I am developing an outlook add-in using the Yeoman Office generator (Office Add-in Task Pane project supporting single sign-on).
All documentation on using this program says to run "npm run configure-sso" after Yeoman has finished and it builds the AAD instance for you.
My problem is "npm run configure-sso" saves the client secret in Microsoft's Credential Manager (on the PC), but I want to host my add-in on Azure. Is there a way to move the client secret from Credential Manager into an Azure instance, or into an environment variable in the add-in?
This setup likely won't work on Azure deployment because office-addin-sso package SSO code is attempting to store and get the app secret in Windows credential manager so you have to remove that package and then add the code yourself to handle SSO so that you can deploy to Azure.
Here are some workaround . However, Microsoft team have plan to document this sometime in August, so hopefully will have guidance around this soon.
Related
I use Azure DevOps in order to make continuous integration (CI). I would like to push the binaries (artifacts) to a one drive sharepoint folder whose url is like this : https://foo.sharepoint.com/personal/bar/_layouts/15/onedrive.aspx .
Thank you very much for your help !
I make some research and i attempt to do it with microsoft graph. But i don't understand how to make url....
I see also that many of customers like me want to do this : https://developercommunity.visualstudio.com/t/onedrive-support-for-devops-pipeline-release/548731.
I saw that it is possible to do this with a powershell script. But i don't know at all how to manage all this mess !
I suppose that you could follow this document for Continuous Integration and Continuous deployment using Azure DevOps
After you create the artifacts, you could follow the steps below to publish it to share point in a Release Pipeline.
1.Adding a stage.
2.Install the Node.JS tool in your stage with node.js installer with the version 10.x.
If your project is based on SharePoint Framework version 1.7.1 or earlier, use version 8.X.
3.Installing the CLI for Microsoft 365.
Add a npm task, select a Custom command and type install -g #pnp/cli-microsoft365 in the Command and Arguments field. Learn more about the CLI for Microsoft 365
4.Connecting to SharePoint Online
Before using the App Catalog in your deployment environment, you first need to authenticate against the App Catalog of your tenant. To do so, add a Command Line task and paste in the following command into the script field m365 login -t password -u $(username) -p $(password).
note
If you are using CLI for Microsoft 365 to connect to your tenant for the first time, you need to perform an interactive logon with the account first. This is required to grant access to PnP Office 365 Management Shell application which is used by CLI for Microsoft 365 to access your tenant on the account's behalf. Your task will otherwise fail to logon non-interactively. Details available on CLI for Microsoft 365 User Guide.
5.Adding the Solution Package to the App Catalog
Upload the solution package to your App Catalog by adding another Command Line task and pasting the following command line in the Script field m365 spo app add -p $(System.DefaultWorkingDirectory)/SpFxDevOps/drop/SharePoint/solution/sp-fx-devops.sppkg --overwrite
The path of the package depends on your solution name (see your project configuration) as well as the Source Alias you defined earlier, make sure they match.
Note
You can upload a solution to a site collection app catalog by adding --appCatalogUrl https://$(tenant).sharepoint.com/$(catalogsite) --scope sitecollection
6.Deploying the Application
The final step in the setup is to deploy the application to the App Catalog to make it available to all site collections within the tenant as its latest version. Add another Command Line task and paste the following command line in the Script field m365 spo app deploy --name sp-fx-devops.sppkg
Note
You can deploy a solution from a site collection app catalog by adding --appCatalogUrl https://$(tenant).sharepoint.com/$(catalogsite) --scope sitecollection
Following this article, I have successfully hosted my ClickOnce app to Azure Blob Storage.
But what URL should a user use to install the app. For example, when you publish an app to a website using VS2019, it creates a publish.html page whose URL a user can use to install the app. But here we don't have that publish.html page. So, what we do in that case?
nam. I am very happy to tell you how to generate publish.htm.
After my test, I found the reason why you can't generate piblish.htm. My dev IDE same as you Microsoft Visual Studio Enterprise 2019. It may be upgrade and lost some function about publish. You should use vs2017 to publish the application. I try and success.
