We have a solution today where we use EWS's basic authentication (username and password) with .net Core 2.1, and it works. The problem is that basic authentication will expire in 2020. Therefore, we will transition to the OAuth solution that will work after 2020.
We have tried multiple solutions for this problem, including this: https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth, but some of the methods have been updated (AcquireToken -> AcquireTokenAsync).
It's important that the authentication against azure is not client-based, since everything will happen in backend (web api).
Does anyone have a solution to this problem?
This is our current solution:
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);
service.Credentials = new WebCredentials(<email>, <password>);
service.TraceEnabled = true;
service.TraceFlags = TraceFlags.All;
service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
This is an example of what we have tried:
public class Program
{
public static void Run()
{
//tried this as well: string authority = "https://login.windows.net/<devAccountName>.onmicrosoft.com";
string authority = "https://login.microsoftonline.com/<tenantId>/OAuth2/Token";
string clientId = "<clientId>"; // Application ID from Azure
Uri clientAppUri = new Uri("http://localhost:55424/");
Uri resourceHostUri = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
AuthenticationResult authenticationResult = null;
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
string errorMessage = null;
try
{
Console.WriteLine("Trying to acquire token");
PlatformParameters platformParams = new PlatformParameters(PromptBehavior.Auto);
authenticationResult = authenticationContext.AcquireTokenAsync("https://outlook.office365.com/EWS/Exchange.asmx", clientId, clientAppUri, platformParams).Result;
}
catch (AdalException ex)
{
errorMessage = ex.Message;
if (ex.InnerException != null)
{
errorMessage += "\nInnerException : " + ex.InnerException.Message;
}
}
catch (ArgumentException ex)
{
errorMessage = ex.Message;
}
if (!string.IsNullOrEmpty(errorMessage))
{
Console.WriteLine("Failed: {0}" + errorMessage);
return;
}
Console.WriteLine("\nMaking the protocol call\n");
ExchangeService exchangeService = new ExchangeService(ExchangeVersion.Exchange2013);
exchangeService.Url = resourceHostUri;
exchangeService.TraceEnabled = true;
exchangeService.TraceFlags = TraceFlags.All;
exchangeService.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
exchangeService.FindFolders(WellKnownFolderName.Root, new FolderView(10));
}
}
We receive this error message after we log in:
AADSTS50001: The application named
https://outlook.office365.com/EWS/Exchange.asmx was not found in the tenant named <tenantId>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Is there any way to get SAML token for the Application Pool Identity User (configured user)?
when we configure application pool dentity stores config entries (user name & password) in applicationHost.config under %systemroot%\System32\Inetsrv\config path.
When application starts, it picks the user name and encrypted password for authentication. After successful authentication, will it follow token based authentication for subsequent calls or will always follows basic authentication ?
If it token based then how can i get the SAML token for application pool identity user, after the first response?
if any links please let me know.
Thanks in advance.
To Get SAML Assertion for Application pool Identity Or Logged on user :
string rpLoginUrl = string.Format(SapConfiguration.AdfsSignInUrl, SapConfiguration.AdfsInstance, HttpUtility.UrlEncode(GetSapTokenServiceUrl));
string htmlContent;
try
{
do
{
var result = await Client.GetAsync(rpLoginUrl);
htmlContent = await result.Content.ReadAsStringAsync();
IEnumerable<string> values;
if (result.Headers.TryGetValues("location", out values))
{
foreach (string s in values)
{
if (s.StartsWith("/"))
{
rpLoginUrl = rpLoginUrl.Substring(0, rpLoginUrl.IndexOf("/adfs/ls", StringComparison.Ordinal)) + s;
}
else
{
rpLoginUrl = s;
}
}
}
else
{
rpLoginUrl = "";
}
} while (!string.IsNullOrEmpty(rpLoginUrl));
}
catch (Exception exp)
{
var additionalInfo = $" additionalInfo : [rpLoginUrl: {rpLoginUrl}]";
throw new SecurityException($"SapAuthorization.GetSamlResponseForProcessIdentityAsync is failed, {additionalInfo}", exp);
}
var reg = new Regex("SAMLResponse\\W+value\\=\\\"([^\\\"]+)\\\"");
var matches = reg.Matches(htmlContent);
string lastMatch = null;
foreach (Match m in matches)
{
lastMatch = m.Groups[1].Value;
}
return lastMatch;
Ans 1: By Using Adal flow to get Jwt token for Logged on User,
if (!AdfsConfiguration.IsInitialized) throw new SecurityException(Constants.AdfsConfigurationInitilizationExceptionMessage);
if (string.IsNullOrEmpty(AdfsConfiguration.AdfsAuthorityUrl)) throw new SecurityException(Constants.AdfsConfigurationAdfsAuthorityUrlInitilizationExceptionMessage);
try
{
var authenticationContext = new AuthenticationContext(string.Format(AdfsConfiguration.AdfsAuthorityUrl, AdfsConfiguration.AdfsInstance, AdfsConfiguration.Resource), false);
var asyncRequest = authenticationContext.AcquireTokenAsync(AdfsConfiguration.Resource, AdfsConfiguration.ClientId, new Uri(AdfsConfiguration.RedirectUri), new PlatformParameters(PromptBehavior.Auto));
var accessToken = asyncRequest.Result.AccessToken;
return accessToken;
}
catch (Exception exp)
{
var additionalInfo = $" additionalInfo : [authenticationContext : {string.Format(AdfsConfiguration.AdfsAuthorityUrl, AdfsConfiguration.AdfsInstance, AdfsConfiguration.Resource)}]";
throw new SecurityException($"AdfsAuthorization.GetAdfsOAuthJwtAccessTokenForWinAppUserUsingAdal is failed, {additionalInfo}", exp);
}
Ans 2: By Auth code flow to get Jwt token for logged on user or Application pool identity user.
