i could not find any idea of how to implement API over the SharePoint(MOSS) framework.
Could anyone give me a tip please?
What i want to do is create a client application to communicate with the SharePoint.
wanting to implement something like following.
Client send post request to API implemented on SharePoint, API receive a request and do the authentication and create a login cookie.
Client keep communicating with API(with the login cookie), request necessary information and API returns it.
I could not find anyway to hook a program...
Is there anyway to hook a program or implement own authentication mechanism before SharePoint's own authentication is called?
Any alternative approach will be grateful.
Thank you in advance.
Taiga
It sounds like you need the Web Services that ship as part of SharePoint. There is no need to re-invent the wheel by creating your own API.
If your own application runs on a machine with a local SharePoint installation then you can program against the SharePoint Object Model directly. Otherwise use the Web Services interface.
More on Google.
Here you find a fluent API for the SharePoint. FluentSP implements a modern fluent interface around the classic SharePoint 2010 API:
http://www.parago.de/2011/09/fluentsp-the-fluent-sharepoint-api/
Related
I have two web apps in azure one angular 6 the other one is .net core web api. Angular app consumes the apis to get data. Some of these apis are public apis. It means authentication is not needed for them to be called.
My questions is, what the best approaches are to protect these public apis? By protecting, I mean not letting anonymous users to call these apis and abuse data.
In my mind these are what I can do:
CORS, but the problem is postman and other rest tool still can call my apis
Using azure api management? By rate limiting? Is there a better way?
Use some sort of api key but the angular app will expose them anyway.
In my c# app I get user agent, host, Origin of the call and restrict based on those?
Basically I want to restrict anonymous user from manipulating and calling my post apis and push not relevant or duplicate data to my back-end without using any sort of AD as my apis are going to be public. I want only a few authorized app can call my apis.
Please tell me which one of the above are the right one and please recommend a better approach.
P.S: my backend is .net core 2.2,
Thanks
I can recommend below solution,
Host your APIs on Azure API app and import it to APIM. Then Configure IP restriction on API APP using the IPs of APIM. That mean, only APIM can access your API host. or you can implement client certification authentication between APIM and API host.
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates
02.Next enable subscription key/API key on APIM and keep these key on Azure key vault. So you don't need to hard code these keys on frontend. I hope you host this Angular app on Azure. (I am not Angular expert...just check online for docs)
https://learn.microsoft.com/en-us/azure/key-vault/quick-create-node
03.Later based on your scenario, If need you can apply Rate policies.
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-sample-flexible-throttling.md
I am using Firebase, and I want to be able to create a user, get his ID, and then create his profile data.
I can do this using Google.Cloud.Firestore, just the way we do it in Android. However, I want to do this from a C# web application.
I have not been able to find anything that creates an auth user that is callable from C#. How can I do this?
There's this FirebaseUI Widget in javascript which really gives a lot's of auth options out of the box (Google, phone, email/password, etc.), but I need to use my own interface (i.e., the interface required by my client).
There is no SDK for accessing Firebase Authentication from C#/ASP.NET web application.
But there is a REST API for Firebase Authentication that you can call from any platform that can make HTTPS calls, and which has a method to create a user account.
A quick search also lead me to this third-party library by Step Up Labs, but I have no experience with it.
I have a c#-based program that can send messages and files to our SlackWorkspace via my SlackApp (I'm using HttpClient to communicate with Slack).
Now, to distribute this program in my workspace and to make it so that every user will have his own identity, it says that I have to use OAuth and create verification-tokens, specific for each user.
It says in the Slack-documentation I have to use a redirect-URL (as per docs) to my own server.
We have a server that I potentially could use for this. But I have never done anything like this before and I am unclear on what "answer" I have to provide from our server. I thought the verification-process would be handled by Slack.
Anyone has an idea on how to approach this?
And before anyone asks - yes we need to install it for everyone and make them identifiable as themselves. We can't use the "SlackApp" as user. :)
I would be very grateful for code examples(in c#) and explanations on how this whole redirect-thing is working.
Slack uses the standard Oauth 2.0 protocol to authenticate apps, similar to Google and Facebook.