This link is my demo url, you can check it. Jason's demo
And document links of how to set publish settings is below,
how to set publish setting to generate publish.htm
Add pic about how to configure, right click project->properties->publish->options->deployment
This question refers to the article:
https://learn.microsoft.com/en-us/azure/app-service/app-service-managed-service-identity
I'm trying to figure out how I can simulate using the service principal that is generate for my azure application to work locally.
I followed the article and when I deploy azure function to azure and run it from there, I'm able to successfully use the MSI_ENDPOINT and the MSI_SECRET to successfully get the token. However, when i run the same deployment locally it fails. I use the exact same MSI_SECRET and change the MSI_ENDPOINT to the Domain that I use to the azure function endpoint.
Example: On azure the MSI_ENDPOINT = http://127.0.0.1:41831 and locally it is http://localhost:7071 (http://0.0.0.0:7071
However, when I run it locally I get a 404 error with the request. The request is http://0.0.0.0:7071/MSI/token?resource=https://vault.azure.net&api-version=2017-09-01 with the secret in the header. Exact same params with the working one loaded on azure except for the MSI_ENDPOINT.
Any advice on how to address this so I can run and test locally?
Using the Microsoft.Azure.Services.AppAuthentication library for .NET
for .NET applications and functions, the simplest way to work with a
managed identity is through the
Microsoft.Azure.Services.AppAuthentication package. This library will
also allow you to test your code locally on your development machine,
using your user account from Visual Studio, the Azure CLI, or Active
Directory Integrated Authentication. For more on local development
options with this library, see the
Microsoft.Azure.Services.AppAuthentication reference. This section
shows you how to get started with the library in your code.
Add references to the Microsoft.Azure.Services.AppAuthentication and Microsoft.Azure.KeyVault NuGet packages to your application.
However, this library is only available in .net which i'm not using and does not really explain how you would do it via REST call.
Thanks!
As far as I understand, MSI via REST works for you in the cloud, but not locally.
Unfortunately, it seems this is currently not easily possible when you can't use the AppAuthentication library. See this GitHub suggestion.
So if you don't want to hack some debug code into your production code, you probably need to host a "custom MSI proxy" locally which just performs the classic authentication via client credentials (appId + secret) to return the token.
curl -d "grant_type=client_credentials&client_id=<removed_for_security>&client_secret=<removed_for_security>&resource=https%3A%2F%2Fvault.azure.net" https://login.microsoftonline.com/<removed_for_security>/oauth2/token
Note that I added the KeyVault as the resource parameter. See your built MSI URL - http://0.0.0.0:7071/MSI/token?resource=https://vault.azure.net&api-version=2017-09-01
My problem is that I have a NuGet server on an Azure website using Azure AD for auth. It works as expected if I hit the NuGet URL in Chrome (requires the login, which accepts appropriate credentials), but if I try to access it in Visual Studio 2013 (through manage NuGet packages) it won't accept the account/password as appropriate credentials (the prompt just pops up again). My approach was as follows:
With the goal of creating a simple internal NuGet server, I largely followed the instructions in this article to deploy one on an Azure website: http://www.codeproject.com/Articles/872230/Create-Your-Own-Private-NuGet-Server-in-Windows-Az
The NuGet server works just fine, but I wanted to add some basic auth since we'll be hosting some of our code there. I decided to try to use Azure AD for this. I added a couple Microsoft accounts (mine and a coworker's) to our otherwise empty default Azure active directory. Through the management portal, I then selected the 'configure' tab in the website dashboard and added the default directory in the auth section.
Since the developers who will be pulling down our packages will do so through Visual Studio, I need to figure this out or find an alternative. I would like (if possible) to avoid writing my own auth module, since this feature is supposed to be baked into Azure.
It turns out that NuGet does not currently support Azure AD. However, they are working on it and progress can be tracked here: https://github.com/NuGet/Home/issues/708
I've been attempting to create a new MVC web application in visual studio and have it hosted in Microsoft Azure. If I choose to have a database server it fails with the following error.
Creating Microsoft Azure Web App
Creation of Microsoft Azure Web App failed. Object reference not set to an instance of an object.
If I don't select the option to have a database the web site is created in my azure account.
Can anyone tell me what this error is suppose to mean.
Make sure you are using the latest SDK version. There was a bug in 2.5.1 that is fixed in 2.6. Also make sure you're creating the database in the same resource group as the web app.