this is a basic question:
I have an angular 2 app, and I'm trying to use Office's dialog API. Basically, I have a route https://domain/success that I want to open up in the dialog.
More specifically, here is what I'm trying
I am at the route https://domain/splash, which renders the splash component.
In splashComponent.ts, I call
this.microsoftService.doStuff
In microsoftService, doStuff method, I call
Office.context.ui.displayDialogAsync('https://domain/success');
This is supposed to render the success component.
However, I see the splash component.
The url of the dialog is
https://domain/success?_host_info=blahblah|isDialog|#/splash
Why is this the case? And how do i render the success component?
This is more partial diagnosis than solution, but it's a bit too involved for a comment.
Regardless of whether Outlook adds the query parameter, your router is adding "#/splash" to the end of the URL and that is why it is opening splash. I think the problem is in the routing configuration and routing strategy.
Related to this is the fact that the Office dialog opens in a completely separate browser instance with a completely separate JavaScript engine instance and execution context. So a complete second copy of your web application is opening in the dialog. This means that the root routing is going to be triggered.
If you are determined to use a route in your web app in the dialog, then you need some kind of conditional logic where the app tests whether it is being opened in the dialog and routes accordingly.
That said, I recommend that when using the Office Dialog API in an Angular-based add-in, you deviate from the "single page" principle, and just create a success.html page that you host in your domain. This I much simpler and less error prone.
By the way, you shouldn't need to put your own add-in's domain in the <AppsDomains> in the manifest. The add-in trusts itself and anything in its own domain.
For more information, see Use the Office Dialog API with single-page applications and client-side routing, and the rest of that article too.
Related
I am currently struggling with security dilemma how to pass securely the OAuth token from parent page in Outlook O365 to dialog window. According to Microsoft documentation there are only two ways how to achieve that:
localStorage
query parameter
What I don't understand why Microsoft has a methods(*) for communication from dialog to parent page and not from parent page to dialog?
*
from documentation:
dialog.addEventHandler(Office.EventType.DialogMessageReceived, processMessage);
dialog.addEventHandler(Office.EventType.DialogEventReceived, processMessage);
So my questions are:
Is there any way how to pass the OAuth token from parent page to dialog with the internal methods of Office JS?
Why Microsoft has developed only one way communication between parent page and dialog?
Edit:
I refer the parent page as a New Meeting window in Outlook and as a dialog I refer the dialog as iFrame (Office.context.ui.displayDialogAsync()). I have skipped the taskpane step and firing up the dialog directly when the addin button is clicked. My intention is to send the OAuth (bearer) token from parent page (since user is already validated to access O365 mailbox) to dialog.
As Rick noted, the data can be passed from parent to dialog by localStorage or query parameter. But my question is why Office JS Api is missing the methods for communication from parent to dialog (when the opposite way has methods for that).
There are three actors that need to be kept distinct: The dialog, the parent page (usually in a taskpane), and the Office host application (e.g., Excel, Word, etc.). The current wording of your question makes it difficult to discern which two actors you are talking about. The parent page can pass things, including tokens if that's ever required, to a dialog with query parameters or local storage. But ordinarily you would use a dialog to get an access token and pass the token in the other direction, from dialog to parent page. You do this using the messageParent API.
When you refer to the "host" in your question are you talking about the parent page (probably in a taskpane)?
EDIT:
OK. I think I understand the question now. You are asking for an API in Office.JS that can be called in the parent page and sends info to a PREVIOUSLY OPENED dialog. We've gotten requests for that and you can vote up the request here on Office Developer User Voice. However, I can't give a timeline about when such an API will be available. In the meantime, the only way I know of to communicate from parent page to an already opened dialog is to use LocalStorage. Search for "how to communicate between windows using local storage?" and you'll find info on techniques for doing this.
I know it's an old question, but maybe there are people reading this nowadays.
With regard to your question about ways of communication from parent page to dialog: you could pass information from parent page to dialog using the Office API's messageChild method as described here.
