I have created an add-in and Azure app similar to that shown in the Graph API/Add-in example docs - https://learn.microsoft.com/en-us/graph/tutorials/office-addin.
All is working well when the add-in runs in Excel (making sure the add-in can run in Excel and using an Excel manifest) and the call to OfficeRuntime.auth.getAccessToken returns the api token.
If I run the add-in in Outlook (after changing the add-in to run in Outlook and using an Outlook manifest) I get an error:
getAccessToken error: {"name":"Error occurred in the authentication
request from Office.","message":"An unexpected error occurred in the
client.","code":13006}
With Outlook I notice that two calls are made that aren't with Excel.
(1) https://outlook.office.com/owa/service.svc?action=GetAuthenticationUrl&app=Mail&n=104
Response:
ResultCode 0
WebSessionType 0
AuthenticationUrl
"https://ccs.login.microsoftonline.com/ccs/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c75b3cd3-db77-0845-413d-d1890fe17698&protectedtoken=true&tokenenvelope=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637823342196948067.4c7773c4-3cd6-4e00-8bd9-ccd655dda53e&state=FcfBDYAwCEBR1DgOBguFdgH3qNCbN_dPxMNP3l8AYMvWbKFf-zWedybAlK0VZiln1y6N1A5xM2MXZA9FmUTY7ujoubVGjMrzAw"
ImplicitGrantAuthorizationUrl ""
(2) https://ccs.login.microsoftonline.com/common/oauth2/authorize?...
Response:
404 Not Found
I don't know why Excel and Outlook are behaving differently except maybe because of the manifest setup.
For Excel there is this:
<VersionOverrides xmlns="http://schemas.microsoft.com/office/taskpaneappversionoverrides" xsi:type="VersionOverridesV1_0">
....
<WebApplicationInfo>
<Id>123</Id>
<Resource>api://localhost:3000/123</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>profile</Scope>
<Scope>access_as_user</Scope>
</Scopes>
</WebApplicationInfo>
....
For Outlook there is this:
<VersionOverrides xmlns="http://schemas.microsoft.com/office/mailappversionoverrides" xsi:type="VersionOverridesV1_0">
<VersionOverrides xmlns="http://schemas.microsoft.com/office/mailappversionoverrides/1.1" xsi:type="VersionOverridesV1_1">
....
<WebApplicationInfo>
<Id>123</Id>
<Resource>api://localhost:3000/123</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>profile</Scope>
<Scope>access_as_user</Scope>
</Scopes>
</WebApplicationInfo>
....
To use SSO with an Outlook add-in, you must enable Modern Authentication for the Microsoft 365 tenancy. For information about how to do this, see Exchange Online: How to enable your tenant for modern authentication.
To use SSO, your Outlook add-in will need to have a server-side web API that is registered with Azure Active Directory (AAD) v2.0. For more information, see Register an Office Add-in that uses SSO with the Azure AD v2.0 endpoint.
Note, a new Single Sign-on (SSO) service will replace the existing one for Office Add-ins that are used in Office on the web. This new service is aimed at providing better reliability and supporting additional environments where Office on the web is used. This only applies to add-ins for Word, Excel, and PowerPoint. Outlook Add-ins are not impacted by this new service roll out. Read more about that in the New Single Sign-on service for Office Add-ins rolling out in Office on the web article.
Finally, I'd suggest creating a new add-in for Outlook from scratch and check whether it works as expected.
Related
I am trying to access the Outlook mail to manage it through powershell script and it works fine but when script tries to access the content of mail,outlook is asking for permission to allow access to script.Is there any way so that I can allow only my script to access the Outlook mail content.
Most probably you get a standard security prompt in Outlook when accessing some sensitivity properties from the Outlook object model.
There are several ways for suppressing such prompts:
Use a third-party components for supressing Outlook security warnings. See Security Manager for Microsoft Outlook for more information.
Use a low-level API instead of OOM. Or any other third-party wrappers around that API, for example, Redemption.
Develop a COM add-in that has access to the trusted Application object. And then communicate from a standalone application with an add-in using standard .Net tools (Remoting).
Use group policy objects for setting up machines.
We have CRM 2016 On-premise (IFD Configured) and SharePoint 2016 On-premise (with SSL) . We are trying to enable server based SharePoint integration for this.