step 1 : Get Auth code from Adfs server
var authUrl = string.Format(AdfsConfiguration.AdfsAuthUrl, AdfsConfiguration.AdfsInstance, AdfsConfiguration.ClientId, AdfsConfiguration.Resource, AdfsConfiguration.UrlEncodedRedirectUri);
var authCode = "";
try
{
do
{
var result = await Client.GetAsync(authUrl);
await result.Content.ReadAsStringAsync();
IEnumerable<string> values;
if (result.Headers.TryGetValues("location", out values))
{
foreach (string s in values)
{
if (s.Contains("code="))
{
authUrl = "";
authCode = s.Substring(s.IndexOf("code=", StringComparison.Ordinal) + 5);
}
else
{
authUrl = s;
}
}
}
else
{
authUrl = "";
}
} while (!string.IsNullOrEmpty(authUrl));
return authCode;
}
catch (Exception exp)
{
var additionalInfo = $"additionalInfo : [authUrl: {authUrl}]";
throw new SecurityException($"AdfsAuthorization.GetAuthCodeForWinAppUserAsync is failed, {additionalInfo}", exp);
}
Step 2 : Pass Auth code to get jwt token from Adfs server
if (!AdfsConfiguration.IsInitialized) throw new SecurityException(Constants.AdfsConfigurationInitilizationExceptionMessage);
var client = new WebClient();
try
{
if (AdfsConfiguration.UseProxy == "Y")
{
var proxyObject = new WebProxy("Proxy", 80) { Credentials = CredentialCache.DefaultNetworkCredentials };
client.Proxy = proxyObject;
}
//Uri address = new Uri(String.Format("https://{0}/adfs/oauth2/token/", AdfsInstance));
Uri address = new Uri(string.Format(AdfsConfiguration.AdfsTokenServiceUrl, AdfsConfiguration.AdfsInstance));
Uri redirectAddress = new Uri(AdfsConfiguration.RedirectUri);
NameValueCollection values = new NameValueCollection
{
{"client_id", AdfsConfiguration.ClientId},
{"grant_type", "authorization_code"},
{"code", code},
{"redirect_uri", redirectAddress.ToString()}
};
byte[] responseBytes = client.UploadValues(address, "POST", values);
string response = System.Text.Encoding.UTF8.GetString(responseBytes);
return response;
}
catch (Exception exp)
{
var additionalInfo = $" additionalInfo : [address: {string.Format(AdfsConfiguration.AdfsTokenServiceUrl, AdfsConfiguration.AdfsInstance) }, redirect Uri :{AdfsConfiguration.RedirectUri}]";
throw new SecurityException($"AdfsAuthorization.GetAdfsOAuthTokenByAuthCode is failed, {additionalInfo}", exp);
}
finally
{
client.Dispose();
}
I have problem with executing chained payment after obtaining permission from user. I have no troubles to get Access Token and Access Token Secret.
The code should work this way: User (personal type sandbox account) authorizes primary receiver (business type sandbox account) to take money from his account.
Primary receiver sends a part of the sum to the second receiver.
The code is written in ASP.NET MVC but I suppose it has nothing to do with the framework, I'm using PayPalAdaptivePaymentsSDK and PayPalPermissionsSDK
I want to use it in sandbox environment for testing.
