My company has an internal application where I need to pull/display pictures of all the employees from office 365 with out user intervention.
From what I read online I think I need to call Microsoft graph getphoto API in daemon application to achieve this as per this link (https://developer.microsoft.com/en-us/graph/docs/authorization/app_only).
Will this be a right approach? If yes please point me to any C# sample codes related to this.
Appreciate your responses.
Yes, this is exactly the type of application you will want to build. App-only (machine-to-machine) authentication should be used anytime you don't need a user present to execute functionality.
You can take a look at the ASP.NET Core App Only sample to get a sense of how to register and set up your app to use app-only authentication. The sample goes on to use this access token to set up webhooks, but you can replace this logic with your custom code. You will want to select the scope User.ReadBasic.All to have access to users' profile photos.
Related
There are many tutorials how to add principal for specific app manually for admin, like this:
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
And it is okay it works. But is there a way to grant this principal with an API call instead of manual setup? It will still be requested with admin bearer token so it should have all permissions to set it up, but I can't find any way to do it.
There is a way, where if I have another app registered in my tenant with FullControl permissions it can use an API to give principals for other apps like this: https://learn.microsoft.com/en-us/graph/api/site-post-permissions?view=graph-rest-1.0&tabs=http
But I can't have another app and don't want it, I just want to use admin credentials to add an app principal to write to one specific SharePoint page with some API call so I can later control files in the site with my app. Is there a way to do it?
In short, the answer is NO.
When we use an admin account to sign into appregnew.aspx page, in fact we are using an app / principal which is created by Microsoft to get the access token which can be used to create your SharePoint App-only principal.
This official scenario is consistent with what you said you need to create an app first, and then use it to configure another app.
Therefore, it is expected. I'm afraid we can't bypass the first app creation for configuring other apps.
I have an Application registered in Azure active directory, i am using c# and 'Microsoft graph' to get all my documents and other stuff from the sharepoint sites.
Now, since i wanted to use only one team site to get all my needs, i wanted to know if there is any way to restrict use of only one team site in one aad application.
There is a user vote about this issue: here. Microsoft claims to be working on it.
As far as I know, it can not be implemented in azure ad microsoft graph. All of the permissions are for "all site collections". So if you want to implement this requirement, you can just do it by code.
I would like to get the photos of my users from outlook and store them in my database. I want it to be done automatically by the programm with no user interaction required, because i know their email and password.
I´m trying to use this guide:
https://msdn.microsoft.com/en-us/office/office365/api/use-outlook-rest-api#UseaclientlibrarytoaccesstheOutlookRESTAPIGetanaccesstoken
I have already registered my website (.NET MVC 5), but I don´t know how to do the authentication and access token part, because half of the links of the guide don´t work and i can´t find any helpful tutorial / code snippets somewhere else.
I´m deeply grateful for any help.
Instead of using Office 365 REST API, we can use the Microsoft Graph.
And since you don't want to the user participate in the authentication, you can using the Client Credentials Grant Flow which permits a web service (a confidential client) to use its own credentials to authenticate when calling another web service, instead of impersonating a user.
Here is the REST API to get the photo for a specific user for your reference:
GET:https://graph.microsoft.com/v1.0/users/user1#yourdomain.onmicrosoft.com/photo/$value
The app requires one of the following scopes to request the photo of user:
User.Read; User.ReadBasic.All; User.Read.All; User.ReadWrite.All; User.Read
And refer to here to register the app using the Microsoft Graph API.
It would be great if somebody could help me with strategic input, how to achieve my goal:
I wrote a C# Desktop Application (WPF)
I have a Google App Engine Project, which delivers Data for an Android App
Now my Desktop Application needs to pass some Data to my App Engine Application. Therefore, the Application must authenticate as Owner of the App Engine Application. As, all other Google Methods are deprecated, I have to go heading OAUTH2 to let my Desktop App authenticate itself as owner.
Therefore I have to register a project at Google Apis Console.
BUT:
I dont need any Service(s) of the listed Google APIS (Maps, ...), because to authenticate as Owner, its absolutely enough to sign in to a Google Account (GmailAccount, Google Account, whatever). This lets my App Engine App recognize me as Owner.
I would appreciate advice about:
Should I register a project without Service just to Sign In via OAUTH2?
(Is this possible?)
Sign in to another Service (means, taking the easiest way, just to be able to authenticate as Owner) seems not to be very "clean" sollution. Is this right, or should I go this way?
.. I also read about Service Accounts, but dont want to use this, because I want to be able to manipulate my app also via my "Human"-Account via any Webbrowser.
Thanks for any advice!
You can provide Google OAuth sign in without using any of Google's other services. Your OAuth client would just have an empty scope. You should be able to get the basic user info and email (so you can figure out who is who by something other than full name) without enabling any services as well.
You will still need a way to flag that you are you in your app (probably just hardcode your email in your app, then check it against who authenticates with OAuth would be the easiest)
i am developing a notification service in c# for our web site. its windows service no ui (asp.net / winform). This service will run on certain time and post something on users wall. i use social plug-in in our web site where user can grant required permission. Based on this i have few question
1) is there any c# library or sdk available for Facebook.
2) what information i have to store in order to access facebook offline.
i hope my question is clear. thanks for any help.
Update 1: i really need help on this. thanks once again.
There is a facebook API that can be used, http://developers.facebook.com/
You can't access facebook offline? I mean, if you wanted to save current information while online and then re-access the old information while offline that is possible just by saving the webpages, but you cannot access any new information. so your not really accessing facebook..
You'll need the user to log in, and there's a permission you can request that makes the session you get permanent. You'll have to have some kind of installer or something that will have the user log in, grant that permission, and then you'll save that access token. UI-wise, look at digsby, and notice how they make you log in to facebook the first time you link your facebook account.
i found this one and its helpful
http://blog.theunical.com/facebook-integration/simple-5-steps-to-publish-on-a-facebook-wall-using-dotnet-c/