I am trying to embed power BI Dash Board report into Web application.
1) I have configured the application using this Microsoft link and their sample application from github https://learn.microsoft.com/en-us/power-bi/developer/embed-sample-for-your-organization.
2) I have also tried configuring using this documentation https://bitbucket.org/omnistream/powerbi-api-example\
I am accessing the end point with my company email id /password . below is the details. i have admin rights on dash board report and I have power BI pro user account.
Post End point: https://login.microsoftonline.com/common/oauth2/token
Request Header :
User-Agent: Fiddler
Host: login.windows.net
content-Type: application/x-www-form-urlencoded
Content-Length: xxx
with request body :
grant_type=password&scope=openid&username=myUserName#mycompany.com&password=MyPassword&client_id=XXXXX&resource=https://analysis.windows.net/powerbi/api&client_secret=XXXXX
it throws below error:
error_description=AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password
Trace ID: c13c59dc-79e2-4169-bae2-06c402310100
Correlation ID: a747a226-362a-45aa-956a-122629fa9863
Timestamp: 2018-08-06 21:27:59Z
Do i need to configure or create Master Power BI account separately ?
or if my company network interfering with Post request to mask the user id/password, is there any tool which can help me to trace this network issue?
Even after Bypassing the company proxy for credentials it was not working.
finally, I logged the ticket with Microsoft and able make it work for only one of the option i.e. Native application. Below is the step
1) Download 'App owns data ' application from here. And Register your power Bi application in Azure Portal as "Native application" for Application Type. Visit the link #1 in question for details about configuring PowerBI application web page embedding.
2) Open project and import all required Dll using NUget package manager.
3) configure cloud.config with these values in project.
<appSettings>
<add key="authorityUrl" value="https://login.microsoftonline.com/common/oauth2/authorize/" />
<add key="resourceUrl" value="https://analysis.windows.net/powerbi/api" />
<add key="apiUrl" value="https://api.powerbi.com/" />
<add key="embedUrlBase" value="https://app.powerbi.com/v1.0/myorg/" />
</appSettings>
4) Configure your web.config file with these values in project.
<appSettings file="Cloud.config">
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="applicationId" value="xxxxxxx-xxxx-xxxx-xxxx-xxxxxx" /> <!--For PowerBI Native application ID-->
<add key="workspaceId" value="xxxxxxx-xxxx-xxxx-xxxx-xxxxxx" />
<!-- The id of the report to embed. If empty, will use the first report in group -->
<add key="reportId" value="xxxxxxx-xxxx-xxxx-xxxx-xxxxxx" />
<!-- Note: Do NOT leave your credentials on code. Save them in secure place. -->
<add key="pbiUsername" value="XXXXXXXXX#yourcompany.com" />
<add key="pbiPassword" value="xxxxxxxx" />
</appSettings>
5) Publish your report on power BI site , create dash board , fill the report id and work space id in above web.config setting.
6) Execute the application. it should work for Embed report, dashboard and Tile types.
Related
I've just got this Google Sample Project to work on my VS2015,
However, after I published to "IIS" and host it, when I opened the link, the web page kept showing this message as the picture showed
I added the key to the web.config, but still doesn't work, just wondering if anyone had done this before, I really need help, thank you!
Edit: Here is my code
Web.Config
<appSettings>
<!-- Set to your Google project id as shown on the Google Developers Console -->
<add key="GoogleCloudSamples:ProjectId" value="gdtest-1332" />
<add key="GOOGLE_APPLICATION_CREDENTIALS" value="D:\ProjectCloud\gdtest-12323.json" />
<!--
Set to either mysql or datastore.
If using mysql, update the connectionString far below, and then run Update-Database in the
Package Manager Console.
-->
<add key="GoogleCloudSamples:BookStore" value="datastore" />
<!-- Set to your Google Cloud Storage bucket -->
<add key="GoogleCloudSamples:BucketName" value="cloudstoragetestbillez" />
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
Programmatically set an environment variable at runtime as such:
string credential_path = #"C:\..\key.json";
System.Environment.SetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", credential_path);
I'm not an expert with IIS but it won't seem to pick up on environment variable set in your desktop environment.
Restarting the Visual Studio 2017 did it for me for Console Application.
