My company currently offer an Exchange Calendar integration to our customer by using EWS. Each customer's IT department will create an Admin Account that has the Impersonation right and provide it to us by entering into the UI tool. When we update the calendar event of their employee's calendar, we use that account login to Impersonate the employee.
With the deprecation of Basic Auth access for EWS in October 13th, 2020. https://developer.microsoft.com/en-us/graph/blogs/upcoming-changes-to-exchange-web-services-ews-api-for-office-365/
I can't get a clear answer on how we can migrate.
In general, do we register as an App (daemon), then each client company need to grant permission to us? How do we connect to their Exchange server? With what?
My company also has similar kind of app - booking using Outlook calender. We are currently working on a migration for our Office 365 customers.
The change in EWS is for Office 365/Exchange Online only.
If you are serving Exchange Online customers you can continue to use EWS for a while, but you will need to migrate from Basic Auth to OAuth. You can find a good description on how to implement OAuth with EWS here
To become "future-proof" you should also migrate from EWS to Microsoft Graph.
Related
I am developing an application in ASP .Net MVC. I have Azure Active Directory authorization in it. Is it possible to set an email signature in Office 365 Outlook for domain users via API? My googling skills did not allow me to find any information about this. Before that, I used Google Workspace and it was possible. Now I'm in a situation where I have to transfer some things from Google API to Office 365, and I can't see anything about the footer.
I am building an Excel Web Addin. I'll need to authenticate the user against Office 365 and publish the addin to AppSource / Office Store. What is the ideal authentication method to use?
I found tutorials for SSO authentication, but then I read on https://learn.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins : "The Single Sign-on API is currently supported in preview only. It is available to developers for experimentation; but it should not be used in a production add-in. In addition, add-ins that use SSO are not accepted in AppSource."
Does this mean SSO applications will still not be accepted to the Store? What authentication flow should I use then? I only need the user to sign in a access my Web API via this identity. If possible, the user shouldn't need to reenter their credentials. Is there a code sample I could follow to get this done?
AppSource is not accepting add-ins that use the preview SSO system at this time.
To authenticate a user with a Microsoft Account or a Work or School (Office 365) account without SSO, the user will need to sign in again even if she or he is already logged into Office. Without the SSO system, the add-in has no way of knowing who is logged into Office, just as an web app open in a browser wouldn't know if Office is running on the machine or who is logged into it.
(Your choice of flow might be affected by whether you have a single page app (SPA) or a server-generated UI. Since you mentioned you have a Web API, I'll assume this is not a SPA.)
I don't know of any sample Office Add-ins that only authenticate the user; but there are a couple that log in the user and then use the Auth Code Flow to get an access token to Microsoft Graph.
PowerPoint Add-in Microsoft Graph ASPNET InsertChart. The Office app is PowerPoint, but the auth-related code would be the same for Excel.
Office Add-in Microsoft Graph ASPNET. This is nearly the same, but has Excel as the Office app. It's not polished. (See the Known Issues in the readme.)
But please keep in mind that an Office add-in is just a web app and -- with one exception -- authorizing a user is the same in an add-in as it would be in any other web app. So, you should be able to use the samples in Azure AD Quickstarts.
The one exception is that you have to open the AAD sign-in page in a special dialog window that is invoked with the Office.js displayDialogAsync API. The 2 samples I linked to above do this. You can get detailed guidance about using the Dialog for auth in the article Dialog API in Office Add-ins.
BTW, Microsoft is in the process of improving its documentation and samples for non-SSO auth. We hope to get these improvements published over the next few weeks.
We are trying to implement a calendar portal (C# ASP.NET MVC) where one admin can see multiple outlook(or office 365) users calendar and see who is available. So multiple accounts should be accessed from one ASP.NET MVC application.
First question : Is it even possible? (may be because I had already seen post on stackoverflow : EWS - Access All Shared Calendars )
Second question : What would be the right approach?
Third question : Is there any project available from Microsoft or article? (I could find any good one)
I have had gone through Using Azure Multi-Tenant application without an Office 365 subscription to access users calendar information and https://www.youtube.com/watch?v=0kvDyl5HShA.
I have had also get connected with a single user's account via OAuth2. It was successful.
Currently, we have this subscription. If any more information required then please comment. Then I will add more description as per necessary.
Thank you.
You could try to build Daemon or Service Apps using client credential grant flow as described in this blog, the service app that requires admin consent, but is authorized to access any user's mailbox/calendar information in your Office 365 tenant. You could click here for sample web app that uses client credential flow to access Users, Mail, Calendar, Contacts in Office 365 via Rest APIs .
This link you provided needs to associate your Office 365 account with Azure AD to create and manage apps .If you can have an existing Microsoft Azure subscription, you can associate your Office 365 for business subscription with it. .Otherwise, you'll need to create a new Azure subscription and associate it with your Office 365 account in order to register and manage apps. For more details ,please read how to set up your Office 365 development environment.
We are developing a web application using Microsoft Graph, where the signed in user can, Export all the calendar events to a third party calendar Application. After this initial export, we need to keep the exported data in sync with calendar changes via service app (a scheduled task running on server). This need to be a multi tenant application, as people from different organizations should be able to use this service.
Right now we did the authentication using OAuth 2.0 and OpenID Connect as described in this sample. Later we understood that the access token we get using this method cannot be used in the service app without user interaction. Considering our scenario what is the best way to achieve this?
I have read about App-only authorization method to do this. If we use this authentication method, the app need to be consented by a tenant administrator and the these applications are quite powerful in terms of what data they can access in the Office 365 organization. Considering we are developing a product used by different organizations, will it be feasible to use this method?
To use the client credentials OAuth2.0 flow (aka "App-only" or service account access depending on who's documentation you're reading) the admin for each tenancy will need to specify which scopes your daemon process can have for users in their tenancy. The end users can't give these scoping rights to your code themselves (as far as I know at least).
One thing to watch out for is that currently Graph API doesn't allow you to mess about with calendars that are attached to Office 365 Groups if you're using the client credentials flow. This is a pain for us, so we've raised it as an issue that needs fixing in the Office 365 feedback system. if that's an issue for you or anyone else, please throw a few votes at it so that it gets more attention at Microsoft. :-)
I am trying to read emails from Exchange online through a Office 365 API.with using my username and password for authentication.
Is it possible to access the O365 api? (only using user credentials)
How can I do that? Anyone can help is appreciated.
If your exchange online is part of Office 365, you should definitively take a look here : http://dev.office.com
You will find many tutorials to get access to your mails.
Take a look here : http://dev.office.com/getting-started/office365apis
It uses the Microsoft Graph to query your mailbox and retrives messages :
https://graph.microsoft.com/v1.0/me/mailFolders/Inbox/messages
The authentication process is provided byt Azure Active Directory, through ADAL SDK.
In Visual Studio, you can create easily an application, and then call the submenu 'Add connected services' and you're done !