I'm trying to create an ASP.NET application to access files store on a Office 365 sharepoint site. The files are public and anybody can download them. I look at the Office 365 api but from what I can tell, you need to be able to login before the application can call the api.
Is there no way to set the credential in the web config and make it so that the application can get the file for everybody? Since the files are public, most users will not have an account.
I cant be categorical, but Office 365 uses Federated Identity which requires a user to be present; you dont pass credentials to it - you pass a callback "pointer" URL which it calls you back with. The user types their credentials into Office 365 not into your application - so you cant pass credentials to Office 365/OneDrive.
Related
I've a web application where i have used office 365 login (for sharepoint) to authenticate the user and then redirect to my web application.
Now i want to access the logged in office 365 user's calendar and add events, get list of calendars etc.. I've looked into office 365 API but it uses OAuth2 authentication which i don't want to go for.
So i went for ExchangeService API but it needs the NetworkCredentials of the user, which means i have to add the username and password for each user, which is not possible.
Is there any way i can use the logged in office 365 user's details and access the calendars and events?
The best way to access Office365 resources like mailboxes, calendars, contacts etc. is by using Microsoft Graph.
There are many SDK and code samples to start developing with Graph API. Here is a guide for ASP.NET MVC app.
I am learning about Azure AD and Office 365 and I am wondering if the following is possible and if so, how to go about doing it since I am confused on a few aspects with documentation:
Say a company, CompanyA, has Office 365 for users of their org. These users use Exchange/Outlook and Office to sign in (Office desktop) using their Office 365 creds.
CompanyA has Active Directory hosted internally but they are planning to use Azure AD Connect Sync to sync all objects in AD into the Azure AD so things like password changes are synced (and user objects) between the cloud and internal network.
Is there a way to use their Office 365 creds to log into their network systems and sync to AD or perhaps link the Azure AD to their Office 365 accounts so they can log into the computers using their Office 365 creds?
Question 2 is below (the real question I had!):
Now, there will be a custom app hosted both internally but also externally (possibly in the Azure cloud). The app could be a desktop app or a web app or some service.
Is there a way for the apps to authenticate against Azure AD/Office 365 to ensure that the user logging in (using their Office 365 creds) is successful? Is there an automated way without a popup dialog so everything is done programmatically via the API's using C#/.NET Framework?
Thanks!
When you reference Office 365 credentials you are already talking about Azure AD. Every Office 365 tenant has an Azure AD instance backing that is the store for user accounts and credentials. Please sees the following article for a detailed description:
https://support.office.com/en-us/article/Understanding-Office-365-identity-and-Azure-Active-Directory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9
You are currently the model referred to as Cloud identity. It sounds like you want move to Synchronized identity or Federated identity.
If you configure your Azure AD Connect installation to synchronize to your Office 365 tenant (by giving it a Global Admin from the tenant during setup) then you will effectively have the setup you want with premise ADDS credentials synchronized with your Office 365 (Azure AD) credentials.
However, since there is an existing tenant with accounts that you want to match with on-premse accounts, you will need to communicate this with your users in advance and also read up on how the soft matching works when synchronizing to an Azure AD with existing accounts.
This KB article should get your started: https://support.microsoft.com/en-us/kb/2641663
If done properly, the end result will be as follows:
User accounts and password changes are managed from your on-premise AD.
Password changes happen on premise and are synchronized with your Azure AD accounts that are matched to premise accounts
You will not be able change passwords from Office 365 and have those changes reflected on-premise unless you enable Password Write-back which requires a an Azure AD Premium subscription.
Users will login to domain resources using their AD credentials, which match their Office 365 credentials in Azure AD
At this point you will have moved to Synchronized identity. This is required to take the next step to Federated identity so you will want to get to this stage either way. I would not take the next step to federated until you fully understand the implications of that model.
Regarding part 2 of your question, there are multiple libraries that can add authentication to Azure AD to your custom applications. This page has a list of libraries by language:
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-authentication-libraries
I'm trying to use the Office 365 api inside a Windows Service to link e-mails to in-house projects.
I've been able to authenticate myself using the Office 365 API documentation
Although I have some problems/questions.
First problem:
await outlookClient.Me.Folders["inbox"].Messages.ExecuteAsync();
Isn't working for me, I don't get any response, even after 5 min...
Another question is:
Is it possible to never ask for the office365 credentials when starting the program?
Because this is running in a windows Service.
Did anybody successfully implement this?
If so: Is it possible to get a full working example?
I've been trying different things now, but much examples are for asp.net of other where an authentication is always required.
I haven't done a service specifically, but it should work if you use the client credential auth flow.
That flow would give you the unattended scenario you want for a service. However, there does have to be consent at some point. The way it works with client credential flow is you would have a signup web page. An administrator from the Office 365 org would go that page and login and grant consent to your app. This would be a onetime thing. Your app would then be able to get a token silently that grants access to all mailboxes in the organization.
When a user runs an on-demand workflow in Microsoft CRM 2011, is it possible to access their credentials?
I am creating a custom workflow activity designed to access a sharepoint server with shared Active Directory accounts. I would like to be able to use the user who runs the on-demand workflow's credentials for Sharepoint authentication. Is it possible to access these credentials in custom code? If so, how (C# if possible)?
Unfortunately it is possible to get the credentials but you won't be able to use them to authenticate to the Sharepoint Server, at least in the online versions.
We had a similar scenario but in the end we had to use a special user to do all the work in sharepoint, we were triggering the code with a plugin and using the REST Endpoint to do the work.
You can access the the User Credentials from the localContext, but you won't be able to retrieve the password.
Is your environment onpremise or online?/
Really getting frustrated at this. My company is using Outlook 365 for its Exchange services. I am trying to automate sending of exception emails from the client via exchange. However all of the literature on the subject seems to show that I have to provide a NetworkCredential with plain text username/passwords somehow. I am hoping to connect using the logged in user's account.
From an infrastructure point of view, I understand that Office 365 is authenticating users via ADFS, which is why bog standard negotiate is not working. It would also make sense that this is why I need the plain text password. However it would seem to me that there should be no reason why Kerberos style auth would not work.
In summary, is there some programmatic way to send emails via Outlook 365 without encoding privileged information into the application either the source or the config?
Thanks
Generally, if you can login to the Office 365 Live with Internet Explorer without providing username\password than you should be able to get the NetworkCredintials for the currently logged in user with CredentialCache.DefaultCredentials.