So the "verification-process" is indeed mostly handled by Slack (as outlined here), but your Slack app needs to initiate it and handle the responses properly. Also its a multi-step process and includes the user having to login into Slack with their credentials. This why you need a web app to handle the whole process.
To enable a Slack app to generate tokens via Oauth a web app is needed:
can be reached from the Internet
able to handle HTTP requests like a web server
has persistent storage for the newly generated tokens
This is probably easier to implement with ASP.NET Web Pages, which can utilize many functions from an existing web server.
But for this answer, lets look on an implementation in .NET Core. For that we need to create our own web server and some rudimentary session handling. Main concepts include:
HttpListener class for providing fundamental ability to listen and respond to HTTP requests
Handle multiple requests in parallel
Cookies / Session handling
MD5 hashes
The details go a bit beyond the scope of one answer. But I am happy to share a working example implementation on this GitHubGist.
Btw: For the local development of such a web app its recommend to use a VPN tunnel like ngrok, that allows one to expose a local machine securely to the Internet and Slack.
We have a whole bunch of clients that want us to start using their ADFS to allow their users into our web app using Single-Sign-On.
After reading up on WIF (which seemed to be the solution at first but is deprecated in VS 2013...), OWIN, oAuth, OpenID Connect, I'm completely confused as to the simplest way to implement SSO.
What is the best and simplest technology to use to implement SSO on an existing VS 2013 json restful service written in C#?
Ideally the technology would already be part of .NET.
Are there any code samples or tutorials out there for this scenario?
assuming that you want to consume your service from native clients, I would recommend that you protect your service using Web API middleware (which was already supported via OWIN middleware in VS2013) and implement your clients using the ADAL library. For a post specifically on ADAL and ADFS, see this. For more details on the Web API side of the solution, see this. If you want to target a variety of client platforms, you can find a complete collection of samples (for Azure AD, but easy to modify for ADFS) here.
This can be implemented through WSO2 IS as Relying Party in ADFS. When we will implement this setup the outcome/Income claims will be main source for User Profile load to WSO2IS for authentication and pass the SAML Response to SP(End URL of your application).
Refer the below links to configure WSO2 IS as relying party for ADFS and WSO2 IS configuration too.
https://omindu.wordpress.com/2015/06/19/setting-ad-fs-3-0-as-federated-authenticator-in-wso2-identity-server/
SSO would mean its Active Directory driven, or direct to IIS machine.config authentication instead of a web.config, but also considering the "simplest technology" you've mentioned, then this must be a call for something simple yet you can transform into what you really desire.
With this, we can refer to token-based web services authentication.
Here's a sample project from which I started and able to transform into something else. From here I think you can then change all authentications into AD or DB connect, or even both across your web services.
http://www.codeproject.com/Articles/9348/Web-Service-Authentication?fid=145460&df=90&mpp=25&prof=False&sort=Position&view=Normal&spc=Relaxed&fr=26#xx0xx
hopefully this would help.
I have coded a C# MVC5 Internet application and I have a Web API 2 web service that returns JSON data. I am retrieving this JSON data in an android application.
How can I add a feature to the web service such that only my android application can retrieve the JSON data? I am wanting to do this so that other web users cannot hammer the url and the web service will not send my data to unwanted applications and/or users.
Is this possible? If so, how should I do this?
Thanks in advance.
You have various ways to achieve this in fact.
For example, you can store a key in your android application and use send this key together with the request to your WebAPI. Your webAPI will than check if they key is valid and if it is, it will return the JSon.
However, there's no way to ensure that nobody else can request and get your data. For example by reverse engineering your android application and extracting the key, or by monitoring the network traffic and find the key in there.
You need to understand that there isn't anthing that guarantuees you 100% security.
See it as the following:
You have an open door right now, you can close it little by little, but closing and locking down is not possible. There will always be gap. A house also can't by made burglar proof, but you can make it very hard for a buglar to enter.
Go to this link Web Api. I have used the individual authentication for my web api. When you will register the user the response you will get is access token and use that access token as Authentication header in your ajax call if you are using Jquery ajax to call your Web Api. Refer this The OAuth 2.0 Authorization Framework. Hope this help you.
Are you looking for something like this?
http://httpd.apache.org/docs/2.2/howto/access.html
If you have other web server, there should be appropriate means to support such.