I need to manipulate programmatically emails on exchange online mailbox from windows service APP. The company use ADFS based authentication to Office365 and exchange online. What is the best and easiest way to authenticate and get connection to a mailbox in this scenario? There are many posts and articles but they are very confusing. Any code examples will be appreciated.
After deeper investigation looks like best way to go is to use EWS - exchange web services https://msdn.microsoft.com/en-us/library/office/jj900168(v=exchg.150).aspx . Works pretty well.
Related
I cant seem to find the relevant resource for learning this. I am trying to achieve a simple login for my C# application where users will be required to authenticate to use the application, and such the users account level would determine what can be accessed inside the app.
Lets say i have a forum and i want my users to authenticate via the application using the forum credentials, is this possible? what should i know about Security and how is this accomplished?
My thoughts would be i should be able to authenticate using some kind of SQL library? though i am new to C# so i might not be on the right track here.
Thanks for your suggestions.
To authenticate with a web site (forum) you need something like OAuth, see this guide for example. The website needs to provide OAuth.
Authenticating with a web site that was not explicitly designed to support an app client is not really possible, at least not correctly.
My scenario is that I have to expose some API over WCF to third party clients. I wanna use the most secure option. Ideal solution would be making a windows account for each client in my server active directory and letting them access the service with Transport & Message security and Client credentials username. So I could ask the client to provide username and password and use windows group policy to role base authorization.
Since this is an internet facing WCF service, I'm not sure I could use windows accounts??? Should I be using database solution to manage usernames, pwd and roles?
Should be able to consume from .NET clients as well as Java clients. Third party clients could be anything that can consume soap.
What's the best security option to this scenario? VPN is not an option as this totally should go over internet. Your help is very much appreciated.
It sounds like what you need is some kind of a token based authentication setup. Microsoft seems to publish the best material in the game for this kind of thing. You can find their articles here and pick the scenario of security that most closely matches your needs:
Microsoft WCF Security
you can use ASP.net membership with form authentication for your service.
using windows authentication for internet facing service is not a good idea.
for more information:
How to: Enable the WCF Authentication Service
Windows Communication Foundation Authentication Service Overview
Securing WCF with Forms Authentication
I am looking to write an auth service using Web Api, and SQL Server for authenticating and authorizing users on my .net site, but ios and Android apps as well. I'm speculating that basic authentication over SSL is the easiest way to go, but I'm pretty new to this whole section of .net. I'm having trouble finding some clear tutorials that explain how to write such a service. Can anyone point me to some resources on how to do this? I'd appreciate it.
I think you need to look OAuth implementation in .NET.
Here is a video to give you some background on Web API security.
I also suggest getting a trial subscription to Pluralsight training and check out the courses on Web API security.
You may want to target the latest release of Web API 2.0 from Microsoft, it has the most features you'll need.
I think this might be useful for you:
http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api
I writing a WCF service that is hosted in Azure as a (PaaS). The service in turn needs to talk to Sharepoint 2013 Online/Office 365.
I was looking at using the Sharepoint Client object model to talk to it, but keep getting the following error: "The remote server returned an error: (403) Forbidden"
When we login to access the SharePoint instance through a browser it usually takes you to https://login.microsoftonline.com/login.srf so you can log in using a Live Id. The problem is we are using a federated account and not a Live Id, and therefore get redirect again to a adfs site to login .
I've looked at a code sample at http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx that is using claims based authentication, but this always fails with an "Authentication Failed" message when trying to retrieve Saml Token.
If I understand this correctly. One way of doing this is to get the Saml Token, pass this to SPO, which will in turn return two cookies which I need to include in the requests made with the Client object model. Problem is I'm not finding any proper examples on how to authenticate using the Federated account in C#.
Can anyone point me in the right direction, as to how I might proceed authorizing my WCF service to talk to SharePoint.
Sorry if this is in the wrong forum. I'm not exactly sure whether this is an Azure issue or just SharePoint as I'm pretty new to both technologies.
Try the following blog article. The ability to access the Office 365 API was just announced last month and the ability to call this from your web service is pretty new. This article is a good tutorial on the subject.
Hi just in case that we registered as an Office365 reseller a few days ago i had to learn one painfull lession: The auth. token you get from sharepoint is only valid for 2 hours! Maybe that will change in Sharepoint 15 who knows...
I thought this could be an valuable hint because there is no known workaround...
Have you tried taking Wictor's sample code and just replacing the login.srf URL with your ADFS login endpoint?
Keep fiddler open as you try this out, and inspect the requests/responses each time, you will probably see more detail as to why things aren't working within the response body that C# hides away in its object model.
Check out this blog post too, on how to get the auth token from ADFS using anything where you can create a SOAP envelope:
http://leandrob.com/2012/02/request-a-token-from-adfs-using-ws-trust-from-ios-objective-c-iphone-ipad-android-java-node-js-or-any-platform-or-language/
I know this is an old post, but using SharePoint Online through an App without using an App Principal may be a violation of your license agreement. You should be using true OAuth and the TokenHelper class that is part of the SDK to use the app model properly.
Use an Office 365 SharePoint site to create an environment where you can use ACS to establish trust between a provider-hosted app and an on-premises SharePoint 2013 farm, just as you would if you were developing apps for an Office 365 SharePoint site.
You can visit the following link for further understanding:
http://msdn.microsoft.com/en-us/library/office/dn155905(v=office.15).aspx
I was getting a 403 while trying to do similar with the SharePoint object model. All I had to do to rectify it was include the user agent.
Answer here Using WebRequest to obtain cookies to automatically log into Sharepoint Online, getting variour errors
Hope it's of some help.
I have an application running on a server that periodically extracts data from Google Analytics. It doesn't issue many queries so I don't think any limit would be a problem.
I have a prototype running, however I had to provide a login a password for the authentication (in code).
I see that I can generate API keys and other kind of authentication bits and pieces in the Google APIs Console, however I am not sure how to use them and whether they can be used in place of the login/password.
It just doesn't seem right to use a user login/password to authenticate a server application.
Is there another way?
(I am using the C# client library)
You should be using OAuth 2.0. See:
http://code.google.com/p/google-gdata/source/browse/trunk/clients/cs/samples/oauth2_sample/oauth2demo.cs
for a sample OAuth workflow.
The best way to do this is with Google Service Accounts
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
However, I don't know off the top of my head the best library for c#, but there does appear to be support for it in the Google library. http://code.google.com/p/google-api-dotnet-client/wiki/OAuth2#Service_Accounts
Here's a answer specifically about the PHP client.
Service Applications and Google Analytics API V3: Server-to-server OAuth2 authentication?