The place where we started was from the Microsoft article https://technet.microsoft.com/en-us/library/dn949332.aspx#BKMK_Setup
Now we are struggling with the running the powershell command on the CRM server
.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\CRMAsyncService -storeFindType FindBySubjectDistinguishedName
It gives the error
The service accounts are given permission on the Certificate.
Could be a basic question- but from the powershell command that has to be run, would that need a new pfx file or does it have to be the certificate that was used while configuring IFD for CRM?
Ignoring this error tried enabling the SP integration but it popped out an error saying site Invalid (and no more details). Event viewer pointed to CRM Plugin error on 'ValidateSharePointSite'
We have identity server V3 used inside my web application. We would like to use same identities to communicate with sharepoint 2016. Any repository or doc available on how to implement single sign on for sharepoint 2016 and Identity server V3 ?
You'd have to research how to get sharepoint to use IdentityServer as its identity provider.
I prototyped SSO in a test SharePoint 2010 environment a few years and used the links below for assistance. Some of the information may be outdated but I think the relationship between the STS (which in this case would be Identity Server V3 - Thinktecture) and SharePoint has not changed.
I am currently setting up SSO with our SharePoint application as well as other applications. I am using Azure Access Control Service (ACS) to act as a repository for all of the Identity Providers we would like to use. The providers are Facebook,Google,Windows Live ID and LinkedIn. ACS allows you to add custom Identity Providers as well. We have a CRM application that we currently authenticate against within our SharePoint application using claims and forms based authentication. This will be a custom identity provider defined in ACS. I am beginning to work with Thinktecture to be the identity provider that will sit on top of our CRM application. Users will then be able to login to SharePoint with any of the identity providers specified in ACS. We will see how it goes but I believe this will work. I would start with the General HowTos to using STS in SharePoint link.
FederationMetaData.xml editing
http://stsmetadataeditor.codeplex.com/documentation
http://social.msdn.microsoft.com/Forums/is/Geneva/thread/c0791595-2e0d-48cb-82f0-8e0f0bc1809a
http://jefferytay.wordpress.com/2012/05/03/windows-identity-foundationupdating-an-expired-issuer-certificate/
Regarding the "The issuer of the token is not a trusted issuer" error message.
search string - sharepoint 2010 The issuer of the token is not a trusted issuer
http://social.msdn.microsoft.com/Forums/en-ZA/sharepoint2010general/thread/f7dbbf1b-f616-4b24-ae0c-e8c76aa300d5
FedUtil.exe Information
http://msdn.microsoft.com/en-us/library/ee517284.aspx
General HowTos to using STS in SharePoint
http://msdn.microsoft.com/en-us/library/ff955607.aspx
I am trying to build a web part to be hosted on SharePoint online (part of Office 365). I want to use Entity Framework to connect to a DB in SQL Azure. Is this even possible? I tried deploying one solution, but I get very unhelpful error saying "Web Part Error: Sandboxed code execution request failed.".
Anyone get this combination working?
I found out that this is not possible. The reason is due to the restricted permissions in the Sandbox and cannot use a proxy to bypass that. The only way to access SQL Azure from within SharePoint online in Office 365 is via a web service exposing operations on the entities residing in SQL Azure. I am currently investigating that approach and once I have more info, I can update this answer.
Update 7/27: Using a web service serving SQL Azure data, we can integrate SQL Azure with SharePoint. The component in SharePoint that enables this integration is called 'Business Connectivity Services'.
More can be found here: http://blogs.msdn.com/b/donovanf/archive/2012/06/25/office-365-o365-business-connectivity-services-bcs-hands-on-lab-wiring-up-o365-bcs-to-a-windows-azure-service-for-office-2010-and-sharepoint-online-solutions.aspx
I`m developing install application via Installshield Basic MSI Project
I have a little problem when granting "Log on as a service" permission
(Control panel -> Administrative tools -> Local Security Settings)
In Windows server 2003, NTRights.exe works fine.
In Windows server 2008 and 2008 R2, NTRight.exe also works fine but "NTRights.exe" is just part of "Windows server 2003 Toolkit"
I want to use another method.
Can Anyone do same thing using another way?
In a Service Panel, I have to set Logon account and password using end user input.
But Installshield supports just fixed id, password. It cannot be used.
How can i do this to set logon account?
Logon account information should be provided during installation
Check out this article. Once you understand it, just change it up a bit by using information from the second link.
Augmenting InstallShield using Windows Installer XML - Certificates
User Element (Util Extension)
Another approach using a WiX DTF custom action can be found at:
Different year, Same Problem...