Fixing issue “AADSTS70005” by enabling the implicit authentication flow for your Azure AD app

Azure Active Directory (Azure AD)

While either developing or just trying to use an application that authenticates against Azure AD, you might get an error message that contains error code “AADSTS70005“. This means that you’re trying to use implicit authentication flow, but it isn’t allowed for your app. If you have access to the Azure AD you’re authentication against, it’s easy to fix! See more below…

Reason

You might get an error, somewhat like this:

AADSTS70005: response_type 'token' is not supported for the application Trace ID: <Guid_1> Correlation ID: <Guid_2> Timestamp...

This is returned by your Azure AD instance, as it doesn’t allow the use of implicit OAuth2 authentication flow for the application id you’re using.

Solution: Enable the Implicit Authentication Flow

Okay, luckily the fix is going to be easy. You can resolve the issue by enabling the implicit authentication flow for OAuth2. There’s actually no switch in GUI for this – you’ll have to edit the manifest of your registered Azure AD application yourself. Follow these steps: Continue reading

Fixing the error “Web Deploy cannot modify the file on the Destination because it is locked by an external process.”

"Publishing Failed" for an Azure Function

This post describes how to fix the error, where when publishing Azure Functions or Azure App Services you get an error like this: “Web Deploy cannot modify the file on the Destination because it is locked by an external process.”

This is luckily another straightforward fix! 

Problem

Azure Function Publish fails with a message:

“Web Deploy cannot modify the file on the Destination because it is locked by an external process.”

It is, indeed, caused by some of your files at the target of your publishing being in use, so they cannot be overwritten. Great – an actually accurate error message! Much appreciated.

This seems to apply to Azure Functions CLI versions 2.x (currently in beta), and not for the stable versions. At least that’s the state at the time of writing this. There’s even this unresolved issue open about it on GitHub.

Continue reading

How to fix AADSTS50011: Reply address did not match because of case sensitivity.

AADSTS50011: The reply address ... does not match the reply addresses configured for the application.

So, you got an error with a code AADSTS50011? It’s just Azure AD’s authentication acting up because of invalid reply address! here’s a bunch of different reasons that lead to this error. This post describes the variant where the URL’s case sensitivity differns from what’s configured. For me, the most typical scenario where I run into this error is accessing the app from SharePoint.

Problem

So, you’re getting an error somewhat like this:

AADSTS50011: The reply address <...> does not match the reply addresses configured for the application: '<guid>'. More details: Reply address did not match because of case sensitivity.

This is another variation of the good old “AADSTS50011: The reply address does not match the reply addresses configured“-error.

I recently encountered this new version of the error. Normally, you don’t get any extra details – the “More details:” -section will just say “not available” or some such. But I guess a lot of people have been struggling with the case-sensitivity of the URLs (I wonder who thought that was a good idea?), and Microsoft has opted to provide this, slightly improved version of the classical reply-url error.

Continue reading

How to fix an Azure Function (v2) failing with error “The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.”

"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable." leads to a 404 error in jQuery.

This post describes one way to resolve a problem, where you receive an error like “The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.” when calling your Azure Functions.

Problem

Another day, another simple, yet kind of weird issue to solve! This time I was developing a simple Azure Function to access Microsoft Graph API. This particular issue was kind of bugging, since the error message actually had nothing to do with the actual issue and gave no pointers as to how to fix the issue!

I was just developing a function, and suddenly it stopped working, and the only error message I got was this:

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

In client-side code, if called with $.get(), it looks somewhat like this:

"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable." leads to a 404 error in jQuery.

“The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.” leads to a 404 error in jQuery.

So, what did I do to cause this – and how to fix this?

Continue reading

Fixing an unhandled exception about StructureMap configuration failing (messed up assembly bindings)

Obama congratulates you on your broken apps

So, you’re running a console program, but while you try running it, you get an error like this: “StructureMap.Exceptions.StructureMapConfigurationException”, with a message like this: “Unable to find the exported Type’s in assembly” (the typo done by Microsoft, not me). There’s a number of reasons for this error, but for a fair share of the time that’s just your assembly bindings being messed up. Luckily, that’s another easy fix!  Continue reading

Solving Azure Web Application’s first load perfomance issues

Microsoft Azure logo

Is your Azure Web Application suffering from absolutely horrible load times every time someone accesses it for the first time every 15 minutes or so? Mine was. It was pitiful.

