I have created a project for .NET Core with Windows authentication. I want to get an idea about how to access the user calendar events. User will just access the website and then the user will be authenticated using windows authentication and his calendar data will be loaded on the homepage.
Any idea will be useful. Thanks
Users need to have Calendars.Read, Calendars.ReadWrite delegated Microsoft Graph permissions to access the user calendar events
You can assign this access in add API permissions
Reference: Get calendar - Microsoft Graph v1.0 | Microsoft Docs
Related
I have a WPF desktop using the WebView2 control, and it works quite nicely. The problem I am trying to solve is handling the authentication for users who find the repeated prompts when accessing our SharePoint Online (SPO) site within the WebView2 control annoying. I am not looking to access Graph API or the SPO API, just allow the user to navigate to our SPO site without login prompts. Our on-prem AD synchronizes with Azure AD.
A couple of applications I've developed:
An Office add-in using SSO with delegated permission and signed off by our admin so that users do not log in
A console app that has application permission to update all calendars in our organization via the EWS API, protected with Azure AD certificate authorization, although it initially used a secret
That said, how can I set up the app authorization so that my desktop WPF app can allow the users to access SPO without prompts?
According to your scenario, you can try the following things in your web view control such that you will no longer receive authentication prompts for Sharepoint online login.
• You trying to access SPO site within web view control, so you need to allow authentication for both the http clients, i.e., Windows store clients(classic)[System.Net.Http.HttpClient] and HTTP clients[Windows.Web.Http.HttpClient] connected to web view controls. You can do so by adding the new one in your code as below: -
var filter = new HttpBaseProtocolFilter();
filter.ServerCredential = new Windows.Security.Credentials.PasswordCredential("http://website","login","password");
Windows.Web.Http.HttpClient client2 = new
Windows.Web.Http.HttpClient(filter);
var response = await client2.GetAsync(new Uri("http://website"));
WebView.Source = new Uri("http://website");
• In this code, change the “login” and “password” to the credentials you want to use to login in the SPO site. Also, change the “http://website” to the SPO website and set the ‘enterpriseAuthentication’ parameter to off.
• Also, you can use the ‘’TodoListService” Service app for maintaining an in-memory collection of to-do-items for each authenticated user for login purposes.
Please refer the below links for more reference: -
providing domain/user credentials to webview control
https://learn.microsoft.com/en-us/previous-versions/windows/hh465283(v=win.10)?redirectedfrom=MSDN
https://learn.microsoft.com/en-us/samples/azure-samples/active-directory-dotnet-native-aspnetcore-v2/1-desktop-app-calls-web-api/
This way, hopefully the SPO site can be accessed through desktop WPF app without authentication prompts.
Thanking you,
In our project we are trying to integrate MS Teams with Web application using MS Graph API.use case is OnlineMeeting for Virtual Events.the attendees may or may not have microsoft account.
Created Azure Ad Account and created new tenant and created new user(given Global Administrator role) and registered new Application and given required API permission users.readWrite.all and onlineMreeting.readWrite.all to Application and Delegated Users.
Initially i was using UserCredientials flow(no manual authentication since its not in our usecase user should be authenticated automatically through java) to get accessToken.since its not recommended to use username and credientials(ROPC flow),so now trying to get accessToken only using clientId and clientSecret using adal4j and i am able to get accesstoken but not able to use token for endpoints with /me/onlineMeeting.since token doesnt contain required permission and scope.
so i had tried to reach endpoint with token got from clientid and secret using /users/{id}/onlineMeeting but it gives error like Application does not have permission to Create online meeting on behalf of this user
referred https://learn.microsoft.com/en-us/graph/cloud-communication-online-meeting-application-access-policy
its mentioned to change access-policy.
is there any way to create online meeting on behalf of user without changing access policy?
to create onlinemeeting on behalf of user do we need skype business account?
onlinemeeting can created by two endpoint /onlineMeeting & /events
so does /event in calender api require any additional previlages like office365 license to create online meeting?
to implement these usecase whats the microsoft account Type,azure ad account
and what are all the license and azure subscription need?
to create onlinemeeting only with dialin do we need any special license
is there any way to create online meeting on behalf of user without
changing access policy? to create onlinemeeting on behalf of user do
we need skype business account?
