How can you obtain the full URL of a HTTP triggered Logic App in the Azure Portal, if you can't use the designer?
Usually if I create a logic app with the HTTP trigger, after the first time I save it, the "Designer" has the full URL, including the sig, and even an option to "Copy Url", e.g.
https://prod.northeurope.logic.azure.com:443/workflows/.../paths/invoke?...&sig=xxxxxxx
But if I create a logic app in the "Code view" with multiple triggers, e.g. one for GET, one for POST, I can't switch to the "Designer".
So how can I get the full URL?
... without using e.g. PowerShell and the Az cmdlets, e.g.
Get-AzLogicAppTriggerCallbackUrl
-ResourceGroupName $(LogicAppResourceGroupName)
-Name $(LogicAppName-ProcessData)
-TriggerName "manual"
Actually Logic app http trigger endpoint URL is a sas URL with below format:
https://<request-endpoint-URI>sp=<permissions>sv=<SAS-version>sig=<signature>
And you don't have dev tool, the efficient ways are the REST API:listcallbackurl and the Az command:Get-AzLogicAppTriggerCallbackUrl.
The rest api description provides a simple way to test the API with Try it button, just log in without additional auth token generation.
Also Azure Portal provides the Azure Cloud Shell to use the PowerShell and Bash command to manage Azure resources.
If you can use the Run Trigger button and select the Run with payload buttons in the code view, you can get the full url from the pane that pops up, with a convenient button to copy the full url.
Related
Is there a Rest Api call I can make to get the Session Timeout Value under Session Settings in Salesforce ?
Org-level defaults are available in metadata API but it's SOAP based, you'd need to create "package.xml" file and retrieve https://developer.salesforce.com/docs/atlas.en-us.api_meta.meta/api_meta/meta_securitysettings.htm and search for sessionTimeout
And you might need an admin account to do it, mortals typically can't view setup and use such development APIs.
It's not terribly useful anyway because every profile can override the default (Profile -> Session Settings, Profile -> Password Policies). You want ProfileSessionSetting.
Metadata API might be the only way, I don't see anything that would suggest REST API or Tooling API expose this object. I don't see it in https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_erd_profile_permissions.htm
Consider asking on https://salesforce.stackexchange.com/ too?
I'm using the Microsoft.Identity.Web NuGet package in order to sign users into Net Core 3.1 WebApp using Azure AD, then once the user has signed in, I then use their token with scopes to call the MS Graph API to fetch some additional data from their profile, such as their forename, surname, username etc. Basically some additional bits of info about the user that is not automatically included in the token returned from Azure AD.
This part work is working fine.
What I want to achieve is configuring some form of a system event or trigger to tell me when the user has successfully signed in, I would then use this trigger to run the Graph API query and fetch the user's additional profile attributes. The reason I want to do this is so each time the user requests a new page and runs a method or action, I can include their additional attributes into the logging.
Because the Microsoft.Identity.Web package hides away the Account Controller somewhere within the NuGet package (assuming a dll or something) I can't seem to access it to look at what I could latch onto in the way of an event trigger that I can use for the above.
Unless I call the MS Graph once the user has logged in then I would not have access to some of the user profile attributes that I want to include in the Serilog Logging structure.
Once I have the user attributes needed from MS Graph then I assume the best solution would be to store them in memory as getters setters for the lifetime of the logged in session, that way I can then access them from any page model / controller within the app through DI or a model.
I had thought about just simply calling the MS Graph from a OnGet() method when the home index page is loaded after a successful login, but the challenge is a user might not necessarily login by visiting the home page first, they might have saved a bookmark to another page they want to go to straight away which means the OnGet() method in the Home page might never be run. I need a more bullet proof solution given I should ensure that these extra user profile attributes are fetched every time without fail, regardless of which page is first visited that prompts the user login process.
Note: I've observed the fact that if I go straight to a page that has authorization enabled, once logged in then OIDC just returns me to that same page.
The final step in this riddle would be to remove the saved user profile attributes from memory once the user logs out, but this should be easy enough given the logout session always returns me to https://localhost:5001/MicrosoftIdentity/Account/SignedOut
If anyone has any ideas on what I could work with using this library to achieve the above would be great, thanks
I found something within Microsoft Identity Web, for the custom code:
AddSignIn has another override, which takes delegates instead of a
configuration section. The override with a configuration section
actually calls the override with delegates. In advanced scenarios you
might want to add configuration by code, or if you want to subscribe
to OpenIdConnect events. For instance if you want to provide a custom
processing when the token is validated.
https://github.com/AzureAD/microsoft-identity-web/wiki/web-apps#using-delegate-events
Here are Microsoft code samples for the ASP.net core, for many cases:
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/
I have added the alert rule and action group manually in the Azure portal to send mail whenever it fails.
