I'm developing a SharePoint Provider hosted Add-ins using CSOM and I'm having Access Denied when sending a email using:
EmailProperties emailProperties = new EmailProperties();
emailProperties.To = emailAddresses;
emailProperties.From = "no-reply#sharepointonline.com";
emailProperties.Body = #"XXXXX";
emailProperties.Subject = viagem.Title;
Utility.SendEmail(context, emailProperties);
context.ExecuteQuery();
[ServerUnauthorizedAccessException: Access denied. You do not have
permission to perform this action or access this resource.]
Microsoft.SharePoint.Client.ClientRequest.ProcessResponseStream(Stream
responseStream) +2911
Microsoft.SharePoint.Client.ClientRequest.ProcessResponse() +1564
The App already has some permissions:
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="Read" />
<AppPermissionRequest Scope="http://sharepoint/bcs/connection" Right="Read" />
I have two questions:
1- What permissions do I need to add?
2- I'm trying to use "no-reply#sharepointonline.com" as the sender because that's the address used in workflows as sender.
Anyone knows what is the default email for email messages in SharePoint Online?
Thanks
Solve it.
1 - Site collection permissions.
2 - I can use the "no-reply#sharepointonline.com"
Related
I have an application created in my tenant that has the following app permissions granted and trusted.
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
Yet when I try and use the REST API to do a KQL search (Keyword Query Language) I get the following error
<?xml version="1.0" encoding="utf-8"?>
<m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
<m:code>-1, Microsoft.Office.Server.Search.REST.SearchServiceException</m:code>
<m:message xml:lang="en-US">Application does not have administrative permissions in tenant</m:message>
</m:error>
Using the following query in Postman
https://mytenant.sharepoint.com/_api/search/query?querytext='sharepoint'&refinementfilters='fileExtension:equals("docx")'
So my questions are :
Why are administrative permissions needed to do a search?
How can I create an application permission that is 'Full Control' + 'Also Search'?
Madness.
To make the app have administrative permissions in tenant, you need to change permission scope to tenant:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
I'm getting the following error when I try to run the powershell script generated by Azure Devops to config my deployment group. How do I fix this.
"The remote server returned an error: (407) Proxy Authentication Required."
It looks like you're behind an authenticating proxy. Powershell isn't great at handling them - some PS commands use the system proxy, some don't. There's several ways of working around it though if you search for that specific issue.
You could try this added to your script (just insert at the start of the script), which takes your current credential/proxy and passes it to the any web requests:
[System.Net.WebRequest]::DefaultWebProxy = [System.Net.WebRequest]::GetSystemWebProxy()
[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
These types of messages are not unique to anything with Azure. It's purely an environmental network issue, that you must implement in your code.
Similar posts have been asked here...
The remote server returned an error: (407) Proxy Authentication Required
... but they actually showed what their code looks like when making a request ...
myProxy.Credentials = NetworkCredential("user", "password", "domain");
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true">
<bypasslist>
<clear />
</bypasslist>
<proxy proxyaddress="myproxy:9000"
usesystemdefault="false"
bypassonlocal="true"
autoDetect="False" />
</defaultProxy>
</system.net>
... whereas you are not. I point you back to the SO rules in my comment.
So, see that SO, to determine if anything in that thread helps you.
Checking the powershell script, you can find it calls .\config.cmd --deploymentgroup ....
So, you can edit it to specify proxy information:
./config.cmd --proxyurl xxx --proxyusername "myuser" --proxypassword "mypass" --deploymentgroup ...
More information: Run a self-hosted agent behind a web proxy
I have a separate rest module named 'x' where I have used spring security with basic auth filter(username and password) in complete module therefore any request hitting this rest services should be logged-in but I have one page for forgot password where I am mapping in the same x module due to this auth filter I am unable to proceed. If I am logged in and going to this page and using the services of x module then its working fine but not in case of logged out users.
I tried these thing for not working
<http pattern="/forgotpass" security="none"/>
<intercept-url pattern="/forgotPassword" access="permitAll"/>
<intercept-url pattern="/forgotPassword" filter="none"/>
--> access="permitAll" does not work since it does permit all url but still it will authenticate with filter
and filter="none" is depricated not even able to start my jar when I put this thing.
security="none" gives 403 forbidden error sometimes or internal server error since I was changing the pattern "rest/forgotPassword" or "forgotPassword".
I resolved my problem by myself.
It was sequence that was having problem with.
