Build OData service with authentication for PowerBI

xhead · ‎05-31-2016

I have built an OData service that uses .NET MVC WebAPI and allows anonymous connections.

I would like to add authentication to this service and consume it from PowerBI.

Is there any documentation on how PowerBI interacts with OData services and the various authentication options that it supports?

I see Basic Authentication, which should be simple enough to implement, but there's also WebAPI key, a Data Marketplace key (which I assume is if I publish through the Azure Data Marketplace, which doesn't have a lot of documentation on authentication either), Windows credentials (probably not applicable), and Organization account, which I assume is OAuth/SAML-based, but I'd like to understand which identity providers (IdP) are supported - is it assumed to be only OAuth credentials that PowerBI accepts (ie. Azure Active Directory Services?) or can it be other OAuth providers?

I'm particularly interested in the WebAPI key and the Org Account options, to understand what my options are.

Mike

mdesenfants · ‎01-20-2023

This reference might be helpful: https://dev.to/mdesenfants/custom-net-6-odata-service-with-oauth-for-power-query-1f3k

It provides some tips on configuring an ASP.NET 6 app for Power BI and Azure AD OAuth2.

Greg_Deckler · ‎05-31-2016

For Organization account, that requires an O365 username and password, so basically Azure AD authentication. The WebAPI key and Data Marketplace (correct, Azure Data Marketplace) are both "secret key" authentication. Probably something along the lines of: http://bitoftech.net/2014/12/15/secure-asp-net-web-api-using-api-key-authentication-hmac-authenticat...

This links might have some useful bits of information:

https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-authenticate-a-web-app/

https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-authenticate-to-power-bi-service...

I'm thinking Basic authentication is probably a good way to go.

Follow on LinkedIn
@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: Power BI Cookbook Third Edition (Color)

DAX is easy, CALCULATE makes DAX hard...

xhead · ‎05-31-2016

Thanks smoupre,

Basic authentication over TLS is likely easiest, but I'm not sure it will meet the security requirements of the organization.

That HMAC link you included looks very useful. It talks about creating the message digest and says that the client and server have to calculate the digest the same way.

So I'm wondering how the PowerBI OData client uses the WebAPI key, and is there a standard or any docs on how it does that? The links you provided after that are how custom clients can authenticate to the PowerBI services, but this case is the other way around - PowerBI is the client, my OData endpoint is the service.

Thanks again.

Mike

Greg_Deckler · ‎05-31-2016

I am generally not a fan of cross-posting but you might want to post a link to this thread in the Developers forum as you might get some better traction in that forum. Or, perhaps a mod could move this over to the Developer forum? While your question is definitely about integrations with files and services, I think that the question is much more of a developer question than what people generally post to this forum.

Only so much I can help as I do not do a ton of custom development.

Follow on LinkedIn
@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: Power BI Cookbook Third Edition (Color)

DAX is easy, CALCULATE makes DAX hard...