I have an app (its actually the Audit Logs custom connector for the PowerPlatform Center of Excellence package) which about 2 weeks after I register it in App Registrations migrates to Enterprise Apps and I can no longer use the Custom Connector because the system cannot find it in App Registrations. I re-register the custom connector and it all works for a couple of weeks before it disappears again.
Anybody got any odeas why this is happening ?
Thanks
Nigel
In theory, this will not happen, as long as you register the app in Azure AD App registrations, it will definitely not disappear suddenly unless you delete it.
You need to make sure that the account you log in is the account that created the application, or when you log in with other account under the same tenant, use All applications to find the name of the application.
Related
Azure app insights are not working after the application is being deployed to Azure App Service but it's totally looking good on the local.
I have added the Instrumentation key on ApplicationInsights.config file that's being provided by the Azure App Service on the local app and saw the requests are logging on the portal.
In some articles, it suggests that we should not keep some DLLs like
Microsoft.ApplicationInsights.dll
Microsoft.AspNet.TelemetryCorrelation.dll
System.Diagnostics.DiagnosticSource.dll
But seems like it's essential for the App insights. I am not sure where I am missing. Could anyone of you guide me on this?
Here are few reasons and solutions that you can have a look why application insights aren't working after deployment.
SCENARIO - 1
Disabled Application insights on portal
Like #Vinez mentioned You can enable them from your appinsights overview page. Scroll down on the same page to see the left pane that shows an option of Application Insights and then “Turn On Application Insights”.
SCENARIO - 2
Missing AppInsights settings
You can navigate to Configuration -> Application settings and check if the appinsights settings (i.e.. APPINSIGHTS_INSTRUMENTATIONKEY, APPLICATIONINSIGHTS_CONNECTION_STRING, ApplicationInsightsAgent_EXTENSION_VERSION, XDT_MicrosoftApplicationInsights_Mode) have been added or not with appropriate values.
SCENARIO - 3
ApplicationInsights.Config not deployed with the application.
You can go to App Service Editor (preview) and check whether the AppInsights.config file is being deployed.
You can check this similar thread which deals with build and publish.
SCENARIO - 4
Due to restricted firewall.
Please try checking Enable Azure Application Insights on the VM-Series Firewall
Further you can log the traces and act accodingly using perfview.
REFERENCES :
App Insights for web application not working when deployed to Dev server
Troubleshooting no data - Application Insights for .NET.
My goal is to run a google app engine application with the minimal amount of access to resources it needs. In my case the application will access the datastorage in the project (this is the golang example tutorial using the source code git checkout origin/part4-usingdatastore from https://github.com/GoogleCloudPlatform/appengine-guestbook-go.git)
I did the following
Create a new project, foobarproject3
Created a new app in the project (using golang)
In the project IAM/IAM noticed the
foobarproject3#appspot.gserviceaccount.com, assumed this is the service account, so changed it's role to just BigQuery User. Notice that no Datastorage roles are configured (The UI forces me to provide access to something so I chose BQ)
Followed the tutorial instructions for the using datastore golang app (guestbook application)and deployed the app.
Opened the link to my app: https://foobarproject3.appspot.com/ It failed (this is great, this is what I expected, since the service account does not give the app permissions to read/write datastorage)
Refreshed https://foobarproject3.appspot.com/ and it started to work
There is something basic that I'm not understanding about service account from app engine. Isn't the app engine using these service account to access project resources? Why is the app getting access to datastorage when the service account does not have a policy that would allow access to datastorage?
"My goal is to run a google app engine application with the minimal amount of access to resources it needs."
This is dicey to unpack without more context. What is it that you're trying to achieve that goes beyond App Engine's default behavior?
My experience is that if one starts changing roles without understanding the basics, things go sideways (or South, or West, or Pear-shaped, depending on where you are). So I suspect you shot yourself in the foot in your third bullet.
When you access your app from the browser you are using your own user credentials, not the app's service account. And your user credentials might be exactly the app owner/admin ones, if you created the app using those credentials. See, for example, app.yaml handler login: admin option not effective on standard env python GAE app?
Make sure you log out from the app, or try accessing the app from an incognito browser window or by using a dumb(er) utility to prevent accidental/undesired credential leaking.
The app's service account is for your app to identify itself when it's interacting with other services/apps. From Understanding Service Accounts:
A service account is a special type of Google account that belongs to
your application or a virtual machine (VM), instead of to an
individual end user. Your application assumes the identity of the
service account to call Google APIs, so that the users aren't
directly involved. A service account can have zero or more pairs of
service account keys, which are used to authenticate to Google.
I have a standalone web application (not an add-in) and I would like to access Project Server PWA oData from this web application without using the PWA username/password combination.
