We have a site used by Outlook addin hosted on sharepoint, when a user tried to access it they had a browser window open on the Sharepoint Online site, our front end is hosted there but it doesn't bring us to site location it just brings to Sharepoint home page.
We resolved this for a lot of users by adding runtimes in our manifest (this will force Outlook to use IE, whereas before browser is determined on a combination of 365 and windows versions). Still for some users it will bring us to a new browser, we have checked they are on the same Windows and Office 365 version as others who have the plugin working in Outlook task pane.
Also to note there is no issue with anyone using the plugin from OWA (web mail in a browser) and the redirect from desktop outlook looks like it for SSO then verifies user in browser and brings us to Sharepoint.
anyone have any idea what could be causing this?
The problem was caused by any sites or domains trying to be accessed by outlook addin need to be added to app domains in the manifest file. We ran a fiddler trace on the users machine and took a list of the domains that were being hit (for SSO) once we added them this issue was resolved.
I am investigating how to convert an existing outlook add-in to authenticate to one of our APIs via Azure Active Directory. The way the add-in works, it would severely limit the user experience if they were constantly prompted with a dialog. If I were to base my solution off this sample project, how often could we expect the user to have to interact with a dialog or login?
We are writing a document organization system as a Custom Tab within Microsoft Teams and we are trying to replicate the 'Edit in Teams' option that´s provided by Microsoft Teams on the Files tab but it seems that we are unable to replicate the functionality. We are storing files within Sharepoint and have an edit URL, but we are unable to iframe this link due to CORS issues and can only open this link in a new browser. Does anyone have any thoughts on how we can open office documents within the teams client from a custom tab other than opening as a new window which means users have to keep switching in and out of Microsoft Teams.
By looking at what Microsoft teams is doing via the network requests, when you select ´Edit in Teams' it is getting hold of an wacUrlEdit link which appears to be iframeable which for example begins with https://euc-word-edit.officeapps.live.com/we/wordeditorframe.aspx?ui=en, however we can´t get hold of this wacUrlEdit link as it generated using an access token from https://api.spaces.skype.com, which according to https://stackoverflow.com/users/4406395/bill-bliss-msft on How to get an Azure Active Directory access token for https://api.spaces.skype.com isn´t publicly available, it´s only intended for the teams client. Fyi.. It also seems that Teams doesn´t IFrame this wacUrlEdit, but opens up a new url (at least in the web browser) via https://teams.microsoft.com/_#/docx/viewer/teams
I have read about WOPI host implementation, but this does seem like a lot of work to solve this and not totally sure this is the correct option considering these files are stored in Sharepoint Online.
I'm developing Excel online apps using "Napa" Development Tool, using a newly registered account, currently in my 30 days free trial phase.
When I was trying to create an task pane app for Office on my Sharepoint page, I successfully created a project, and I was able to edit the code inside the online code editor.
When I was trying to run the project, by clicking on the "Run" icon on the left menu bar
,
the pop-ed up dialog indicates that the app was deployed on the website.
But, when I clicked on the link and it opens up a new browser tab, in which the webpage told me that I don't have access to that page.
Anyone knows what's going on here?
Also, it's not just that the Task pane apps are not working. I tried to create App for Sharepoint, Content app for Office, Task pane app for Office, and all of them don't work, telling me that I don't have access on the page when I tried to run them.
Found the answer.
In the page indicating access required, post a new message and require access to the site.
And then in your own sharepoint.com site, edit the site and grant access to that specific message, then we can have the access to the app.
Our environment is Sharepoint 2010, with a web application created (and site collection on top), using claims based authentication. The first site is using port 881. It is using integrated windows authentication. Another web application is created, extending the first application, using port 882. This site is using Forms Based Authentication, the membership provider is System.Web.Security.ActiveDirectoryMembershipProvider, named admembers. I have turned off Client Integration on both sites.
When I login to the 881 site, on my corporate network, logged into the machine with the same domain account that sharepoint uses, I can open an Office file saved in a document library, and it subsequently opens in the appropriate Office application, without asking me login again. But, If I login to Sharepoint from a computer that is not on our network, or login to the computer with an account that is not a domain account, I get prompted again to login when openning an Office document. If I choose the option to save, it does not prompt, but if I choose open in the dialog window, I am forced to enter my domain credentials again.
When I login to the 882 site, which uses FBA, I experience the same problem. If I open an Office document, the appropriate Office application opens, and asks me for my credentials, by showing me a dialog window with the sign in page loaded. If I choose to save the file, then I am not prompted to login, and the file saves to a local folder.
I can't expect my users that are off site to login again everytime they open an Office document, like Work, Excel, Powerpoint, etc. I have tried numerous fixes, including disabling client integration, changing the browser handling mode (strict/permissive), changing internet explorer settings (for integrated windows authentication), changing the integrated windows authentication site to use basic authentication, even hacking the page using jquery to call the sharepoint javascript function that execute the "download a copy" function. None of them work: when choosing to "open" the Office document in the browser, the user has to login again, or just close the dialog window without logging in (as long as client integration for the zone is turned off).
I'm looking to get this accomplished using windows authentication or forms based authentication.
Help!
I found this answer in a similar post which seemed to fix the problem for me when I tested it. The gist of it is you need to deny the HTTP Verbs OPTIONS and PROPFIND in IIS. Having said this, I'm not an IIS guru and am not exactly sure what this means or what else it might affect. Can anyone else shed some light on this?
A bit of background, I'm using SharePoint 2010, on an FBA site.
You have the standard three use cases:
Employee intranet access
Employee remote access
Partner remote access
Employee intranet access
This normally always works out of the box, and it looks like it is working for you.
Employee remote access
The only way that i have seen this work (and i have tried many ways) is to get TMG or ISA. Basically ISA is setup in FORMS auth with SSL, it captures the auth details, and then passes them to the sharepoint server. (and other servers if you have them eg OWA for sharepoint mail web parts)
If you select the "Is private computer" option on the ISA login screen, then Office documents share the auth cookie and don't prompt for another login. I had so many problems, but as soon as i installed TMG, they all went away. I would not recommend any other approach now.
The added bonus of this method, is that remote employees are treated as the same account as the intranet user. The way you are setup with a seperate web application, means that they will be different accounts, so things like [checkout/modifiedby/createdby/personalisation] will be different accounts (though they look the same)
Partner remote access
This may never ever work on some clients (especially Vista), as IE needs to share the authentication with Office
If this is sharepoint 2010, try this.
Get-SPSecurityTokenServiceConfig
Look at your UseSessionCookies value in the output. If True, apply the powershell below.
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $false
$sts.Update()
If UseSessionCookies is true, you will have to login to any docs u want to download...