Console.WriteLine(System.Environment.GetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS"));
From google documention it seems it is env var and not web.config.
If you are using a service account credential, set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path to the JSON credential file you downloaded.
With command prompt:
set GOOGLE_APPLICATION_CREDENTIALS=[PATH_JSON]
You donĀ“t need setting credentials on code
Google says:
After creating a service account, you have two choices for providing the credentials to your application. You can either set the GOOGLE_APPLICATION_CREDENTIALS environment variable explicitly, or you can pass the path to the service account key in code.
i have two different applications, one is a website project running on the the server root, the second is a web application project in a folder, both projects have their configuration files, and i am putting the link in the configuration file of the website project
i am trying to redirect users from the website project to the web application project, whenever i use this:
<add key="CoronaPortalAddress" value="http://localhost/coronaportal/Security/ApplicantSignIn1.aspx?applicationType=" />
<add key="CoronaPortalSignInPage" value="http://localhost/coronaportal/Security/SignIn.aspx" />
<add key="CoronaPortalTimeTablePage" value="http://localhost/coronaportal/Conona Schools_ Trust Council_ApplicantTestScores/TimeTable1.aspx" />
<add key="CoronaPortalResultsPage" value="http://localhost/coronaportal/ParentReportLogin.aspx" />
users will be redirected, though on the url it will showing localhost, so i change it to:
<add key="CoronaPortalAddress" value="http://www.shodsystems.com/coronaportal/Security/ApplicantSignIn1.aspx?applicationType=" />
<add key="CoronaPortalSignInPage" value="http://www.shodsystems.com/coronaportal/Security/SignIn.aspx" />
<add key="CoronaPortalTimeTablePage" value="http://www.shodsystems.com/coronaportal/Conona Schools_ Trust Council_ApplicantTestScores/TimeTable1.aspx" />
<add key="CoronaPortalResultsPage" value="http://www.shodsystems.comcoronaportal/ParentReportLogin.aspx" />
now it throwing error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS
i tried to google this, but couldnt fix it, any assistance would be appreciated.
I have a Xamarin mobile app that uses the Azure Mobile Services SDK to authenticate a user against social providers. I get the token and attach it to http request hitting my Web API ASP.NET application (that I'm deploying as an Azure Cloud Service) as a bearer token.
I need to validate the bearer token and get a ClaimsIdentity to work with in my ApiController. Do I need to use the Mobile Service .NET Backend nuget packages for this? How can I?
EDIT:
Created an empty ASP.NET application Added a Web API controller
Installed Mobile Services .NET Backend nuget package
Set appsettings values for keys MS_MobileServiceName, MS_MasterKey,
MS_ApplicationKey from values in Azure Management Console
Set [AuthorizeLevel(AuthorizationLevel.User)] on my HttpGet operation
in my ApiController
Cast User to ServiceUser
Create http request with bearer token from Google Auth thru Azure
Mobile Service SDK
User is null!
Use attributes such as
[AuthorizeLevel(AuthorizationLevel.Anonymous)]
[AuthorizeLevel(AuthorizationLevel.User)]
On the methods in your API to validate depending on which role you want.
Then use
var currentUser = User as ServiceUser;
to get the current user in the method, if the AuthorizationLevel is not Anonymous.
And setup your AppSettings as necessary. Change the MasterKey and ApplicationKey if you are testing the MobileService on localhost.
