I'm using EWS in a Windows Service to access different users calenders. Since office 365 basic authentication is deprecated I need to add support for OAuth. I followed the steps in this link Authenticate an EWS application by using OAuth and it works fine. However, my application is used by many customers and what I don't understand is what my customers are supposed to do. Do they also have to add my application in their 365 account? I was under the impression that a customer could find my app in a global directory or something, but I can't find any information about it.
Related
I am working on Xamarin.Android app that needs to download documents from SharePoint Online (SPO) in the background thread (using SPO REST API right now). Users should be using an app, while it is quietly retrieving documents from SPO.
I have no experience working with Intune MDM or MSAL library for authentication. Android device is corporate-owned (COD) and enrolled in MS InTune. Is there a way to pick enrolled on-device user details and pass them with requests to SPO?
Options that I am investigating are:
Integrate InTune SDK into app
Use MSAL library with the app registration in Azure portal for authentication
I am trying to avoid using WebView/browser for SSO if possible at all.
It looks like there are no experts here in this field, so after a lot of research and trials I worked out the solution. InTune SDK integration is not required if an Android mobile device is enrolled through InTune MDM, because Microsoft Authentication Library (MSAL.NET) can use Intune Company Portal app (or Microsoft Authenticator) as a broker. Your Xamarn.Android app needs to be registered in Azure portal following these steps https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app and adopting steps in this https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-android-single-sign-on tutorial to Xamarin.Android makes authentication work.
One point to note is that you need to specify and give admin consent for Graph and Sharepoint permissions to read User, Sites and Files.
I am creating a web application that will authenticate users based on their azure ad / office 365 accounts. To log into their computers they use their ad / office 365 account and they will have access to the web app without signing in based on their AD access.
I have tried to follow tutorials to set up this type of authentication using spring and angular:
https://learn.microsoft.com/en-us/java/azure/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory?view=azure-java-stable
Almost all of these guides or docs require setting up the app on the azure ad site, which produces a client id, key, and tenant id for the web application, which can be used with spring security to authenticate users.
I do not have access / permission to create a app registration, but I still need to get the ad userId of the user attempting to access my web application.
There is an existing web application created using asp.net core and angular which accomplishes what I am trying to achieve in java spring. I have tried to understand how it authenticates users but I am still stumped.
In the .net core project a controller makes a call to HttpContextAccessor.HttpContext.Request.Header to grab the userId of the user logged into their office 365 / ad account. This call is made in a controller class.
I cannot post more of the c# code so it will probably be hard to help me understand how it works in asp.net, but if there is any way to achieve what I described above in Java Spring I would love to know.
There is no way to achieve this without registering your application in these users AAD tenant. That's part of establishing trust between your app and the authority (AAD) which does the work of authenticating users. By registering your app id and reply url(s) you tell AAD that it's OK for it to send you user's info.
I want to know if it is possible to use office 365 API to interact with word documents in office 365 (create, update, and download). I have an azure directory setup, but I don't know how to leverage it to access the office 365 api to interact with these documents.
What is the process, if any, for using azure active directory combined with office 365 to manage documents? All of the resources I can find assume azure active directory will be used to handle authentication for a web service / web app. I wish to do this from a console app.
It is not necassary for me to use azure active directory, my only goal is to authenticate and interact with office 365 online word documents, so if there is someway to simply obtain a token directly through office 365 to manage word documents, that will solve my issue too.
You can use both ADAL or MSAL on a console based application and interact with Office documents using Graph API: The OneDrive workload in Graph API allows you to retrieve, download, upload documents from a OneDrive/ OneDrive for Business or SharePoint Document Library.
Below some resources/ samples that you can use as references:
GitHub Sample: Call the Azure AD Graph API from a native client (ADAL) - Sample application to show how to sign-in and query a Graph API in the context of the user and the application
Call Graph from Windows Desktop (MSAL) - A simple guide shows how to call a Graph API via REST on a .NET Desktop app - the same can be done with a console based app.
Service apps - Show more information on how to query AAD (using MSAL) on a context of an application (instead of a user).
I want to create simple WPF desktop or console application which retrieves and shows data from Office 365 Contacts API.
I already have an Azure AD and an Office 365 accounts. I've read the documentation and seen a lot of samples. But they were all about ASP.NET and windows 8.1 and other types of application.
They used OWIN or build-in authentication calls(for windows 8.1).
I think it should look like this:
User presses the button
My application calls a method from "some Microsoft library" and passes as
client_id a parameter. This call will open a new browser window with
suggestion for user to login. User logs in and agrees to provide access to his contacts.
As result of this call I should receive an access token
Be happy and read contacts by using
Microsoft.Ofiice365.OutlookServices.
I'm stuck at the second point of this idea - "some Microsoft library".
Can you suggest which library I should use?
Does something like this exist?
If it would not work in this way, can you suggest any other way to retrieve contacts from office 365 in WPF desktop or console application?
I'm trying to find something that is like this, but works wiht contacts API (not with One Drive) and does not require me to define special BrowserWindow in XAML or C#.
Does this way exist? Or I should implement this functionality by myself?
Additionally I would like to use Office 365 REST API, not EWS.
Yes, you can do this from a Windows app. I'd recommend using ADAL for the authentication. That should provide a browser window for the signin process. You can also use the Visual Studio Office 365 Tools to register your app and get libraries for calling the Contacts API.
I was wondering if the Office365 API supports service level accounts yet. By service level, I mean that a single "service user" (an application for example), can authenticate itself over OAuth2 against our O365 account and access all of our users mail, calendars and files on their behalf.
We're aware that you can do this using EWS (which we have been doing), but we really want to get using O365 REST.
Thanks
Not yet, but we're working on it. Follow me on Twitter (#JasonJohMSFT) or watch our blog (http://blogs.msdn.com/b/exchangedev/) for the announcement.