I was developing a web-based service using EF6 and ASP.NET MVC 5, where all the assets were hosted in the Azure. Even though the app was reasonably lightweight and usually responded very fast, the first time someone accessed it in a while it took 20-60 seconds to load AND sometimes even timed out (especially with mobile clients). Load testing revealed only the what I already knew: initial load times were horrendous, but after that everything worked fine. I did eventually find the solution, though!

Continue reading

Hackathon win: Resolving Managed Metadata Madness

Won my first hackathon!

I won a hackathon! They had fun topics, it was a cool challenge, a well organized event, and had cool prizes. Since this is the first hackathon I ever took part in, I thought I’d post something about my experience and the solution(s) I figured out. Continue reading

Solving error “AADSTS90013: Invalid input received from the user”

AADSTS90013: Invalid input received from the user. (header thumbnail)

I stumbled upon a customer, that complained about some pages in their intranet throwing weird errors with authentication. Those pages seemed to have one thing in common – there was a Yammer embed (or a SharePoint script webpart with Yammer embed script in it, to be precise) there. The error code they got was “AADSTS90013: Invalid input received from the user”.

Below, you can see an example of the error screen.

AADSTS90013: Invalid input received from the user.

AADSTS90013: Invalid input received from the user.

Okay – this is going to be extremely specific, and probably won’t solve the issue for all of you out there! But this is what worked for this customer: Continue reading

How to Resolve Managed Metadata Madness in SharePoint?

Microsoft Flow that's used in this demo - it uses an Azure Function to extract text from a doc, which is then sent to Text Analysis, and finally written back to SharePoint. In the end, it sends notifications of the status of the run.

Using Azure Functions and Cognitive Services Text API to enrich a Flow that fills Metadata for new items in a Modern SharePoint Team Site. That’s, in a nutshell, the solution I submitted to a recent online hackathon. Quite a mouthful, isn’t it? The whole solution (and a public vote, if you’re interested!) is available here: https://devpost.com/software/resolving-managed-metadata-madness-in-sharepoint – this blog post will describe the solution and the reasoning behind it.

Preface

Some time ago my manager asked me to take a few weeks off, since I had accrued quite a lot of overtime during the hectic months working for Valo. I got bored quite quickly, so I was pretty happy to encounter an online hackathon organized by Devpost. I wasn’t aware of them beforehand, but they seemed to have hosted quite a few interesting hackathons before. Some of which quite interesting, I might add! This prompted me to also take part into a hackathon they were just hosting: “Work smarter, not harder with Office 365.”

I’m not a huge fan of hackathons, but the topic was too good to miss, so I submitted a solution I’d been thinking about implementing, but didn’t have a good enough reason to implement it for customers.

Description of the issue

So, which issue am I aiming to solve? Let’s see… 

  • The amount of data is surging (~90% of the data in the world has been created in the last 2 years)
    • To ensure that data in organizations is useful, you need to make sure, that your users find it easily!
  • A great “Enterprise-y” solution has been metadata tagging!
    • However, users generally hate doing that manually
    • Automatic solutions are either cumbersome to maintain, expensive to develop, or both
    • Many required metadata fields will cause users to migrate to shadow IT solutions (like DropBox) – or not use any collaboration solutions at all!

Continue reading

Call to sites Graph API requires “owner” permissions for site collection regardless of app permissions

Okay – yet another weird issue, and a hacky workaround. I was developing an app that was calling a SharePoint site through Graph API, using jQuery $.ajax call (developed in TypeScript), and ran into surprising 401 errors. I did find a workaround, but am also working on an actual fix.

Description

To get SharePoint site ID, which is needed when accessing SharePoint lists, the calls seemed to fail for my test accounts. Everything was working fine for my developer account, which was a global admin, so the first thing I was suspecting was of course permissions…

The first offending test account was a Group member, and a restricted reader in the site collection I was trying to access via Graph. The account was also a contributor on the root site of the tenant. And all of my accounts were licensed with E3/E5.

I knew that this part of the code was supposed to get a site id for a certain SharePoint site collection with a call to Graph API, similar to this one:

https://graph.microsoft.com/v1.0/sites/<tenant>.sharepoint.com:/sites/<site>/

It worked for my developer account, but just wouldn’t work for the test accounts! This is the error I got: Continue reading