No. We have to set the access policy to use Application token to create online meeting on behalf of a user. To create an online meeting with Microsoft Graph, we don't need skype business account. But if you want to create online meeting through UI / web client, you have to need Teams license. (When I use a new account without being assigned any O365 license, it shows some license error but it's then bypassed. So I think it's a bug. I think we should need skype business account / Teams license to create the online meeting)
so does /event in calendar api require any additional previlages like
office365 license to create online meeting?
Yes. We need O365 Exchange Online license to create /event.
to implement these usecase whats the microsoft account Type,azure ad
account and what are all the license and azure subscription need?
In summary, you need at least AAD work or school account and O365 Exchange Online license.
to create onlinemeeting only with dialin do we need any special
license
Microsoft graph doesn't support creating onlinemeeting only with dialin. See audioConferencing. It's read-only.
Every documentation or tutorial I follow on how to programatically access Outlook's API seems to point to the same pattern:
Application redirects user to Azure so he can authorize (OAuth) the app access to his account's data.
Every time Azure Active Directory is mentioned as a cloud-based credential/access manager.
I'm having a hard time to understand why exactly AD is even needed. And even if it is, that means that should a company desire to integrate an application with the employees calendars, for example, they would need to have an AD just for authentication purposes? Does this make sense if I want to publish an application on Azure for any kind of customer?
Every Office 365 customer has an Azure AD for authentication. If you want to get at users contacts in O365 you have to authenticate using Azure AD.
If you want to get at contacts in Outlook.com, Microsoft provides the same authentication flow for Microsoft Accounts (MSA) that Outlook.com uses.
This means you can use the same authentication flow and call the Microsoft Graph to get contacts no matter if they are an Office 365 user or an Outlook.com user. Your app does the same auth flow and makes the same calls.
I originally posted the following on github: https://github.com/OfficeDev/office-js/issues/323, but they suggested I post on stack overflow.
I have an Azure Active Directory v2 application which lists some SharePoint delegated permissions:
I have a Word Online Addin that uses the V2 app. I tried adding the SharePoint permissions as scopes in the Office Manifest such as
<Scope>AllSites.Read</Scope>
However, I get the following message after attempting to grant consent inside Word Online:
Is this error expected? Ultimately I wanted to enable single sign on in Office (Similar to https://learn.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins but for CSOM, not Graph). I was able to get this to work for Graph permissions.
First, let me clarify that the SSO API is still in-preview. In production, you should be using Dialog API to login the user but it does not provide SSO.
Now coming to the in-preview SSO API - Have you tried any of the SharePoint scopes owned by Graph? Adding that to the manifest should work. Currently, we do not support any other scope other than Graph. But there is no reason why the same token can be used to access SharePoint provided you use Graph scopes.
We've been running an Angular app in a custom masterpage during the last year, using the Sharepoint REST api to retrieve user properties, data from lists etc., which has been working fine. As the application is hosted on Sharepoint Online, accessing the page requires a login thus making the request digest available so further authentication is not necessary.
Now however, we want to start using some of the functionality in the Microsoft Graph API. From what I can gather this requires OAuth2 authentication against the Azure Active Directory, involving among other things a redirect to the AAD login page.
Does this mean I have to:
1) Login via the organizations (standard Microsoft) login page to access the Sharepoint Online site.
2) Redirect to the Azure AD login page and back again?
Or can I leverage the login that the user already did when logging into Sharepoint Online?
Sorry if the question is a bit vague, we are all still very new to this.
When registering your application on Azure AD you will give the app access to Files/Sharepoint REST api and Microsoft Graph API. See this picture the app has access to several apis (Exchange, Graph and AD) you must add sharepoint APIs in your case.
Regarding the authentication, I am afraid that the Sharepoint model does not provide a token that will enable you to request the Graph API see this. You will have two authentications, one to access the Sharepoint site, as you said, and the other "within" the sharepoint iframed add-in to log into your AAD's registered app. This will be an OAUTH process through login.microsoft.com. Have a look at my Outlook add-in Keluro Mail Team on the Office store, I think it is similar to what you want to achieve.
You can use the same token from graph.microsoft.com. I have a sample using Asp.Net Core 1.0 and the.Net ADAL but the same authentication flow is used when using ASP.NET 4.6. Just make your auth request against ms graph on startup then acquire access token to auth against SharePoint.
https://github.com/edrohler/com.ericrohler
Hope this helps.