possible, you can use ADAL javascript client: https://github.com/AzureAD/azure-activedirectory-library-for-js

Highlighted

Using Power BI Embedded Azure Service.  This is new and totally legit way to do it.

Highlighted
Responsive Resident
Responsive Resident

I am little bit confused with this implementation.

 Could you please some body help me on this.

 

1 ) I have a power bi account (Ra@Pa.onmicrosoft.com) and i have created a few dashboards there and I have one azure account (ra.sun@test.com)

 

2) Download code from here for Chapter 12: http://prologika.com/power-bi-embedded-dashboards-without-authentication-ui/ and hosted as http://localhost:85Test/ in IIS.

 

3) I noticed that few things are hard coded in above solution. what details i need provided for below code and from where i need to get these details.

 

<PBIWebApp.Properties.Settings>
<setting name="ClientSecret" serializeAs="String">
<value>YourClientSecret</value>
</setting>
<setting name="ClientID" serializeAs="String">
<value>xxxxx</value>
</setting>
<setting name="Username" serializeAs="String">
<value>username</value>
</setting>
<setting name="Password" serializeAs="String">
<value>XXXX</value>
</setting>
</PBIWebApp.Properties.Settings>

4) How add my application(http://localhost:85Test) in azure active directory

 

Highlighted
Responsive Resident
Responsive Resident

@pritesho where util class is present.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

Community Conference

Microsoft Power Platform Communities

Check out the Winners!

secondImage

Create an end-to-end data and analytics solution

Learn how Power BI works with the latest Azure data and analytics innovations at the digital event with Microsoft CEO Satya Nadella.