AzureAD: The user or administrator has not consented to use the application with ID ”

I have recently been working on a Multi-tenant Web Application that makes use of delegated permissions.

After developing the application for a while I found that I needed to add another delegated permission to the application which I did using the normal methods.

However, when I tried to make use of the new delegated permission with the test user I had been using for a while I didn’t get prompted for the application’s consent as I did originally and I ran into the error:

The user or administrator has not consented to use the application with ID '<App ID>'

However, when I used a completely new user who hadn’t used the web application before, there were no issues at all. This led me to believe that there was a problem with the new delegated permission not applying to my normal test user, I had expected a new prompt for consent when I went to access the application given that the permissions had changed, however this didn’t happen and therefore led me to believe that the issue was related to this change and me never granting the consent for the additional permissions.

I scoured the internet for any documented help with this but I wasn’t able to find anything, certainly not documented.

I was able to solve the issue in the end by revoking the consent for the test user and re-logging into the application and therefore re-consenting but with the new permissions. This can be done as follows:

  1. Navigate to https://myapps.microsoft.com
  2. Click on the properties for the App and click on remove
  3. Log out of the application or open a new in-private browser session and you will get prompted for consent
  4. Delegated permissions will now work.
Advertisements

Public Internet IPv4 Prefixes

I have been struggling to find a published list of prefixes for public internet address spaces, therefore I have compiled my own using the documentation available from IANA (http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml).

The prefixes below are a simplified version which doesn’t exclude the documentation use ranges as this added many extras that just weren’t needed for my purposes.

Public Prefixes

These are prefixes to all IP Addresses which are accessible across the public internet.

1.0.0.0/8
2.0.0.0/7
4.0.0.0/6
8.0.0.0/7
11.0.0.0/8
12.0.0.0/6
16.0.0.0/4
32.0.0.0/3
64.0.0.0/3
96.0.0.0/4
112.0.0.0/5
120.0.0.0/6
124.0.0.0/7
126.0.0.0/8
128.0.0.0/3
160.0.0.0/5
168.0.0.0/8
169.0.0.0/9
169.128.0.0/10
169.192.0.0/11
169.224.0.0/12
169.240.0.0/13
169.248.0.0/14
169.252.0.0/15
170.0.0.0/7
172.0.0.0/12
172.32.0.0/11
172.64.0.0/10
172.128.0.0/9
173.0.0.0/8
174.0.0.0/7
176.0.0.0/4
192.0.1.0/24
192.0.2.0/23
192.0.4.0/22
192.0.8.0/21
192.0.16.0/20
192.0.32.0/19
192.0.64.0/18
192.0.128.0/17
192.1.0.0/16
192.2.0.0/15
192.4.0.0/14
192.8.0.0/13
192.16.0.0/15
192.20.0.0/14
192.24.0.0/13
192.32.0.0/11
192.64.0.0/12
192.80.0.0/13
192.88.0.0/18
192.88.64.0/19
192.88.96.0/23
192.88.98.0/24
192.88.100.0/22
192.88.104.0/21
192.88.112.0/20
192.88.128.0/17
192.89.0.0/16
192.90.0.0/15
192.92.0.0/14
192.96.0.0/11
192.128.0.0/11
192.160.0.0/13
192.169.0.0/16
192.170.0.0/15
192.172.0.0/14
192.176.0.0/12
192.192.0.0/10
193.0.0.0/8
194.0.0.0/7
196.0.0.0/6
200.0.0.0/5
208.0.0.0/4

Private Prefixes

These are the prefixes which are reserved for use across private networks which may or may not have internet access.

Note: All these are explicitly excluded from the public prefixes

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

Other Reserved Prefixes

These are the remaining prefixes which have been excluded from the public prefixes, please see the IANA documentation for their designated use.

Note: All these are explicitly excluded from the public prefixes

0.0.0.0/8
127.0.0.0/8
169.254.0.0/16
192.0.0.0/24
192.18.0.0/15
192.88.99.0/24
224.0.0.0/2

BT Youview Remote & Hitachi 40HXT16U

Just incase anyone has an issue like this and can’t find anything on the internet to resolve and ends up pulling their hair out like me, the code to use for this TV is the one for Sharp not Hitatchi which was 4848… no idea why, finally figured out to try it by googling the code from the bottom of the TV remote and it came up as a Sharp remote.

DS18B20 Showing 85000 Raspberry Pi

I’ve recently been trying to get a DS18B20 working with the Raspberry Pi, and although its well documented around the internet I ran into a bit of an issue where mine was always returning t=85000.

Although alot of people claims this is wiring (which could be the case) for me it was actually to do with how it was reading the value in the kernel module.

Originally in modules I had:

w1-gpio
w1-therm

As it turned out, there’s a problem with the pullup (http://www.raspberrypi.org/forum/viewtopic.php?f=37&t=48588) where the below resolved the problem:

w1-gpio pullup=1
w1-therm

Sending E-mail With PowerShell

Been looking for something like this in a while to test newly setup or existing SMTP setups for simple server notification or business applications e.g. SharePoint, as it saves you having to install telnet or putty in order to send a quick test email to make sure its not getting blocked somewhere i.e. spam:

## Update ##
Just found out there’s an actual powershell Cmdlet for this: Send-MailMessage!


$msg = new-object Net.Mail.MailMessage

#Creating SMTP server object
$smtp = new-object Net.Mail.SmtpClient($smtpServer)

#Email structure
$msg.From = "fromID@xxxx.com"
$msg.To.Add("toID@xxxx.com")
$msg.subject = "My Subject"
$msg.body = "This is the email Body."

#Sending email
$smtp.Send($msg)

Thanks to SharePoint and Others for the basics!

Tracert: May the force be with you

Randomly came across Star Wars trace route, which is both funny and impressive,

Perform the following (windows):
tracert /h 254 obiwan.scrye.net

If like me you have a few secure hops before the internet keep waiting, it will eventual start hopping about and returning star wars style scrolling text… strange but true!

Windows Azure: ACLs apply to ALL traffic on the local port

Its not very clear fromt he documentation that adding an ACL also affects internal virtual network communications as well as external endpoint access on the port defined.

For Example:

If you have two machines in different services connected via the same virtual network and are using the internal subnet IP for communication, the ACL will be applied to the traffic on the internal IP aswell as the external IP/Endpoint you apply it to, even if your not accessing the port via the external IP/endpoint.

Therefore, ensure you allow access for your virtual network subnets if you do plan to allow communication internally as this has caught me out on two occasions now.

I’m sure there’s a good reason as to why the ACL is applied to internal traffic too, but given you don’t need an endpoint defined for internal communication and the ACL is applied to the endpoint it is a little confusing.

Note: This also applies to Site-to-Site links (And assume Point-to-Site, although have not tested)