Solved: Re: Single Signon from company website

pritesho · ‎03-29-2016

I am trying to implement single signon per website user for our front end app so users don't have to log in the website twice.

I tried to use below code from Prologika site, however it fails on web request and I constantly get 400 - Bad Request error.

I have checked userid, password, client id etc. and everything is correct. I have also tried UI based three-leg auth and that works fine.

Please let me know, if you have an idea or alternate to do this. My company can pay for a license per user but does not want them to login twice. We want users to be agnostic of Power BI log in.

Snippet

// perform two-leg OAuth
                  System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/e7b81d0a-a949-4103-83dc-feff6277c109/oauth2/token") as System.Net.HttpWebRequest;
                  request.ContentType = "application/x-www-form-urlencoded";
                  request.Method = WebRequestMethods.Http.Post;
                  using (StreamWriter streamWriter = new StreamWriter(request.GetRequestStream()))
                  {
                      string payload = String.Format("grant_type=password&client_id={0}&client_secret={1}&resource=https%3a%2f%2fanalysis.windows.net%2fpowerbi%2fapi&username={2}&password={3}", 
                          WebUtility.UrlEncode(Properties.Settings.Default.ClientID), WebUtility.UrlEncode(Properties.Settings.Default.ClientSecret),
                          WebUtility.UrlEncode(powerBIUserID), WebUtility.UrlEncode(Util.ToInsecureString(powerBIPassword)));
                      streamWriter.Write(payload);
                  }
                  using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
                  {
                      using (StreamReader streamReader = new StreamReader(response.GetResponseStream()))
                      {
                          string payload = streamReader.ReadToEnd();
                          payload = payload.Replace("access_token", "AccessToken");
                          payload = payload.Replace("refresh_token", "RefreshToken");
 
                          AuthenticationResult ar = AuthenticationResult.Deserialize(payload);
                          Session["authResult"] = ar;
                      }
                  }

Thanks in advance.

pritesho · ‎03-29-2016

Here is how I solved it:

I got it working finally. Below is code.

Download code from here for Chapter 12: http://prologika.com/power-bi-embedded-dashboards-without-authentication-ui/

Use below code to encrypt password:-

var secureString = new System.Security.SecureString();
var password = "pwd here";
var charArray = password.ToCharArray();
foreach (var chara in charArray)
{
    secureString.AppendChar(chara);
}
string myPassword = Util.EncryptString(secureString);

Use below code, modification in above code to point to Common login path instead of TenantId based path.

// perform two-leg OAuth
 System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/common/oauth2/token") as System.Net.HttpWebRequest;

View solution in original post

pritesho · ‎03-29-2016

Here is how I solved it:

I got it working finally. Below is code.

Download code from here for Chapter 12: http://prologika.com/power-bi-embedded-dashboards-without-authentication-ui/

Use below code to encrypt password:-

var secureString = new System.Security.SecureString();
var password = "pwd here";
var charArray = password.ToCharArray();
foreach (var chara in charArray)
{
    secureString.AppendChar(chara);
}
string myPassword = Util.EncryptString(secureString);

Use below code, modification in above code to point to Common login path instead of TenantId based path.

// perform two-leg OAuth
 System.Net.WebRequest request = System.Net.WebRequest.Create("https://login.microsoftonline.com/common/oauth2/token") as System.Net.HttpWebRequest;

Sunkari · ‎07-28-2016

@pritesho where util class is present.

gervwyk · ‎03-30-2016

Will it be possible to do this type of authentication in javascript?

cuongle · ‎04-13-2016

Yes, it's obviously possible, you can use ADAL javascript client: https://github.com/AzureAD/azure-activedirectory-library-for-js

pritesho · ‎04-13-2016

Using Power BI Embedded Azure Service. This is new and totally legit way to do it.

Sunkari · ‎07-26-2016

I am little bit confused with this implementation.

Could you please some body help me on this.

1 ) I have a power bi account (Ra@Pa.onmicrosoft.com) and i have created a few dashboards there and I have one azure account (ra.sun@test.com)

2) Download code from here for Chapter 12: http://prologika.com/power-bi-embedded-dashboards-without-authentication-ui/ and hosted as http://localhost:85Test/ in IIS.

3) I noticed that few things are hard coded in above solution. what details i need provided for below code and from where i need to get these details.

<PBIWebApp.Properties.Settings>
<setting name="ClientSecret" serializeAs="String">
<value>YourClientSecret</value>
</setting>
<setting name="ClientID" serializeAs="String">
<value>xxxxx</value>
</setting>
<setting name="Username" serializeAs="String">
<value>username</value>
</setting>
<setting name="Password" serializeAs="String">
<value>XXXX</value>
</setting>
</PBIWebApp.Properties.Settings>

4) How add my application(http://localhost:85Test) in azure active directory