Is it possible to create these things using the Azure resource manager template?
Yes, this tutorial will help you create the alert using ARM template. You can refer to the "simplestaticmetricalert.json" and "simplestaticmetricalert.parameters.json" in this tutorial and replace the parameters in json with your parameters. Then use PowerShell or Azure CLI to deploy the template.
By the way, if you are confused about some parameters in "simplestaticmetricalert.parameters.json", you can use this command below
az monitor metrics alert show [--ids]
[--name]
[--resource-group]
[--subscription]
to show the properties of the alert you have created before for your reference when you edit the new template.
While trying to use the query editor in developer console.
"SELECT ID FROM ACCOUNT"
It throws an erorr saying "This session is not valid for use with the REST API".
Any idea what excatly tthe issue here. Earlier it workerd fine.
The same problem when i click on "Open" dialog of developer console and select objects.
"CANNOT LOAD OBjects.This session is not valid for use with the REST API"
I ran into this same issue, where I could open Visualforce pages, Apex, etc but it would give me the error "This session is not valid for use with the REST API" any time I tried to use the Query Editor or create a new Trigger (which needs the object list) via the Developer Console. I tried every browser, flushing cookies, logging in as other users, etc with the same results.
I found that our org has API white listing enabled (https://help.salesforce.com/HTViewHelpDoc?id=security_control_client_access.htm&language=en_US) which blocks the API calls access unless explicitly granted.
From the Salesforce Documentation
"Contact Salesforce to enable API Client Whitelisting. After it’s enabled, all client access is restricted until explicitly allowed by the administrator. This restriction might block access to applications that your users are already using. Before you enable this feature, you should configure and approve connected apps for any client applications you want users to continue using, or give the users a profile or permission set with “Use Any API Client” enabled."
So adding the "Use Any API Client" permission set to your user profile should fix the issue.
To do this via a Permission Set, you can go to Setup > Users > Permission Sets and create a new one. Add a System Permission of 'Use Any API Client'.
There may be a way to enable API access for the Developer Console via whitelisting or the app settings but I was not able to easily find a way. You would definitely want to test whatever functionality you are creating with a user that does not have that permission enabled.
This is happening because of connected app is not configured correctly.
On 'API (Enable OAuth Settings)' panel, move 'Access and manage your data (api)' option from left to right of Selected OAuth Scopes field and then save the setting.
Wait for few minute and then try. It should work.
Looks like just the session is expired. Did you try to close developer console, relogin to your SF sandbox and open developer console again?
Create a Permission Set, and add a System Permission of 'Use Any API Client'.
And associate this permission set to users. It will solve the problem.
I'am creating application which can be used by unknown and logged in users. Only difference is that logged in user can use some additional functions like saving its content in database.
All communication is based on ajax calls, so what I need is to deny access to some controller functions (end points) in backend for unknown users and on the client side I need to know that it is in logged in state to set this extra functions active. Only one page, login form should be in dialog. I'm little bit confused, because standard Spring Security aproach doesn't fit this case. I was reading this tutorial but I cant't fully understand it.
First: What Principal object does? They send credentials to this endpoint on submit with login() function but where is handled password check? What if I have my users in database?
Second Is it possible to write this configuration in XML style? I guess that it can be done with <intercept-url/> in spring-security.xml file.
Principal Object
The Principal Object is used to be able to get basic information about a user that is attempting to login when using automatic server authentication (i.e. LDAP). However, you will only be able to get a username from the principal object. With a server JBoss/WildFly, for example, you can link the server to Active Directory to allow Microsoft Windows to authenticate users.
Simple Solution
First, Spring Security will add additional complexity to your application where it doesn't sound like you are trying to do that. Instead, use a simple Servlet Filter. If you are using LDAP on a JBoss/WildFly sever, you can make a POST to j_security_check and the server will send the request to the filter if correct credentials are provided. Inside the filter, you may use the getName() function of the Principal object to get the username so that you may store it in the user's session. However, if you are not using LDAP, you may make a simple POST to a Java Servlet or Spring Controller (with an #RequestMapping) to attempt to login the user and store the user's information in the session.
At this point, you can filter out what URLs you will allow users to see. For example, the URL that contains /administrator/some/other/stuff.jsp could be restricted if the URL contains the word "administrator" in the first directory of the URL.