I'm trying to create a client-server application, with authentication through Office 365. I`ve chosen this way: client send login/password to server and server just check if they are correct.
I dont know how to create such checking of login/password.
I have found some OAuth samples, but they are all about authentication in apps, created for services like Twitter,Facebook etc. This is the way they are obtain consumer key and secret.
I have aslo found how to sign in programmicaly with help of PowerShell or WebClient class, but that is just signing in, how would i know in login/password are correct?
Maybe those are very close to what i want to do, but i can not change and tie them to my programm. Please, help me with that.
What's your goal? To build an app that works with Office 365 assets? If yes, look for Apps for SharePoint. If no, then look for Windows Azure Directory Services and Access Control Services—that's the authentication and user management engine behind Office 365.
Try the following solutions:
http://blogs.msdn.com/b/cjohnson/archive/2011/05/14/part-2-headless-authentication-with-sharepoint-online-and-the-client-side-object-model.aspx
http://blog.kloud.com.au/2013/03/24/sharepoint-online-web-service-authentication-using-wcf-client-side-behaviour/
Related
I have an Application registered in Azure active directory, i am using c# and 'Microsoft graph' to get all my documents and other stuff from the sharepoint sites.
Now, since i wanted to use only one team site to get all my needs, i wanted to know if there is any way to restrict use of only one team site in one aad application.
There is a user vote about this issue: here. Microsoft claims to be working on it.
As far as I know, it can not be implemented in azure ad microsoft graph. All of the permissions are for "all site collections". So if you want to implement this requirement, you can just do it by code.
My company has an internal application where I need to pull/display pictures of all the employees from office 365 with out user intervention.
From what I read online I think I need to call Microsoft graph getphoto API in daemon application to achieve this as per this link (https://developer.microsoft.com/en-us/graph/docs/authorization/app_only).
Will this be a right approach? If yes please point me to any C# sample codes related to this.
Appreciate your responses.
Yes, this is exactly the type of application you will want to build. App-only (machine-to-machine) authentication should be used anytime you don't need a user present to execute functionality.
You can take a look at the ASP.NET Core App Only sample to get a sense of how to register and set up your app to use app-only authentication. The sample goes on to use this access token to set up webhooks, but you can replace this logic with your custom code. You will want to select the scope User.ReadBasic.All to have access to users' profile photos.
I am using ADAL in order to log in to my app which is being made in Xamarin.Forms against Azure AD. That is all working fine, however I now want to be able to register a new user and to do this need an access token to pass to the constructor of one of my methods.
However, as the user hasn't yet been registered, I need to be able to get an access token from Azure AD without actually supplying any user credentials. I have been told that in a normal web app, I'd be able to send the client id and app key so that Azure AD would know who I was and then send me back an access token but I can't figure out how to implement this in a cross-platform Xamarin app.
If anyone has come across this before, your help would be greatly appreciated.
Thanks.
Use of an app key in a native application is not recommended, regardless sof the dev stack you use to implement it. The reason is that generally devices should not be trusted with secrets. Furthermore, secret distribution is complicated (you can't embed it in the app code).
As a result, ADAL for Xamarin (and all the other flavors of ADAL meant to be used in native apps) does not expose any method for acquiring tokens with an app key.
From a antive app you really need to bootstrap secure communication with a user identity. Once you have that, you can do all sorts of interesting things on the server side (e.g. you API can, given that is running on the server, obtain tokens as an app).
HTH
V.
It would be great if somebody could help me with strategic input, how to achieve my goal:
I wrote a C# Desktop Application (WPF)
I have a Google App Engine Project, which delivers Data for an Android App
Now my Desktop Application needs to pass some Data to my App Engine Application. Therefore, the Application must authenticate as Owner of the App Engine Application. As, all other Google Methods are deprecated, I have to go heading OAUTH2 to let my Desktop App authenticate itself as owner.
Therefore I have to register a project at Google Apis Console.
BUT:
I dont need any Service(s) of the listed Google APIS (Maps, ...), because to authenticate as Owner, its absolutely enough to sign in to a Google Account (GmailAccount, Google Account, whatever). This lets my App Engine App recognize me as Owner.
I would appreciate advice about:
Should I register a project without Service just to Sign In via OAUTH2?
(Is this possible?)
Sign in to another Service (means, taking the easiest way, just to be able to authenticate as Owner) seems not to be very "clean" sollution. Is this right, or should I go this way?
.. I also read about Service Accounts, but dont want to use this, because I want to be able to manipulate my app also via my "Human"-Account via any Webbrowser.
Thanks for any advice!
You can provide Google OAuth sign in without using any of Google's other services. Your OAuth client would just have an empty scope. You should be able to get the basic user info and email (so you can figure out who is who by something other than full name) without enabling any services as well.
You will still need a way to flag that you are you in your app (probably just hardcode your email in your app, then check it against who authenticates with OAuth would be the easiest)
I'm building an aggregator for Twitter and Facebook. Via my website users should be able to grant the app access to their Facebook and Twitter profile.
Then, my C# app will, at regular intervals, check the networks (or stream from) for new posts/likes/tweets related to that user and store the result in a database. I will not use Facebook and Twitter as an identity provider for my website.
Now my question: what library should I use best to accomplish the connection with the social networks? Can I use dotnetopenauth for this? Or are there better solutions?
I should also be able to extend the library and add whatever social network later on.
It is probably a very basic question, but I get confused due to all the possible libraries and options. I tweaked a small and simple OAuth class to connect to Twitter, but this was only capably of OAuth 1.0...
Yes, DotNetOpenAuth can help you with this. But you might want to double check the Facebook terms of service, as I thought they forbade any persistence of the data you download from them.
It is indeed possible to do so with DotNetOpenAuth, I know this because I am working on something similar. Already have it working like a charm with Twitter, working on the Facebook link at the moment. Seems like Facebook is going to give me more trouble then I expected at first.