Is it possible to use any tokens from an Outlook add-in for use with authenticating EWS Managed API operations that create or update items?
Apparently the token returned from mailbox.getCallbackTokenAsync can only be used in read operations. I can indeed verify that is a problem because attempts to send emails or call UserConfiguration.Update result in an error:
The requested web method is unavailable to this caller or application.
I have been testing these methods from an ASP.NET Web API App Service in Azure, called from JavaScript in the Outlook add-in.
Apparently mailbox.getUserIdentityTokenAsync can be used to validate a user, but it is not clear if that can be used in conjunction with OAuthCredentials for ExchangeService.Credentials.
Are there any options here? I cannot ask the user for their username and password to authenticate with Exchange. I am certainly willing to use Graph or the Mail API, but AFAIK there are no ways to update user configuration items with those APIs.
You're looking for makeEwsRequestAsync(). Both CreateItem and UpdateItem operations are supported makeEwsRequestAsync.
You can find the full list of supported EWS operations in the documentation under EWS operations that add-ins support.
There is also support for calling into Microsoft Graph via the add-in but as you noted, Microsoft Graph supports a very limited number mailbox configuration options.
Related
We have an API management instance in azure.We have also enabled the management API. There we have set a SAS token & that has been used in the application. Here, we have to change the SAS token in every 30 days. If the token is expired, that will result into an application outage. Is there any way to get notified via email or any other means about the token expiry (in advance). I did some research on this, but , unfortunately could not find anything useful.
I don't believe there is built-in support for this.
You could instead have a logic app that takes in a SAS Token as input and schedules emails based on the expiry of the token.
TIP Apart from an email, you could do more interesting workflows like sending actionable messages using office 365 outlook or https://learn.microsoft.com/en-us/connectors/teams/#post-an-adaptive-card-to-a-teams-channel-and-wait-for-a-response connectors and even create a work item in Azure Devops or create an issue on GitHub, depending on what you use.
Alternatively you could create Azure AD application with client id and client secret, give it permissions to do what you need to be done in APIM and use its credentials to do all the same operations via ARM.
I need to use several EWS requests (e.g. GetUserConfiguration, UpdateUserConfiguration) that are not supported using Office.context.mailbox.makeEwsRequestAsync.
I cannot use the EWS Managed API in my own web service as a broker, and must use XML SOAP requests directly from the add-in's JavaScript (those methods are not available in the Graph or Mail APIs).
There are many examples (like this) showing how getUserIdentityTokenAsync can be used to pass that token to your web service (again, which I can't use) to use there in whatever way you need it.
However, I'm guessing the token retrieved from getUserIdentityTokenAsync is different and cannot be used. As a simple and hopefully appropriate test, I obtained an OAUTH token for my O365 account and used that as the token using SOAPe for a test GetUserConfiguration call and it worked. I then tried using the token from getUserIdentityTokenAsync and it didn't work (401 Unauthorized).
I concede that this may be a poor test, and I admit that at this point it is unclear to me how a SOAP EWS request from JavaScript in an Outlook dd-in can be authenticated without requiring an explicit user login (hopefully it can). And if it can, how do I get the token I need and how do I use it for this kind of client-side request?
You may want to use ews-javascript-api helper in this case. here is the example on how to use this with Outlook Add-ins.
https://github.com/gautamsi/ews-js-api-browser#working-with-plain-jsts-no-module-loadersbundlers
you may use any allowed api (available in makeEwsRequestAsync) with this library. with similar api what is available in Ews managed Api.
I am trying to work out an application using
Dotnet Core 1.0
MySQL as the data store
Authetication and Authorization
Entity Framework
Ubuntu 16 machine
I have succeeded in creating a sample API to fetch data from MySQL database using entity framework. Now I want to introduce Authentication using email as username and Password.
I tried several method from different blogs but unable to achieve this.
What I am trying to achieve is Custom Authentication for the api where user will send username and password to login Api. The login Api will return an access token and refresh token. Using this access token, the user can call other APIs.
Later on I want to add Google and Facebook Authentication too.
Is there a way to do this?
Everything you want to achieve is possible. However there are some caveats.
Yes you can do this. You will need to use the resource owner grant which is turned off in identityserver 4 by default. I suspect the reason for this is because passing user credentials into an application is an anti-pattern, it is there to typically support legacy systems, also it does not authenticate users in the explicit sense because the credentials could come from an un-trusted source (as an example). You can read up about the grant's generic value here. You can find samples here.
The safer pattern is to use something like Implicit Flow which is good practice if you cannot guarantee trust between clients and your API.
As for social logins this is possible. There are tonnes of samples online but here are the official docs.
There is a project on github, https://github.com/diogodamiani/IdentityServer4.MongoDB and a corresponding nuget package that will send you in the right direction. It's obviously MongoDb, but the same premise applies.
Which is the correct way to perform a sign in on O365 Exchange in order to use EWS?. I know that exists ADAL to perform authentication against O365, but since the code it's highly tied with the tenant ADAL is not a solution for my problem.
I'm developing an iOS App that needs to interact with Exchange (O365) and I'm unable to perform the authentication correctly.
To use Exchange Web Services in Office 365, you can either use Basic authentication or OAuth. OAuth (which I think is what you mean by ADAL) is the recommended method. It's not tied to a tenant, but it does require that you register your application in a tenant (can be your own developer tenant) to get a client ID.
I'm using Exchange web services, trying to create a calendar entry in another user's mailbox. My account in EWS has rights to do this, and I can successfully use Impersonation to create thes appointment in any mailbox.
However, some examples I've seen of doing this, use an instance of DistinguishedFolderIdType, not impersonation, to set the mailbox for the appointment.
Problem is, this class simply isn't appearing in my installation of the EWS SDK for Visual Studio. It's v1.1, obtained here, but can't be found in Object Explorer. What am I missing?
The type DistinguishedFolderIdType is not part of the EWS Managed API.
If you do not use the EWS Managed API but generate your own SOAP client proxy manually from Visual Studio by adding a reference to the EWS .asmx service, the generated proxy will contain DistinguishedFolderIdType.
However, depending on what you are trying to accomplish, you should be able to do it using the classes provided på EWS Managed API 1.1 and you won't need DistinguishedFolderIdType.