I assume it has something to do with application id, I would be very grateful for step-by-step explanation
Here's how I obtain all my credentials:
I login into my developer account.
account1.Username, account1.Password, account1.Signature
- sandbox -> accounts -> I select primary receiver of the payment (business type account) -> API Credentials
applicationId - "APP-80W284485P519543T"
In the config file I specified mode as "sandbox".
I use the same config for executing the payment.
Then I want to execute following code and in payResponse I get errorId 520003 "Authentication failed. API credentials are incorrect."
public class PermissionController : Controller
{
private AdaptivePaymentsService _adaptivePaymentService;
public ActionResult Index()
{
ViewBag.AccessToken = PayPalConfig.AccessToken;
ViewBag.AccessTokenSecret = PayPalConfig.AccessTokenSecret;
return View();
}
public PermissionController()
{
_adaptivePaymentService = new AdaptivePaymentsService(PayPalConfig.GetConfig());
}
public ActionResult GetPermission()
{
RequestPermissionsRequest rp = new RequestPermissionsRequest();
rp.scope = new List<string>();
rp.scope.Add("EXPRESS_CHECKOUT");
Dictionary<string, string> config = PayPalConfig.GetConfig();
rp.callback = "http://localhost:42072/Permission/GetAccessToken";
rp.requestEnvelope = new PayPal.Permissions.Model.RequestEnvelope("en_US");
RequestPermissionsResponse rpr = null;
PermissionsService service = new PermissionsService(config);
rpr = service.RequestPermissions(rp);
string confirmPermissions = "https://www.sandbox.paypal.com/webscr&cmd=_grant-permission&request_token=" + rpr.token;
return Redirect(confirmPermissions);
}
public ActionResult GetAccessToken()
{
Uri uri = Request.Url;
Dictionary<string, string> config = PayPalConfig.GetConfig();
var gat = new GetAccessTokenRequest();
gat.token = HttpUtility.ParseQueryString(uri.Query).Get("request_token");
gat.verifier = HttpUtility.ParseQueryString(uri.Query).Get("verification_code");
gat.requestEnvelope = new PayPal.Permissions.Model.RequestEnvelope("en_US");
GetAccessTokenResponse gats = null;
var service = new PermissionsService(config);
gats = service.GetAccessToken(gat);
_adaptivePaymentService.SetAccessToken(gats.token);
_adaptivePaymentService.SetAccessTokenSecret(gats.tokenSecret);
PayPalConfig.AccessToken = _adaptivePaymentService.getAccessToken();
PayPalConfig.AccessTokenSecret = _adaptivePaymentService.getAccessTokenSecret();
return RedirectToAction("Index");
}
public ActionResult ChainedPayment()
{
ReceiverList receiverList = new ReceiverList();
receiverList.receiver = new List<Receiver>();
Receiver secondaryReceiver = new Receiver(1.00M);
secondaryReceiver.email = "mizerykordia6662-facilitator#gmail.com";
receiverList.receiver.Add(secondaryReceiver);
Receiver primaryReceiver = new Receiver(5.00M);
primaryReceiver.email = "mizTestMerchant#test.com";
primaryReceiver.primary = true;
receiverList.receiver.Add(primaryReceiver);
PayPal.AdaptivePayments.Model.RequestEnvelope requestEnvelope = new PayPal.AdaptivePayments.Model.RequestEnvelope("en_US");
string actionType = "PAY";
string returnUrl = "http://localhost:42072/Home/Index";
string cancelUrl = "https://devtools-paypal.com/guide/ap_chained_payment/dotnet?cancel=true";
string currencyCode = "USD";
_adaptivePaymentService.SetAccessToken(PayPalConfig.AccessToken);
_adaptivePaymentService.SetAccessTokenSecret(PayPalConfig.AccessTokenSecret);
PayRequest payRequest = new PayRequest(requestEnvelope, actionType,
cancelUrl, currencyCode, receiverList, returnUrl);
// it breaks here
PayResponse payResponse = _adaptivePaymentService.Pay(payRequest);
PaymentDetailsRequest paymentDetailsRequest = new PaymentDetailsRequest(new PayPal.AdaptivePayments.Model.RequestEnvelope("en-US"));
paymentDetailsRequest.payKey = payResponse.payKey;
SetPaymentOptionsRequest paymentOptions = new SetPaymentOptionsRequest()
{ payKey = payResponse.payKey };
_adaptivePaymentService.SetPaymentOptions(paymentOptions);
PaymentDetailsResponse paymentDetailsRespons = _adaptivePaymentService.PaymentDetails(paymentDetailsRequest);
ExecutePaymentRequest exec = new ExecutePaymentRequest(new PayPal.AdaptivePayments.Model.RequestEnvelope("en-US"), paymentDetailsRequest.payKey);
ExecutePaymentResponse response = _adaptivePaymentService.ExecutePayment(exec);
return RedirectToAction("Index");
}
}
I want to oauth authentication like
Login using Google OAuth 2.0 with C#
But i don't want to authentication prompt popup
i want to get token directly without popup..
