How to get MIME content via REST from on-premises Exchange Server - outlook-web-addins

We are trying to get the MIME content of the message via REST as an alternative to EWS. This approach works against Office 365, but not against ON-PREMISES Exchange Servers that have exposed a preview REST end-point. I presume this is a limitation, but wanted to check if so.
Get MIME content of a message:
https://learn.microsoft.com/en-us/graph/outlook-get-mime-message
Approach to get MIME content is to put '$value' at the end of URL:
https://{on-prem-server}/api/v2.0/me/messages/{id}/$value
Method Not Allowed --- https://{on-prem-exchange-server}/api/v2.0/me/messages/.../$value
Not Found --- https://{on-prem-exchange-server}/api/v1.0/me/messages/.../$value

Related

Blueprism Code Producing 403 Forbidden Error

I am trying to use Blueprism to download pdf files from Sharepoint.
I am using the below code. Url and Path are both variables which get passed through. This is producing a 403 forbidden error. I believe that Blueprism is required to pass credentials to Sharepoint before it will be allowed to download the file. Is this possible?
Using wc As New System.Net.WebClient()
wc.DownloadFile(Url, Path)
End Using
I don't think you have a password related issue, likely the SharePoint is recognising your account access via AD group or SSO of some kind. 403 means the server has understood your request but is denying to fulfil it because of an access reason on the profile you have. Make sure you can manually download the file on the profile you are emulating for a start then also check the profile the bot is operating under (not necessarily yours in some cases ) has access to said file.
Literally 403 is a request that relates to an access issue so somewhere something doesn't have the correct access lined up
First of all, is this a Sharepoint Online or OnPremises version? As you understand, you are connecting to web resource via an API and as such you have to get authenticated and authorized to access those resources.
If it's SPO, you can use the API component for SharePoint integration from DX and configure.
In case of SP On prem, you have to customize a lot to achieve your results.

Azure API Managment: Is it possible to see trace when invoked from outside the portal

from postman if I invoke the an IP which goes through API Management I set
Ocp-Apim-Trace : True
. Will I be able to see the trace some where. Is this only ment to be used from inside the Test tab in API Management in azure portal?
Yes, if you include the Ocp-Apim-Trace header with a value of true, a link to the trace file will be returned in the response header Ocp-Apim-Trace-Location, which you can open via Http
Pulling Vitaliy's comment up into the answer: the APIM subscription key needs to belong to a user who has admin rights in order for this to work

OWA traffic block at firewall due DATA URL Scheme Policy bridging

We are using SharePoin 2013SP1 in-premise with OWA-2013, WOPIZone is set to external-http in SP, view/editing/adding of office files works behind the load-balancer (LB) but when viewing from client (outside LB) blank page is displayed for any office files.
When launching the URL of OWA check "http:///hosting/discovery" from the client I get the XML file displayed on the client browser.
Check the OWA and SP logs and could not find any exception, the file checking is performed and replied successfully (compared this with a good request and failure request both seams same).
hence requested network team to check on firewall, who has given the below info.
Network Findings:
we found that IPS signature HTTP: RFC 2397 Data URL Scheme Policy blocked the traffic.
It was found that the reply from server was blocked due to DATA URI packet is transferred which is blocked at firewall.
Question:
1) Can provide more info on this DATA URI base64 encoding data reply from OWA server. When network team want to open this policy what info I should provide (origin source, uni/bi drection, etc).
2) Any other such policy to be opened for view/adding/editing office files using OWA from client.
3) In the event this rule/policy is marked as "HIGH" in terms of security then any other work-around for viewing office files through OWA.
Thanks,
Hari

SharePoint 2013 Cross-Domain Library Scenario: Authentication Mechanism for Remote App