<appSettings>
<!-- Use these settings for local development. After publishing to
Mobile Services, these settings will be overridden by the values specified
in the portal. -->
<add key="MS_MobileServiceName" value="[NAME HERE]" />
<add key="MS_MasterKey" value="[INSERT HERE]" />
<add key="MS_ApplicationKey" value="[INSERT HERE]" />
<add key="MS_MicrosoftClientID" value="Overridden by portal settings" />
<add key="MS_MicrosoftClientSecret" value="Overridden by portal settings" />
<add key="MS_FacebookAppID" value="Overridden by portal settings" />
<add key="MS_FacebookAppSecret" value="Overridden by portal settings" />
<add key="MS_GoogleClientID" value="Overridden by portal settings" />
<add key="MS_GoogleClientSecret" value="Overridden by portal settings" />
<add key="MS_TwitterConsumerKey" value="Overridden by portal settings" />
<add key="MS_TwitterConsumerSecret" value="Overridden by portal settings" />
<add key="MS_AadClientID" value="Overridden by portal settings" />
<add key="MS_AadTenants" value="Overridden by portal settings" />
<!-- When using this setting, be sure to also set the Notification Hubs connection
string named "MS_NotificationHubConnectionString". -->
<add key="MS_NotificationHubName" value="Overridden by portal settings" />
<add key="Microsoft.ServiceBus.ConnectionString" value="Endpoint=sb://[your namespace].servicebus.windows.net;SharedSecretIssuer=owner;SharedSecretValue=[your secret]" />
</appSettings>
I recently installed the latest version of BlogEngine.NET (v3.0). The blog itself renders fine on my browser (i.e., viewing the main page, individual blog posts, etc.) However, when I log in and try to access any of the Admin pages (i.e., Settings, Users, etc.), I am getting an HTTP 403 (Forbidden) error.
This is happening on both Windows Server 2008 R2 x64 as well as Windows Server 2012 x64. When I installed a local copy on my Windows 8.1 Pro machine, it works fine.
I know the admin pages all render in MVC-style, since the URL is "/admin/#/settings", for Settings for example.
I have literally tried everything. I verified that the application pool identity has Write permissions to the entire web site folder structure.
Any thoughts/ideas? I am completely stuck and would appreciate any guidance. Thanks in advance.
* UPDATE *
Some progress- I tried creating a standalone website in IIS just for BlogEngine.NET, i.e., http://www.example.com instead of http://www.example.com/blog, and it worked flawlessly.
Therefore, something is going screwy with the permissions when I am creating an Application within the main Website (i.e., www.example.com/blog).
Thoughts?
Ancient post, but adding these <appSettings> helped for me:
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="true" />
</appSettings>
Alternatively, you can start the section by getting rid of all inherited values:
<appSettings>
<clear />
<!-- Other settings here -->
</appSettings>
In my main site I explicitly had a setting <add key="webpages:Enabled" value="false" />, so that explains why it was necessary to add this.
You also need to do this for other sections, like <connectionStrings>.
I to do:
Click Start, point to Administrative Tools, and then click Internet
Information Services (IIS) Manager. In the Connections pane, expand
the server name, expand Sites, and then select the site, application
or Web service for which you want to enable Extended Protection for
Windows authentication. Scroll to the Security section in the Home
pane, and then double-click Authentication. In the Authentication
pane, select Windows Authentication. Click Enable in the Actions
pane. Click Advanced Settings in the Actions pane.
after set in web.config <authentication mode="Windows" />
If I start app from VS2010 - All works well.
If else I start app from IIS I have problem.
Requested user data I enter Computer\NameUser.
then an error:
Error HTTP 401.2 - Unauthorized You have no right to view this page
because of the inadmissibility of the authentication header.
update:
update2:
file: C:\Windows\System32\inetsrv\config\applicationhost.config
<location path="windowsAuthTest">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" userName="User" password="[enc:AesProvider:BZ7e2mkTjJL7Wo8xMm2PQKZ2biP1nKB2SjAfw9WmJoBhkMbl4DYqEJU0bzIj3CxF:enc]" />
<windowsAuthentication enabled="true" useKernelMode="false">
<extendedProtection tokenChecking="None" />
<providers>
<clear />
<add value="NTLM" />
<add value="Negotiate" />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>
</location>
Take a look at my previous answer.
Basically, that means that the authentication ticket does not match the expectation of the server.
You should force the server to use NTML or Kerberos (depending on your authentication strategy).
[Edit] as appcmd can be a bit obscure, here is the manual stop to force NTLM authentication.
Navigate to C:\Windows\System32\inetsrv\config
Backup, Backup, Backup and rebackup applicationhost.config
To be sure backup again
Open the file applicationhost.config with your favorite xml editor
search for the node <location path="Your web site name/yourapplication">
Setup the correct authentication provider :
The important part is that there is the <clear /> node. This will break inheritance from the global configuration.
This can be applied to the whole IIS server, or a specific web site, or (like here) a specific web application).
I'm not sure, but I wonder if this can be set in the web.config within the app directly instead of the IIS config file. This merits to be tested.
After that you access to security of your site you must to add right for the user windows.