I am trying to connect and query our foundry ontology from different Microsoft tools in our own network. I was able to do so using a token as described in the documentation. That works great and it is easy to configure. The problem is that it is associated to only one account and the token expires often.
Reading the documentation I saw the option for OAuth. What is not very clear in the documentation is whether we have to register an application for ODBC and how to do it. When I have had to register applications in the past in cloud environments, the application normally has a returned address that the cloud app hits to authenticate. However, in this case, I don't see how that would help for ODBC from desktop applications like Excel or Access.
Any suggestion or reading would be appreciated
To use the OAuth flow with the ODBC driver on Windows you can register a third-party application in Foundry (see docs). You can use a public or confidential client, and the redirect URL should be set to http://127.0.0.1/foundrydriver/oauthredirect.
Related
Basically there are some shared Excel files on my corporation's Sharepoint and I need local copies of It for data analysis. I am able to manually download all I need, but I need to automate this work somehow.
I'm writing this post because of issues regarding two aspects of this problem:
Microsoft Licenses: as I'm using a personal account on a corporation domain (for my work), so Microsoft won't let me setup gateways on Power Automate. I was able to create a Power Automate Flow that does exactly what I need, but my end point is messed up (can't connect to my local machine so I can create the file I need with the data from Sharepoint). I cannot acess these files with other account.
Two-factor authentication: I'm unable to use APIs with Sharepoint apparently because of this, and the authentication is something that I cannot disable due to my corporation's policies.
Any workaround is viable? I need some new ideas.
You could use PnP.PowerShell to automate this task.
For authentication issue just register an app on the target site collection and grant is access. Then use this app credentials to connect to the SharePoint site and download the files.
Reference -
To create a new app - https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/register-sharepoint-add-ins#to-register-by-using-appregnewaspx
Grant access to this app - https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs#setting-up-an-app-only-principal-with-tenant-permissions
Use this app to authenticate - https://pnp.github.io/powershell/cmdlets/Connect-PnPOnline.html#example-3
I'm new to Federation Services and I'm trying to understand how ADFS works as a whole and I've started to get down into the details. I followed along with creating an app using OIDC to authenticate a user, however, within the tutorial, they specified using a "Server Application" when setting up an Application Group. This ended up not working for me so I tried setting up a "Native Application" application group for kicks and was able to successfully login.
The thing that threw me off is, I ended up hosting ADFS on a server outside of the domain in which I had my application running, so I'm confused as to how that is "native" in terms of ADFS.
I went looking for this answer within microsoft's documentation but I didn't find the information very clear.
Native Application:
"Sometimes called a public client, this is intended to be a client app that runs on a pc or device and with which the user interacts."
Server Application:
"A web application that runs on a server and is generally accessible to users via a browser. Because it is capable of maintaining its own client 'secret' or credential, it is sometimes called a confidential client."
This may seem simple to some, but I'm trying to really get a grip on what would be used when. To me it sounds like a native application is used when you're running the application natively on a pc in which the user is also using the same pc, and the server application is run remotely in which the user would not be using the same machine. Is it really that simple or am I misunderstanding?
A native application (in Microsoft speak) is something that is not browser based e.g. mobile. The code runs client side. It may use JavaScript in which case the secret key is publicly accessible. (The secret key is one of the OAuth parameters). You use ADAL / MSAL to access it.
A server application runs server side e.g a web API. The secret key is not publicly accessible. You use OWIN to access it.
These terms have no relevance to where ADFS is actually installed. Native applications typically are not domain joined.
Original jamesiarmes/php-ews offers authentication only by username / password. Fork by Garethp has some OAuth function but it requires Office365 and registering application in Azure. Is there any possibility to connect to Outlook by web browser just relying on user logged to Windows System? I know how to read which user is logged using kerberos, but don't know if it's right tool to make it.
There's no way with either of those tools. I looked in to trying to use Network Authentication as method of Auth, since my fork uses NTLM any way, but I couldn't find any resources on passing the NTLM Authentication over SOAP calls. That being said, if you can find some examples, I'd be happy to build it in as a method of authentication for you
In the EWS service object, you can select the flag to use default credentials, meaning whatever user context the code is running under. Would that help?
I know about xamarin connection with SQLite but it is locally
I need to connect my remotely MySQL database with xamarin.forms (I know about the security issue of this without using web services layer, but i will only use it for my own work)
This plugin is for xamarin.iOS and Xamarin.Android
I cannot add it using dependency service because i cannot add this component to the shared project
So is there any example of connecting MySQL database with xamarin.forms
You can't add references to your shared library. Shared libraries act like a list of files that are directly included in the project. The advantage of shared projects is just, that you do not have to maintain these included files for each project that uses code of the contained files. See the Xamarin documentation for further explanation.
What you have to do, if you want to consume a 3rd party libray within a shared library: Add the library to each project that uses the shared library (e.g. your iOS and Android project)
2ct to the mentioned security issue
You are right about the security issue. That's why I'd advice against, using mysql directly from your app. (I'll explain it for other readers that aren't aware of this problem and stumble over this question)
You should tunnel it through HTTPS because:
Some networks just block certain ports (HTTP and HTTPS are usually not blocked)
You publish your credentials with your app either statically or dynamically, but the credentials to your database are interceptable either way. You should authenticate a user and not an app. So there should be some kind of authentication / authorization that is revokeable. There was a nice talk from Kerry Lothrop on the Xamarin Evolve 2016 on this topic. https://www.youtube.com/watch?v=uLFtQHNxGaI
I have deployed a couple of reports in SSRS2012, the report uses the user's windows token to do some verification. When testing the report in VS I successfully read the windows token but when I deploy to SSRS token is empty.
I did configure all data sources to use windows authentication and to impersonate the user.
any ideas?
Thanks
I'm a little unclear on the specifics here, but I'm thinking the problem is with the authentication method you're using in IIS.
Check out this other question:
Why does Windows/Integrated Authentication in IIS not pass user credentials to SSRS and SQL?
The versions are a bit different (SSRS 2005) but I think the issues here are the same. I won't get into it too much, because the answer in that link explains it better than I could, but essentially, it works from Visual Studio because your Windows Token is the one making all the requests. When you deploy to IIS, however, without explicitly configuring Windows Authentication and Identity Impersonation, the requests are being executed as the App Pool User, not the user using your web app. I hope this helps!