I have a SharePoint provider-hosted app that exposes a Web API endpoint. I'm using this endpoint as a middle man to call a secured external web service. I want to make calls to my Web API endpoint via javascript in a SharePoint Page (a Publishing Page) in my host web. Since this is a cross-domain call, I'm utilizing SharePoint's cross domain library (SP.RequestExecutor.js). I followed the steps in this article to create my custom proxy page that is required by the cross-domain library. Everything works fine. I can call my service via SP.RequestExecutor with no issues. Now, I just want to require authentication for accessing the Web API endpoint.
The article that I reference states that I'm responsible for the authentication mechanism. I just can't seem to come up with a really secure one and there are literally no examples on the web. I'd really like to leverage the identity of the SharePoint user somehow since only SharePoint users will be hitting the Web API endpoint, I just can't figure out how. SP.RequestExecutor won't let me pass the SPHostUrl querystring parameter when hitting the endpoint, so that's why I can't use the trust relationship between SharePoint and remote app. Does anybody have some ideas for authentication in this scenario that would work well when using SP.RequestExecutor to call my endpoint?
To summarize, you have the following scenario:
You have a SharePoint add in (SharePoint App).
A page on the add in web (app web) needs to call an external service.
You have an external service implemented using ASP.NET Web Api.
The external service needs authentication.
The first issue you need to address is the Same Origin Policy. To overcome this issue, Microsoft documentation describes three options as you know:
The SharePoint Cross Domain Library
The SharePoint Web Proxy
Create a custom proxy page.
However, I think the best bet is to use CORS because it is a W3C recommendation, it's simpler, easier to use, comprehensive, hack-free, and specially: ASP.NET Web API 2 supports CORS.
The other issue to address is authentication. Unfortunatelly Microsoft documentation doesn't provide any example nor hint, it simply tells you it's your responsability. Searching the web doesn't provide any example or hint either. So I conclude: You need to invent an authentication mechanism. Several authentication protocols are based on chalenges such as NTLM authentication. Email address validation uses also a chalenge, it chalenges you to read an email sent to the emails address. I propose you a mechanism based on the same paradigm. I chalenge the user to create a specific list item on the SharePoint App Web (add in). So we need a list on the App Web called AutenticationChalenges with the following fields:
ID: autoincrement built in field.
ChanlengeValue: single line of text.
CreatedBy: user built in field.
The authentication proccess has the following steps:
1.- JavaScript on a App Web page calls https://myexternalservice.mycompay.com/create-chalenge web api endpoint with the following payload:
{
"UserId": "3432" // the SharePoint UserId
"AppWebUrl": "https://mysharpointonline-e849d5bbe0ddc2.sharepoint.com/MySharePointApp"
"HostWebUrl": "https://mysharepointonline.sharepoint.com/MySharePointApp"
}
2.- The external server generates two 16-32 bytes random values: ChalengeValue and CorrelationToken, and it inserts them along with the payload into some storage such a table like the following:
CREATE SEQUENCE authentication_chalenges_authentication_chalenge_id_seq
START WITH 1;
CREATE TABLE authentication_chalenges
(
authentication_chalenge_id int NOT NULL DEFAULT NEXT VALUE FOR authentication_chalenges_authentication_chalenge_id_seq
CONSTRAINT authentication_chalenges_authentication_chalenge_id_seq PRIMARY KEY,
user_id int NOT NULL,
correlation_token binary(16) NOT NULL,
chalenge_value binary(16) NOT NULL,
app_web_url varchar(4000) NOT NULL,
host_web_url varchar(4000) NULL,
created_timestamp datetime NOT NULL
)
Then, the server returns the following result:
{
"ChalengeId": 31232, // the value of authentication_chalenge_id column of the table
"CorrelationToken" : "95AE040FE6844345B36B5E33BE03437F",
"ChalengeValue" : "E38A022B7F744D3BA8C676259AECD607"
}
3.- JavaScript on the App Web page inserts an item into the AuthenticationChanlenges list setting ChalengeValue column = "E38A022B7F744D3BA8C676259AECD607" and calls https://myexternalservice.mycompay.com/login web api endpoint with the following payload:
{
"ChalengeItemId" : 4133, // the ID column of the AuthenticationChalenges SharePoint list
"ChalengeId" : 31232,
"CorrelationToken" : "95AE040FE6844345B36B5E33BE03437F",
"ChalengeValue" : "E38A022B7F744D3BA8C676259AECD607"
}
4.- The external services server look for the row on chalenges table:
SELECT * FROM authentication_chalenges WHERE authentication_chalenge_id = 31232
If the query returns a row and CorrelationToken and ChanlengeValue match, and it has not expired yet, the server connects to sharepoint looking for the item with ID = 4133 on the AuhenticationChalenges list, ands checks that ChalengeValue is equals to E38A022B7F744D3BA8C676259AECD607, and finally it checks that CreatedBy user id is equals to 3432. If all checks success, then it responds with and ok response and sets the authentication cookie. If any of the checks fails then it responds with 401 result.

Azure REST API on a web role does not accept POST with Json body

We are using Open Rasta on an Azure Web Role to provide a REST API. Our GET methods work fine returning Json data. When I try and POST a request with a Json body I get this error.
The server cannot service the request because the media type is unsupported. It returns a 415 code. I examined the messages in Fiddler and they look ok.
I am guessing that IIS is not setup to allow -> Content-Type: application/json
I found this http://msdn.microsoft.com/en-us/library/gg433059.aspx but am not sure what I need to do to get this to work.
Any help would be great.
I dont recall the answer exactly, but in Non Azure types of situations at least there is a web.config file that you set to allow Posts.
I believe it's this:
system.web
protocols
add name = "HttpPost"

Resources