public ActionResult CodeLele()
{
if (Session.Contents.Count > 0)
{
if (Session["loginWith"] != null)
{
if (Session["loginWith"].ToString() == "google")
{
try
{
var url = Request.Url.Query;
if (url != "")
{
string queryString = url.ToString();
char[] delimiterChars = { '=' };
string[] words = queryString.Split(delimiterChars);
string code = words[1];
if (code != null)
{
//get the access token
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create("https://accounts.google.com/o/oauth2/token");
webRequest.Method = "POST";
Parameters = "code=" + code + "&client_id=" + googleplus_client_id + "&client_secret=" + googleplus_client_sceret + "&redirect_uri=" + googleplus_redirect_url + "&grant_type=authorization_code";
byte[] byteArray = Encoding.UTF8.GetBytes(Parameters);
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.ContentLength = byteArray.Length;
Stream postStream = webRequest.GetRequestStream();
// Add the post data to the web request
postStream.Write(byteArray, 0, byteArray.Length);
postStream.Close();
WebResponse response = webRequest.GetResponse();
postStream = response.GetResponseStream();
StreamReader reader = new StreamReader(postStream);
string responseFromServer = reader.ReadToEnd();
GooglePlusAccessToken serStatus = JsonConvert.DeserializeObject<GooglePlusAccessToken>(responseFromServer);
if (serStatus != null)
{
string accessToken = string.Empty;
accessToken = serStatus.access_token;
if (!string.IsNullOrEmpty(accessToken))
{
// This is where you want to add the code if login is successful.
// getgoogleplususerdataSer(accessToken);
}
else
{ }
}
else
{ }
}
else
{ }
}
}
catch (WebException ex)
{
try
{
var resp = new StreamReader(ex.Response.GetResponseStream()).ReadToEnd();
dynamic obj = JsonConvert.DeserializeObject(resp);
//var messageFromServer = obj.error.message;
//return messageFromServer;
return obj.error_description;
}
catch (Exception exc)
{
throw exc;
}
}
}
}
}
return Content("done");
}
public ActionResult JeClick()
{
var Googleurl = "https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=" + googleplus_redirect_url + "&scope=https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile&client_id=" + googleplus_client_id;
Session["loginWith"] = "google";
return Redirect(Googleurl);
}
The credentials window (popup) is how you ask the user if you can access their data. There is no way to get access to a users data without asking the user first if you may access their data. That is how Oauth2 works.
If you are accessing your own data then you can use something called a Service account. Service accounts are pre authorized. You can take the service account and grant it access to your google calendar, you could give it access to a folder in Google drive. Then you can authenticate using the service account. Service accounts are like dummy users.
My article about service accounts: Google Developer service account
I'm getting a LinqToTwitter.TwitterQueryException "Bad Authentication Data" with innerException "The remote server returned an error: (400) Bad Request."
I'm using the latest version of LinqToTwitter (v2.1.06) and Twitter API v1.1.
The following code is used for authentication:
private XAuthAuthorizer GetAuthorizer()
{
var auth = new XAuthAuthorizer
{
Credentials = new XAuthCredentials
{
ConsumerKey = CONSUMER_KEY,
ConsumerSecret = CONSUMER_SECRET,
}
};
auth.Credentials.AccessToken = ACCESS_TOKEN;
auth.Credentials.OAuthToken = OAUTH_TOKEN;
auth.Authorize();
return auth;
}
And the error happens on the line of the foreach loop below:
XAuthAuthorizer _auth = GetAuthorizer();
_twitter = new TwitterContext(_auth);
var friendTweets = from tweet in _twitter.Status where tweet.Type == StatusType.Show && tweet.ID == tweetID select tweet;
foreach (var tweet in friendTweets)
{
AddTweetToCache(tweetID, tweet);
return tweet;
}
Any help would be greatly appreciated!
This fixed it. I was using the authentication method.
var auth = new ApplicationOnlyAuthorizer
{
Credentials = new InMemoryCredentials
{
ConsumerKey = CONSUMER_KEY,
ConsumerSecret = CONSUMER_SECRET
}
};