How to programmatically unlock the password protected onenote section using CSOM? - onenote

I'm building a Client Side Object Model(CSOM) solution using c# to re-create the problematic onenote section which is located within an onenote notebook. My code doesn't return the pages if my onenote section is password protected.
Once I unlocked the password from onenote2013 application, I'm able to view the total number of pages available under the sections. I googled a lot to find a way to unlock the password protection section using C#. But there is no luck.
Reference: https://msdn.microsoft.com/en-us/magazine/ff796230.aspx
Can anyone tell me whether there is a way to unlock the password protected section via C#?

The OneNote REST API does not support password protected sections.

Related

Convert Gmail mail into file and send over a webservice

Is it possible to create an add-on that can send off the contents of an email into a webservice? I see lots of documentation on add-ons interacting with external webservices and have been able to follow a simple demo about it, but there isn't much I can find about interacting with the emails itself.
I have an add-on in Outlook that grabs the email and sends it off to a webservice, but I want to replicate this in Gmail in some way.
Next, I would also like to know if it's possible to use a different web service based on the user. For example, if I were to deploy this same add-on for a coworker but they needed to send the email to the different service. Is there a configuration file somewhere that controls this?
Lastly, I was also interested in how Gmail add-ons store personalized information, as I feel like it would help clear things up. E.g. how the tasks add-on grabs the right ones for the currently logged in user and where they are stored.
I would be open to any other solutions to this issue.
Communicating with web service
You can use the UrlFetchApp class to connect to any target web service if it can be accessed via HTTP request. If you need to access different web services for different users, you can either do so via storing "user:url" property (see below) or by conditionally changing the URL according to effective user.
Determining the user
You can determine under whose authority the Add-on is running by using a Session class method getEffectiveUser() and getEmail() on the resulting user.
Storing personalized info
As for storing and fetching personalized information, there is a PropertiesService class you can use. Since you want to store info related to end users, you'll need to get a Properties class instance with access to user-specific properties via getUserProperties() method.
Useful links
Gmail Add-ons reference;
PropertiesService class reference;
Guide on PropertiesService usage;
UrlFetchApp class reference;

Posible pitfalls when switching from Gmail smtp to Gmail rest api

Google offers two systems for accessing Gmail. IMAP and SMTP and a the Gmail rest api Gmail - Scope for SMTP is https://mail.google.com/. However with Gmail rest API, just the required scope (like send, modify) can be used.
What are the main differences between the implementation of these two for sending an email? I've been using SMTP to send the mails without any issues but since that involves having a bigger scope for OAuth2, I want to know if there are any possible risks involved in moving to the API approach.
Users.messages: send says there's a restriction on attachment size.
This method supports an /upload URI and accepts uploaded media with
the following characteristics:
Maximum file size: 35MB Accepted Media MIME types: message/rfc822
Are there any other differences that I should know about if I start using Gmail APIs instead of using SMTP connection for OAuth2.
Also, what is the reasoning behind providing full access as the only possible scope for SMTP/IMAP?
Note: I only requirement is the ability to send emails.
Using SMTP you are directly accessing the mail server located at mail.google.com. SMTP servers have been around since the 60's they don't have the ability to limit what access you have. When you log in you have full access to do what ever the mail server in question is capable of. To login to the SMTP server you need the login (most often email address) and password of the account you wish to access. Drawback to using the SMTP to connect to Gmail is that if the user changed the password you would then loose access. This day in age it is also considered by most to be bad practice for third party developers to be storing a users login and password in your system. For example: I would never give any application access to my login and password to Google. How could you ever prove to me that your system is secure? If your hacked so am I.
Now on to Oauth2. Oauth came about sometime around 2005 when people wanted to be able to access APIs without having to do something stupid like
http://awsom.api.com?login=xxx&password=XXX
If memory services it was originally created for the twitter API developers wanted to be able to access their users twitter account without having to store their login in and password. Again the main problem with this was the developer in question would then have full access to a users twitter account and if the user or the developer changed the password things would break.
So they created OAuth. The main features with OAuth are:
You can limit access you give an application: (readonly, read write)
Password change does not affect access
No sharing account credentials with developers of third party apps
So the main point for me as a developer using Oauth with any Google API would be not having to store the login and password of my users and not being affected by a password change. My users would probably say not having to share their login with me and being able to give my application limited access to their account.
Now back to Gmail. Google made a change about two months ago any refresh token(oauth2) that was created using a Gmail scope will automatically expire when the user changes their password. To my knowledge this is only Gmail. so that removes point number two from the features of oauth.
Which should you use is really up to you, assuming you need to be able to send emails. Then limiting access to read only in your application isn't something you need (point one). However in my opinion from a security standpoint I would never ask my users to give me their login and password and would always choose oauth2. Yes SMTP works, will Google shut it down, probably not users have always been given access to the direct SMTP server of their email provider its how applications like outlook work.
as for OAuth support with SMTP unfortunately I haven't done much research into that guess I need to read RFC 4422 . If you can use OAuth with SMTP servers then again I guess the question would have to come down to speed is it faster to access the SMTP server or the REST API server? I can really think of no differences. Attachments with the Rest API can be tricky. I may do a bit more digging on the subject.