I can do this for SharePoint oData by registering my web app in Azure AD and configuring the application to require "Read" permissions from "Office 365 SharePoint Online"
If you are interested to do this for SharePoint data, see this article for details: https://www.itunity.com/article/integrating-angularjs-aad-office-365sharepoint-part-1-622
My problem is that I want to do the same for a Project Server, but can't see any relevant Project Online permission in Azure AD.
Has any one ever accessed Project Online using Azure AD tokens?
My 10 Minutes of Internet Research™ leads me to believe this isn't available but that it was a planned feature at one point. [see here]
Without knowing much (anything) about Project Server, this seems like a situation I've dealt with on AWS at work. We have a bunch of endpoints that are secured using IAM (AWS) credentials and we can't leave those creds lying around in our app (because that would be silly). Our solution is to generate access URLs server-side and hand them out, these typically will have a time limit and be restricted to a very specific action.
A quick search for Azure's equivalent to IAM tells me that you might be able to do something similar though I'm unsure it exists for Project Server.
That failing, you could always set up an intermediary micro-service that acts as proxy and has the username/password combo. We do stuff like this all the time with Lambda (AWS's serverless functions).
Can you use Google App Engine with your own custom domain, without paying for the whole Google Apps business package?
The setup instructions suggests this is not possible. Has anyone found a work around?
You no longer need google apps for using custom domain with GAE. you can use custom domains without signing up for Google Apps for Business.
go to https://console.developers.google.com and click on your
project and select appengine then click on settings
there you can add and verify your domain using Google Webmaster central
Once you're done verifying you're all set to go !
IF one has had a free Google Apps account prior to the December 2012 deadline, there does seem to be an easy solution to mapping a new GAE app to a newly registered domain. I happen to still have such prior account for which I do not have to pay (yet?), I believe. I suspect other long-term GAE developers are in a similar situations. So, I am adding quick instructions I found and translated from here. (There are many related threads on the topic on stackoverflow. This question seems the most relevant for adding these notes.)
Login to your existing Google Apps account
Go to "Domains" and hit "add a domain or a domain alias"
Keep "Add a domain alias of ..." selected and enter the new domain name in the field
Go through the required domain verification process
Now back on the main admin screen, hit "Google Apps" and click "add Services" (a box icon on the top right)
Under "Other Services" enter your GAE app ID
On the "Settings for " page coming up, hit "Add new URL"
Select the domain name added in Step 1+, adding a prefix such as "www" in front
Confirm and be done with it
Just done and verified. Works for me and I suspect the same procedure would work for any further domains the same way.
DISCLAIMER: Again, this is for people with a prior Google Apps account. However, it should also be relevant for people that paid for a single such account. This single account should then be sufficient to map multiple GAE apps to multiple domains, if you don't need an independent copy of the other Google apps goodies every time.
Starting June 15 and for a limited time, Google will offer a USD $50.00 App Engine credit for Google App Engine developers who have recently purchased a new Google Apps for Business domain account for their App Engine application.
To review the terms and conditions for this site and request a credit for an eligible application, please visit this site.
Here is the google groups discussion : https://groups.google.com/forum/?fromgroups#!topic/google-appengine/jC_K-YlmXhM
Quoting from the link above:
We are working on a solution that will make this process simpler for
developers and not require a paid subscription for Google Apps for
Business.
In the meantime, starting from June 15, we will offer a $50 App Engine
credit for developers who need to purchase a new Google Apps for
Business domain in order to associate a domain with an App Engine
account.
Actually there is one free solution, for people that don't have Google Apps account yet.
Go to AppEngine -> Application Settings -> Add domain -> Sign up for Google Apps
Start a free 30 day trial - Do not add the billing options
Setup your domain
Add the domain to your app engine project
When the 30 day trial expire the domain will still work.
I just created my apps account, and created my app engine application, yesterday. I used Eclipse to upload my app and everything was wonderful yesterday. Today... the application is missing. I log into my appengine account and my app is no longer listed; I only see the "create application" button. I tried creating the app again, with the same ID, but I get the "invalid" message. Despite all this, I'm able to bring up my site via the main-domain.appspot.com. Please help. Why can't I see my app in the appengine console?
The most likely cause is that you're logged into a different account. This can happen sometimes if there was confusion about mutli-login. Try these steps to find your application:
Open a fresh incognito or private browsing window
Go to http://appspot.com and log into one Google account
See if your application is listed. If not, close your private browsing window to clear the session, and try it again for one of your other accounts.
Once you've found your application, it may be owned by the wrong account. You can fix this by moving ownership to your preferred account.
Navigate to the dashboard for your application.
On the left side menu click 'Permissions' under 'Administration'.
Add your preferred account as an owner.
Log into your preferred account and check your email. You will need to accept an invitation to take ownership of the application.
Reload the permissions page on the application dashboard. You should see both accounts listed as owners.
Remove any unwanted accounts from the owners list. (Remember, you need at least one owner!)