I was using <intercept-url pattern="/forgotPassword" access="isAnonymous()"/>
after this <intercept-url pattern="/**" access="hasAuthority('USER')" />
I just order the line by putting "/forgotPassword" url on top of "/**"
Reason: It was overriding the request pattern in sequence it came first therefore it didnt allow to pass because role was missing in forgotpassword
I followed the below link Configure Email Otp to configure Email otp for two step authentication in WSO2 Identity server.
After giving username and password in the login page, we are supposed to be redirected to Email OTP page but we are getting redirected to https://localhost:9443/authenticationendpoint/samlsso_notification.do?status=Error+when+processing+the+authentication+request%21&statusMsg=Please+try+login+again.&SAMLResponse=pZLLbsJADEX3%2FYrR7AN5QZIRGYRaISGVTXksuqncxECkZAaNJ1X7900CETQLNl3a8r332PJs%2Fl2V7AsNFVql3Bu5nKHKdF6oY8p326UT87l8mhFUpX8Wb0hnrQjZ6iXlH2EQRbnvxkmWuBiHUQIhHkKYRp%2BTKSTgcbYiqnGlyIKyKfddL3LcxPH9rReISSCCaBS703fO9j2A3wI0SIrEJTLltVFCAxUkFFRIwmZis1i%2FimZUnI22OtMllxdC0QUattSmAvtY23aK3Dl0owKVLezPn%2BzHciBCYxtoLkudQXnSZGfjewrZX21jwdY0KJ91jmwPZY2Pc6ibvl4%2BR8P%2F57Oo7UktoSgx52N5Bb73GtivkQiOKHfNtgwacXuoDNrF2aGzGXj0gkH7Vvc%2FJH8B.
When we checked the logs, we found the below trace,
TID: [-1234] [] [2017-09-22 13:53:37,664] ERROR
{org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator}
- Unable to get the access token org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException:
Unable to get the access token at
org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.initiateAuthenticationRequest(EmailOTPAuthenticator.java:158)
at
org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:64)
at
org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:466)
at
org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:233)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:175)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:127)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:142)
at
org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46)
at
org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1004)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:160)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doPost(SAMLSSOProviderServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37).
Any idea on how to resolve this issue?
This is most likely due to inability to connect your Email provider(server). You can initially do following in order to diagnose,(assuming you are using Gmail)
Verify the "userId", "gmailClientIdValue", "gmailClientSecretValue", etc are valid.
<Parameter name="GmailEmailEndpoint">https://www.googleapis.com/gmail/v1/users/[userId]/messages/send</Parameter>
<Parameter name="GmailClientId">gmailClientIdValue</Parameter>
<Parameter name="GmailClientSecret">gmailClientSecretValue</Parameter>
Try to invoke the email send with different tool (postman) with the API. This is to verify that the API endpoints are reachable from your machine. This is to exclude any network level port blocking, etc.
I've got my own box sitting in a rack. It's Win2000 running CF 7 and using the rack company's smtp server. I can't send emails. When I try, they simply go to the undeliverable email folder. Support says my server is sending a non-verifiable helo message. So their smtp server wont send it.
It being CF 7, the admin has nowhere to specify U/P for auth. However I SHOULD be able to do that within the tag. When I do, I get no errors but the mail goes to the undeliverable folder.
CODE:
<cftry>
<cfmail to="jxxx#yahoo.com"
from="jxxx#xxx.com"
subject="xxx.com Sign-up"
server="smtp.xxx.net"
port="25"
username="valid-account#xxx.net"
password="password" >
This is a test - with server specified
</cfmail>
Success w/ server user defined
<cfcatch type="any">
<strong>ERROR: #cfcatch.Message#</strong><BR />
#cfcatch.Detail#
</cfcatch>
</cftry>
<cftry>
<cfmail to="jxxx#yahoo.com"
from="xxx#xxx.net"
subject="xxx.com Sign-up" >
This is a test - without server specified
</cfmail>
Success w/o server user defined
<cfcatch type="any">
<strong>ERROR: #cfcatch.Message#</strong><BR />
#cfcatch.Detail#
</cfcatch>
</cftry>
I don't know much about mail servers...
Any ideas?
This could be an issue with DNS and the inability of the receiving system to either do a reverse DNS lookup or maybe it isn't in DNS at all.
another possibility is that non-verifable Helo means that you don't have FQDN associated with the system (perhaps your system name does not have a domain associated with it?) (ie. helo me) probably going to be bounced versus "helo me.somewhere.com".
so - don't think this a CF issue from a coding perspective - something that is related to your system setting (FQDN perhaps) or DNS in your location. Most anti-spam / anti-open relay settings are going to look at DNS for some level of validation.