There are template witch are written by admins. And in mail there possibility to enter link (not the rails way). There is editing menu, what generates following, basic html code:
company’s profile
where user.owner_name - domain.com/user/user_name
I don't talk about localhost because it possible will not work. So I'm talking about production server.
I receive email, with broken link (if I click on it - it's not opening) but if copy link:
x-webdoc://73A3A2DC-F22E-4558-8853-C6A57985EE7C/mydomaine.com/user/
Why this appears?
EDIT
It seems it's realeted to MacOs. It prbolem appears when I view letter thorought Mail App, or Safari browser.
Now, I need any advise how to avoide this prob.
I would argue that example.com/user/user_name is not a useful URI in the context of an email, because it is missing a protocol (like: http://example.com/user/user_name). Without the protocol it could be misunderstood as a relative URL, which may lead to security issues or at least is useless in the context of an email client.
From that point of view, it is not surprising to me that some email clients or web mailers are trying to be smart and protect the user by annotating the URL in some way.
In this example the added x-webdoc: indicates that the user has to make the decision on what application to use to open that link because without a proper protocol it is not obvious what application will be able to handle the URI. See What is x-webdoc?
I have a Web Forms application which makes use of WIF and Claims based authorization. Im using Thinktecture IdentityServer v2.5 for my STS with my custom login page and custom authentication against database and then issuing the token.
Its all working fine at the moment and no issues, the only problem came when I was configuring Sliding Sessions as shown by Brock Allen in this post
http://brockallen.com/2013/02/17/sliding-sessions-in-wif-with-the-session-authentication-module-sam-and-thinktecture-identitymodel/
My problem is that the event mentioned in the post SessionSecurityTokenReceived is getting called too many times per page load. I just wanted to know what is the reason behind that and could this be a performance hit ?
I'm doing something similar and have come across the same issue. It is because the event is called for every single resource the page consumes (css, js, etc) that is also secured by the web application. In global.asax.cs, in the event, if you insert the line...
var requestContext = HttpContext.Current.Request.RequestContext.HttpContext.Request;
...and put a breakpoint on this line, you can observe this behavior by inspecting the value.
I currently have an intranet site that is accessed by external customers. I therefore set this up using Forms Authentication. However the powers that be (my bosses) want all our domain users to not have to enter their username and password to access the site.
I've done a bit or reading and everything seems to point to setting up a WinLogin.aspx page that you alter to use WindowAuthenthication and then redirect from there.
I have a problem with this as I don't like the idea of putting an aspx form in my mvc application.
Can anyone tell me how to achieve mixed authentication using a strictly MVC Controller/Action setup without a second application?
NOTES: running MVC 3 on an IIS 7 box.
Forms Authentication is not related to the URL or physical structure of your files. What matters is that a URL should ultimately map to a physical (or virtual) resource on the server, and be processed, and be returned back to the user.
Thus, somewhere in between for each incoming call (each HTTP request, even those for CSS and JavaScript files), you have to see if the current user has enough permission to access it or not. If no, then you might redirect him to the login page.
If you want, you can have a URL like /user/windowslogin where user is the name of the controller, and windowslogin is the name of your action method. Then you can create a custom authentication attribute (something like [WindowsAuthentication]) on your windowslogin action, and in that attribute (which is an MVC filter in essence), you can see if the current request comes from within your domain, and if so, talk to Active Directory for authentication or stuff like that, and on case of successful authentication, create an authentication cookie using FormsAuthentication class, and the rest of the story.
However, I don't think this would be an easy task. Others might introduce better solutions.
I want to detect certain browsers (IE6) and redirect them to a page that tells them to get a better browser.
Same thing for detection of Javascript being enabled, if the browser has it disabled I want to send them to a page which explains this fact.
Is there an elegant or preferred way to do this in mvc?
you should first Detect Browser Types by System.Web.HttpBrowserCapabilities browser = Request.Browser and then you can send users to a page which tells them to get a better browser .
and see for more information How to: Detect Browser Types and Browser Capabilities in ASP.NET Web Pages
This is a clean and great way of doing it.
http://ie6update.com/