I'm trying to create an Outlook add-in using Angular 7 that can access all the users in my organization with Microsoft Graph API. In order to do that, I need to authenticate the current user and get an access token for calling graph API. I am planning to do the authentication using Single Sign On (SSO).
I read the documentation and didn't find any solution to my problem. My current add-in doesn't have a back-end, just a front-end.
This will only work with Office add-ins in Preview right now and requires you to have a server side component and an Azure AD registered application. There are detailed steps on accomplishing that here for asp.net and nodejs. There is no examples with Angular though unfortunately:
https://learn.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins
Related
I'm currently working on a SharePoint and I'm looking to implement a page that tracks which user read which document/ viewed a file.
Would I need to use Powershell or is there a plugin app on the SharePoint store?
Users' activities in SharePoint Online is a part of Office 365. The first step you need to do is to enable Audit Logs feature: https://learn.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance.
Then you can retrieve audit logs by using Microsoft Graph API (it's not Powershell script but hopefully you can find some ideas from it): https://blog.kloud.com.au/2019/01/18/retrieve-office-365-audit-logs-using-office-management-api-and-azure-functions/
I am trying to create a secured .Net web API application that is used to call Azure Ad Graph API's crud operations. I don't see any sample applications in GitHub? Is there any such example available anywhere?
You can use this sample that demonstrate the On-Behalf-Of flow - which can be used to call any downstream Web API, including Microsoft Graph.
More information about the On Behalf Of flow here
I have hosted my REST services on API management and consuming those in the Azure Web app service which consists of only HTML pages, javascript files and CSS files.
I would like to know how to restrict accessing the REST endpoints of the API management only from the web app without Azure AD and OAuth setup.
Client side application sources are by design available in clear text to anyone using it. Any user can open developer tools in browser and look at code you've written to make app work. So even if you secure your REST API with some secret and use it in app code to talk to that REST API anyone in the world will be able to take that secret our of the app and call your REST API directly, and you would have no way to distinguish their calls from calls made by your app.
OAuth and AAD would work to a certain extent but even they allow you to authenticate user, not the app. Same user can easily trace calls made by your app to REST API and reproduce them in any other app, and you again would have to way of figuring that out.
I think your best bet is to throttle calls made by a certain user identifying it any way you want (even if by IP address).
You can use Certificate authentication from web app to api management. The ssl certficate thumbprint on you web app you can validate in api management policy.
I'm creating an iPhone application that uses salesforce as it's server-side data component, I need to access the database from the application to retrieve data for whichever user logs into the app, to do this I need to authenticate with Sales force.
I'm using the Rest API Template that was available in XCode after installing SalesForce, but I keep getting this:
Is there any way I can login to salesforce programmatically? I'd like our use of Salesforce to be 'behind the scenes' so to speak, so that our users never have to directly interact with salesforce themselves, is there any way to do this?
That looks like the OAuth challenge. You should be able to bypass this by providing a Session Id. In order to get a Session ID, you have to login with the user's username and password. You can use the SOAP API for this.
Yes you can do the login behind the scenes.
Follow this Self login in Salesforce API in iPhone?
I was stuck with the same issue and finally figured it out.
Has anyone written a secure token service that wraps the Facebook connect API that they are willing to share?
We are considering this as an alternative to using Azure ACS.
Sign into SharePoint 2010 with Facebook using a custom STS shows how to integrate the Facebook part with a custom STS. You can pretty much ignore the SP 2010 part (unless that's what you are using?).
Also, have a look at Startersts. Not specifically about Facebook but it does have a sample on how to build a bridge between OpenId and WS-Federation.