Is it possible to build web Api application using dotnet core, MySQL with Authentication and Authorization?

I am trying to work out an application using
Dotnet Core 1.0
MySQL as the data store
Authetication and Authorization
Entity Framework
Ubuntu 16 machine
I have succeeded in creating a sample API to fetch data from MySQL database using entity framework. Now I want to introduce Authentication using email as username and Password.
I tried several method from different blogs but unable to achieve this.
What I am trying to achieve is Custom Authentication for the api where user will send username and password to login Api. The login Api will return an access token and refresh token. Using this access token, the user can call other APIs.
Later on I want to add Google and Facebook Authentication too.
Is there a way to do this?
Everything you want to achieve is possible. However there are some caveats.
Yes you can do this. You will need to use the resource owner grant which is turned off in identityserver 4 by default. I suspect the reason for this is because passing user credentials into an application is an anti-pattern, it is there to typically support legacy systems, also it does not authenticate users in the explicit sense because the credentials could come from an un-trusted source (as an example). You can read up about the grant's generic value here. You can find samples here.
The safer pattern is to use something like Implicit Flow which is good practice if you cannot guarantee trust between clients and your API.
As for social logins this is possible. There are tonnes of samples online but here are the official docs.
There is a project on github, https://github.com/diogodamiani/IdentityServer4.MongoDB and a corresponding nuget package that will send you in the right direction. It's obviously MongoDb, but the same premise applies.

Reading other user's Google Fit data via REST API

We have a user who gave consent for our Cloud Project to read their Fit data through the Android app. We now want user's coach to access their Fit data through a web UI associated with our Cloud Project. Is this possible, and if so, what is the right way to do it?
Can cross-client identity be used? https://developers.google.com/identity/protocols/CrossClientAuth
I was trying to replace "me" with "user#gmail.com" in the REST endpoint but it doesn't work:
https://www.googleapis.com/fitness/v1/users/me/... ->
https://www.googleapis.com/fitness/v1/users/user#gmail.com/...
Thanks!
There is a mechanism for Android apps to obtain offline access for web back-ends highlighted in the CrossClientAuth guide from your question. With offline access, you can theoretically serve or store that data in any way that the user has consented to. Any access controls of that data to another person is something that you'd have to handle on your own.

Box API Login issue

how to make a login call using the Box API methods in my webservice?
I can only see a URL, that redirects to a Box login Page, where user needs to endter username and password, but this I need this as a webservice call.
Does anyone have done it usig API ?
Regards Sathish
You can find the full details here, but in short, you can set a callback URL for your app at http://www.box.com/developers/services that Box will send the authentication token to. You can set up your web service to receive the token there.
The way Box's authentication flow is designed is to prevent the need for users to provide 3rd parties (you in this case) with their credentials. The fact that there is no mechanism to authenticate a user by passing their credentials through a web service call is deliberate, and there is no straightforward work around I'm aware of (especially no such workaround that would be consistent with the terms of use of their API).
http://developers.box.com/get-started/#authenticating
There is a new authentication mechanism they have in the pipeline which will allow you to authenticate to a sandboxed folder for your application using a much simpler process. This is currently in private beta. This might fit the needs of what you are looking for once it is available.
http://developers.box.com/docs/#tokens