We used to be able to log into SharePoint Online using the SharePointOnlineCredentials class eg here.
This class is not available in .NET5 and I don't have the necessary Azure permissions to configure the application in Azure AD as described here
I'd like a C# program bring up a prompt, so the user can log into Sharepoint manually. Once the user has done this the program will do what it needs to do. Is there some C# code that will bring up the Sharepoint online login prompt?
I've downloaded Pnp and CSOM. This code contains the following errors.
The name 'GetSecureString' does not exist in the current context
No overload for method 'GetContext' takes 3 arguments
'Program.GetContext(Uri, string, SecureString)': not all code paths return a value
The name 'context' does not exist in the current context
using System;
using System.Security;
using Microsoft.SharePoint.Client;
using System.Threading.Tasks;
using PnP.Framework;
namespace ConsoleApplication1
{
class Program
{
public static async Task Main(string[] args)
{
Uri site = new Uri("https://contoso.sharepoint.com/sites/siteA");
string user = "joe.doe#contoso.onmicrosoft.com";
SecureString password = GetSecureString($"Password for {user}");
// Note: The PnP Sites Core AuthenticationManager class also supports this
using (var authenticationManager = new AuthenticationManager())
using (var context = authenticationManager.GetContext(site, user, password))
{
context.Load(context.Web, p => p.Title);
await context.ExecuteQueryAsync();
Console.WriteLine($"Title: {context.Web.Title}");
}
}
public ClientContext GetContext(Uri web, string userPrincipalName,
SecureString userPassword)
{
context.ExecutingWebRequest += (sender, e) =>
{
// Get an access token using your preferred approach
string accessToken = MyCodeToGetAnAccessToken(new Uri($"
{web.Scheme}://{web.DnsSafeHost}"), userPrincipalName, new
System.Net.NetworkCredential(string.Empty, userPassword).Password);
// Insert the access token in the request
e.WebRequestExecutor.RequestHeaders["Authorization"] =
"Bearer " + accessToken;
};
}
}
}
Related
I am building a console application in C#. I want to make some calls to Microsoft Graph API to access and edit some Excel files in my SharePoint so I can automate some processes in my Organization.
The logic of the app is simple.
I call Azure Active Directory to authenticate this console application using the clients credential flow which means we will provide a clientsID and AppKey. I took the clientsID and AppKey from Azure Active Directory > App Registrations.
Then I want to receive the access token and use this to make a GET Request to the Microsoft Graph API.
E.g https://graph.microsoft.com/v1.0/me/
But then response I get is this:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"request-id": "0a3ec**************",
"date": "2019-10-15T13:54:33"
}
}
}
Below you will find the full code of my application with the two methods of getting the access token and calling the Graph API:
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.IdentityModel.Tokens;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
using AuthenticationContext = Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext;
namespace Project_Budget
{
class Program
{
private const string clientId = "14f1****************";
private const string aadInstance = "https://login.microsoftonline.com/{0}";
private const string tenant = "******.onmicrosoft.com";
private const string resource = "https://graph.windows.net";
private const string appKey = "IKV***********";
static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
private static HttpClient httpClient = new HttpClient();
private static AuthenticationContext context = null;
private static ClientCredential credential = null;
static void Main(string[] args)
{
context = new AuthenticationContext(authority);
credential = new ClientCredential(clientId,appKey);
Task<string> token = GetToken();
token.Wait();
//Console.WriteLine(token.Result + "\n");
Task<string> graphCall = GetExcelFile(token.Result);
graphCall.Wait();
Console.WriteLine(graphCall.Result + "\n");
Console.ReadLine();
}
private static async Task<string> GetExcelFile(string result)
{
string apiJsonResult = null;
var apiCallString = "https://graph.microsoft.com/v1.0/me/";
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result);
var getResult = await httpClient.GetAsync(apiCallString);
if (getResult.Content != null)
{
apiJsonResult = await getResult.Content.ReadAsStringAsync();
}
return apiJsonResult;
}
private static async Task<string> GetToken()
{
AuthenticationResult result = null;
string token = null;
result = await context.AcquireTokenAsync(resource, credential); //authentication context object
token = result.AccessToken;
return token;
}
}
}
I have given all the access required for the app to run. Also I run the query on Graph Explorer and runs properly.
Why do I get this error on the console application?
Ideally, the resource should actually be
private const string resource = "https://graph.microsoft.com";
But you still need to select the scopes that you want to target in your application.
The way you are doing it at the moment does seem to acquire/set the relevant scopes which is done for you by Graph Explorer.
I would suggest following this quick start tutorial on how to build a dot net core console app and you should be up and running in no time.
It uses the MSAL library which works better than the ADAL library you are using in your scenario.
https://learn.microsoft.com/en-us/graph/tutorials/dotnet-core
I think the problem is with resource value you're specifying in your code.
