I am initiating an App for Office project and I am trying to find out something critical.
Can I use my ASP.NET MVC built-in OAuth authentication to pair it with a Live account so my app logs-in the user into MS Office for Desktop apps.
This is needed so I can access OneDrive and use the share file editing there.
The architecture so far is:
Files stored in a single OneDrive or SharePoint server (TBD)
Desktop Office apps (Word and Excel) where the users work.
App for Office, installed in their Word and Excel. Users can authenticate on the back-end ASP.NET MVC server, using any 3rd party email address and a password.
I have used OAuth in ASP.NET MVC projects but not in integration with Office in an App for Office.
So, my question is if this idea is possible and HOW, or I have to give everyone an Office 365 account so they can connect via the integrate Office for desktop.
As we in our small company like to benefit from the OneDrive functionality, and also want to have selected shared and group folders offline available, we found a more or less perfect workaround.
We use the Goodsync software to synchronize. For this you create a sync job within Goodsync for the folders you want to have offline- available. Such a sync definition / call it folder pair / has a reference to the local folder, and on the other side a reference to the OneDrive folder. The reference to the OneDrive folder you describe like this: „sds://d.docs.live.net//“.
The OneDrive CID you can see for any shared OneDrive folder in OneDrive web whithin its web address (example: https://OneDrive.live.com/?cid=xxxxxxxxxxxxxxxx) . Similarly it works for OneDrive group folders.
Our experience is very good with this workaround, only to be aware to have all rights for the shared One Drive folder, then Goodsync can even create or delete folders within shared OneDrives.
Good luck! Wolfgang from Salzburg
For everyone's benefit, I will explain what we have done.
We are using Azure Active Directory and manage all users there. We connected SharePoint site to it and it has a OneDrive behind. Now our App for Office connects to that using SharePointContext from here and it magically works.
Related
Trying to leverage the Microsoft Graph API within a daemon application to update a single OneDrive Excel file. How do I accomplish least privilege permissions to a single file. I have scoured the documentation for a straightforward explanation of this basic task, however no articles are instructive on how to proceed with this. The documentation appears to define least privilege as a distinction between the Office software entities, but not within folders and files of a OneDrive. Thanks in advance for guidance.
This isn't possible. The Files.{Read|ReadWrite}.All application scopes provide access to the entire Drive for every user.
From the Permissions documentation:
Files.Read.All: Allows the app to read all files in all site collections without a signed in user.
Files.ReadWrite.All: Allows the app to read all files in all site collections without a signed in user.
Google Console has "service accounts" and service accounts can be given write permissions to files. These files can then modified without any sort of user intervention and works as long as the service account has the appropriate permissions.
Is there anything similar for Microsoft Graph? We have a file in a SharePoint folder that we would like continued access to even if the people with access to that folder continuously changes.
Azure AD has a notion of Service Principals that can be used for this purpose.
I have found some, but not all, pieces of the puzzle.
Using Graph APIs, when a user selects a document in my own web application, I can:-
Create a new temporary folder in their OneDrive account
Upload my.docx file to this location
Get the url for my.docx
Open the URL in a new tab, loading Office 365's MSWord editor (or viewer and editor after one more click)
This is where it gets a bit trickier. How can I get the edited content back into the location where my web application historically stored these documents?
Theorising, I can:-
Create a webhook subscription to the new folder I create
Implement a webhook listener (and validation) service
When the listener receives an 'update' notice for the document:-
Call the download(content) API, or from the driveItem metadata, download it from #microsoft.graph.downloadUrl
Persist it to my desired location within my web application
To me this sounds like it'll suffer from big delays. The webhook subscriptions typically send batches of changes and the frequency looks uncertain. It certainly wouldn't be great for versioning every individual save operation during the editing session.
Have I missed some more obvious path to Word as a Service? i.e. another API or a mixture of APIs?
Alternatives I've considered but haven't yet scoped: implement WOPI or WebDav within my own web application.
It sounds like you're only using OneDrive to take advantage of its built-in support for the MS-WOPI protocol. WOPI is basically an enhanced WebDav interface that is used by Office to work with remote document (i.e. files stored on OneDrive, Box, DropBox, etc.).
Your solution is generally fine and it is certainly easy enough to orchestrate. You can absolutely use webhooks to subscribe to changes to the file. You'll likely want some mechanism in your app to notify your system when they're "done" so you can clean up the file afterwards.
If you want a more robust solution, you'll need to look at WOPI. Implementing WOPI would allow you to keep these files on your system permanently. Office Online would use the WOPI interface to speak with your storage system and open/save/edit files in-place.
Keep in mind that implementing WOPI (or any protocol for that matter) is often a non-trivial endeavor. You will also need to get your final solution validated and whitelisted by Office before it can be used. Details on this process and how to request access can be found at the Microsoft Cloud Storage Provider Program website.
Today OneNote and Excel are the only office "document clients" that have API's exposed via a REST API publicly available in the Microsoft Graph.
The only other "publicly available options" I'm aware of are:
WOPI APIs, that kind of act like a REST API but muche older
The office add-in model (hosted in a client) with the JavaScript API
The word object library (old, relying on dcoms and needs to have office installed and licensed on the machine)
Is there a way to access files, such as those created by the CCB tool, that are placed into a specific directory in the Manage Files area of a course offering? I've tried the topic API, but the new /file path only returns a value when the file is attached to a topic - not if it's just "hanging out" in the files area. Is there a more generic way to access the entire file structure there - maybe even by using WebDAV)? If so, is there a way to turn WebDAV on?
Thank you,
-George
The Valence Learning Framework API does not currently offer direct access to the Manage Files area.
I believe that clients can engage D2L to provide WebDAV access to the Manage Files store; the D2L client should contact their account manager to work through the details of setting this up for their use. This is not a feature that a third party integrator can count on all clients having available though, as it does (I believe) require a special engagement with D2L around a client's service.
We have a ASP.NET MVC3-Application which includes a lot of links to Documents in SharePoint 2010 - Libraries. If the User clicks on one of these links, he'll be invited to choose between ReadOnly-Mode or Edit-Mode of the Office-Document. If he chooses "Edit-Mode", he will have to enter the credentials for SharePoint.
Is it possible to do some kind of SingleSignOn out of the MVC-Application, using the Users MVC-App-Creentials to log into SharePoint2010? We'd like to have the user clicked on the link and to be able to edit the document and click save (saving back to SharePoint) without entering his credentials once again. Are there any experiences?
//edit: the MVC-Application & SharePoint are both in a different Active Directory than the User, so this problem is not solvable by implementing a User > SharePoint SSO. Further it is not possible to access SharePoint through the SharePoint Server Object Model in the MVC3-Application: SharePoint uses .NET 3.5 and MVC3 requires .NET 4.0
You can achieve what you are trying to do, however, you would need to enable claims based suthentication on SharePoint and write a custom provider.
One of the possible solutions in your case is Active Directory Federation Services.
http://blogs.technet.com/b/andrew/archive/2010/06/09/what-is-adfs-and-why-you-should-care.aspx