Current Code: (This resource value https://graph.windows.net corresponds to Azure AD Graph API which is older API)
private const string resource = "https://graph.windows.net";
Try changing this to: (This resource value https://graph.microsoft.com corresponds to newer Microsoft Graph API which is the one you're calling in code that comes later var apiCallString = "https://graph.microsoft.com/v1.0/me/";)
private const string resource = "https://graph.microsoft.com";
Hi I'm trying to write a simple console app which I intend to make into a batch file and get a list of external users who were invited by email have and now they have guest accounts in our Azure tenant and they have redeemed the url that was sent to them in email. When they redeem, their extenalUserState sets to "Accepted". I want to find which ones have that status.
I was told that I have to point to beta version of the API and not v.1.0 of the graph endpoint.
I have the following rudimentary code I have written looking at various examples I could find on GitHub/MS documentation for API etc.
using Microsoft.Graph;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
namespace CreateAzureADUser
{
class Program
{
static string TenantDomain;
static string TenantId;
static string ClientId;
static string ClientSecret;
static void Main(string[] args)
{
GetUsers();
//Console.WriteLine("------------------------------------------\n\n");
//GetGroupsAndMembers();
//CreateAzureADUserNow();
}
private static void GetUsers()
{
var graphServiceClient = CreateGraphServiceClient();
var users = graphServiceClient.Users.Request().Filter("userType eq 'Guest' and startswith(mail,'phs')")
.Select("id,mail,OnPremisesExtensionAttributes,userType,displayName,externalUserState")
.GetAsync()
.Result;
Console.WriteLine("Users found: {0}", users.Count);
Console.WriteLine();
foreach (var item in users)
{
Console.WriteLine("displayName: {3} \nuser id: {0} \nuser email: {1} \nExtensionAttribute8: {2}\n", item.Id, item.Mail, item.OnPremisesExtensionAttributes.ExtensionAttribute8, item.DisplayName);
}
}
public static GraphServiceClient CreateGraphServiceClient()
{
TenantDomain = "mycompanytenant.onmicrosoft.com";
TenantId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
ClientId = "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy";
ClientSecret = "zzzzzzzzzzzz";
var clientCredential = new ClientCredential(ClientId, ClientSecret);
var authenticationContext = new AuthenticationContext($"https://login.microsoftonline.com/mycompanytenant.onmicrosoft.com");
var authenticationResult = authenticationContext.AcquireTokenAsync("https://graph.microsoft.com", clientCredential).Result;
var delegateAuthProvider = new DelegateAuthenticationProvider((requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);
return Task.FromResult(0);
});
// Use this for v.1.0 endpoint
//return new GraphServiceClient(delegateAuthProvider);
// Use this for connecting to beta endpoint
return new GraphServiceClient("https://graph.microsoft.com/beta", delegateAuthProvider);
}
}
}
When I run through the debugger, I do not see "ExternalUserState" as an attribute on the users that are returned.
How to access ExternalUserState attribute on the guest user object?
You're using the SDK so you're using Graph v1.0, not the Beta. The SDKs are all generated from v1.0 metadata so beta properties and methods simply do not exist in the models.
From time to time there is a beta build pushed out to GitHub but it is generally a few versions behind. Currently, the latest beta SDK available seems to be v1.12.0 (for reference, the current SDK is v1.15).
I tried to get all members/users of TFS with the REST API and the .NET client libraries.
It works, but I get a maximum number of 50 identitys. Does anyone know, how I get all users, not only 50? (I prefer avoiding to use the old API, how it is suggested in this question)
Here is my code:
VssCredentials credentials = new VssCredentials();
VssConnection connection = new VssConnection(new Uri(url), credentials);
IdentityMruHttpClient identityMruHttpClient = connection.GetClient<IdentityMruHttpClient>();
List<IdentityRef> members = identityMruHttpClient.GetIdentityMruAsync(ProjectName).Result;
There is a REST API User Entitlements - List which can retrieve the user list from VSTS (Visual Studio Team Services), but it's only available for VSTS.
There isn't such a REST API to retrieve the user list from on-premise TFS (TFS 2017 in your scenario).
So, for now you can use the client API you mentioned above to retrieve the user list. Tested on my side, I can retrieve all the identities (more than 50 ) with below code:
You can also check the user list from userlist.txt file which under ..\..\ \bin\Debug\
using System;
using Microsoft.TeamFoundation.Client;
using Microsoft.TeamFoundation.Framework.Client;
using Microsoft.TeamFoundation.Framework.Common;
using System.Linq;
using System.IO;
namespace Getuserlist
{
class Program
{
static void Main(string[] args)
{
TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("http://server:8080/tfs"));
IIdentityManagementService ims = tcs.GetService<IIdentityManagementService>();
TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None);
TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None);
using (StreamWriter file = new StreamWriter("userlist.txt"))
foreach (TeamFoundationIdentity id in ids)
{
if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity")
{ Console.WriteLine(id.DisplayName); }
//{ Console.WriteLine(id.UniqueName); }
file.WriteLine("[{0}]", id.DisplayName);
}
var count = ids.Count(x => ids.Contains(x));
Console.WriteLine(count);
Console.ReadLine();
}
}
}
I am trying to connect to my SQL server in azure and list the dbs from a .net application, but I keep getting
ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
even though i am trying to use the Sql Management client with TokenCloudCredentials.
var authContext = new AuthenticationContext(authority);
var clientCredential = new ClientCredential(clientId, appKey);
var result = authContext.AcquireTokenAsync(resource, clientCredential).Result;
var credentials = new Microsoft.Azure.TokenCloudCredentials(subscriptionId, result.AccessToken);
var client = new SqlManagementClient(credentials);
try
{
var servers = await client.Servers.ListAsync();
}
catch (CloudException c)
{
Console.WriteLine(c.Message);
throw;
}
The AD application have permissions to access the resource group and the Azure Management API.
Any ideas why it keeps complaining about a certificate, while using token?
EDIT: I managed to do it using the "new" fluent management API. You need to create an AD application associated with the subscription and have access to the resource group. Then just create credentials and initialize the fluent API.
using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace AzureManagement
{
public class Program
{
public static void Main(string[] args)
{
var azureCredentials = new AzureCredentials(new
ServicePrincipalLoginInformation
{
ClientId = "clientId",
ClientSecret = "clientSecret="
}, "tenantId", AzureEnvironment.AzureGlobalCloud);
var _azure = Azure
.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Authenticate(azureCredentials)
.WithSubscription("subscriptionId");
var sql = _azure.SqlServers.List().ToList();
foreach (var s in sql)
{
var dbs = s.Databases.List().ToList();
}
Console.ReadLine();
}
}
}
I am not sure if this is supported. Please create a support case for this problem.
The code works like this.
You have to assign a role - in my use case I assigned the contributor role to the App registration, on to the Ressource Group
I want to integrate xero with c# windows service application.
I did not find a simple code snippet to connect xero with c#. I don't want any user interaction while authorising the user with xero.
I found the code below but it redirects me to xero login page to authenticate and then generates the verification code, how can I avoid this and go ahead because in windows service I will not have any gui to enter verification code.
using System;
using System.Linq;
using System.Windows.Forms;
using Xero.Api.Core;
using Xero.Api.Example.Applications.Public;
using Xero.Api.Example.TokenStores;
using Xero.Api.Infrastructure.OAuth;
using Xero.Api.Serialization;
namespace XeroIntegrationTest
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
ConnectXero();
}
public void ConnectXero()
{
try
{
// Public Application Sample
var user = new ApiUser { Name = Environment.MachineName };
string consumerKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
string consumerSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
var public_app_api = new XeroCoreApi("https://api.xero.com/api.xro/2.0/", new PublicAuthenticator("https://api.xero.com/api.xro/2.0/", "https://api.xero.com/oauth/RequestToken", "oob",
new MemoryTokenStore()),
new Consumer(consumerKey, consumerSecret), user,
new DefaultMapper(), new DefaultMapper());
var public_contacts = public_app_api.Contacts.Find().ToList();
} catch (Exception ex)
{
MessageBox.Show(ex.Message + ex.StackTrace);
}
}
}
}
But it generates
oauth_problem=permission_denied&oauth_problem_advice=The%20consumer%20was%20denied%20access%20to%20this%20resource
error.
Hope someone will help me.
You need to integrate with "privateKeyAuthendicator" method.
To do this :
1.Create Private/Public Key using below link
https://developer.xero.com/documentation/api-guides/create-publicprivate-key
2.Create ConsumerKey and ConsumerSecret
3.Include Key file into your project folder
4.Use below code snippet to access Xero
var private_app_api = new XeroCoreApi(_xeroSettings.Value.Url, new PrivateAuthenticator(privatekeyFilePath, privatekeypassword),
new Consumer(consumerKey,consumerSecret), null,
new DefaultMapper(), new DefaultMapper());
You need to integrate using the "PrivateAuthenticator" method. The method you are using is the public one and uses a different authentication process which is not suitable for a windows service.
To do this:
Visit the Xero developer portal
Go to the "My Apps" section
Select "Add Application"
Select "Private" from the radio button options (this is important)
Generate a Private/Public key combination (google how to do this)
Follow the code samples in the readme for setting up a connection using the PrivateAuthenticator method