How to Develop Office 365 Custom File Handler - azure

I heard Microsoft provides file handler add-in for custom (non-Microsoft) file types in Office 365.
I tried to do this following the tutorial found here, however it seems a bit outdated (although it was last updated in Jan 2017) because several things mentioned there are different from my environment - I use Visual Studio 2015 on Windows 10.
So basically here's what I'm trying to achieve.
I have a custom file type with .encx extension, which is simply a encrypted docx file using our own cryptography algorithm. I can access to Office 365 tenant admin account. I want to allow our users to be able to open this encrypted file in OneDrive web interface.
Here's my environment:
Microsoft Visual Studio Enterprise 2015 Version 14.0.25123.00 Update 2
Microsoft .NET Framework Version 4.6.01586
Azure SDK v2.9.6
I created a new Visual C# project based on File Handler Application template in Office category from VS 2015.
And I added connected service for Office 365 API.
Since I have a free trial subscription on Azure account, I added all the required stuff like SQL database server, SQL db, Azure Active Directory - basically all the things explained in the above tutorial. And then I published and publishing was successful. I can see it live on the *.azurewebsites.net in my browser and sign in even works.
I used Addin manager sample Azure app as described in the tutorial to update add-in settings like file icon, preview/open/new endpoint link etc, and hit Update button. Now I uploaded some .encx files to OneDrive account but it still doesn't show custom icon nor open it in custom file handler (it just triggers browser file download).
I've been pulling my hair with this issue because I couldn't find any helpful/detailed answers anywhere online.
I seriously need help from Microsoft people.
UPDATE:
Now I have some progress - I can see custom file icon, .encx file now tries to show something as a preview when I select it, and opens in new tab if I click it.
The problem is Preview, Open works with my localhost URL, but not with published Azure web service URL. It says Sorry, something went wrong along with Invalid URL: |0..
UPDATE 2:
Here's a manifest file for Azure web service app:
{
"appId": "0afc5455-a05b-4cc1-b241-89c717d9bce4",
"appRoles": [],
"availableToOtherTenants": false,
"displayName": "MyFileHandler",
"errorUrl": null,
"groupMembershipClaims": null,
"homepage": "http://my***.azurewebsites.net/",
"identifierUris": [
"https://filevisor.net/MyFileHandler"
],
"keyCredentials": [],
"knownClientApplications": [],
"logoutUrl": null,
"oauth2AllowImplicitFlow": false,
"oauth2AllowUrlPathMatching": false,
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access MyFileHandler on behalf of the signed-in user.",
"adminConsentDisplayName": "Access MyFileHandler",
"id": "5b21f973-edd5-4ace-a369-cfff0ed3b8fa",
"isEnabled": true,
"type": "User",
"userConsentDescription": "Allow the application to access MyFileHandler on your behalf.",
"userConsentDisplayName": "Access MyFileHandler",
"value": "user_impersonation"
}
],
"oauth2RequirePostResponse": false,
"passwordCredentials": [
{
"customKeyIdentifier": null,
"endDate": "2018-02-02T05:22:35.7514025Z",
"keyId": "b19de090-a661-402f-8ae2-624f148ff6fd",
"startDate": "2017-02-02T05:22:35.7509019Z",
"value": null
}
],
"publicClient": false,
"replyUrls": [
"http://my***.azurewebsites.net/"
],
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "17dde5bd-8c17-420f-a486-969730c1b827",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"extensionProperties": [],
"objectType": "Application",
"objectId": "0bdea3fb-5ff7-4b8c-aa2c-6556a4c2ce46",
"deletionTimestamp": null,
"createdOnBehalfOf": null,
"createdObjects": [],
"manager": null,
"directReports": [],
"members": [],
"memberOf": [],
"owners": [],
"ownedObjects": []
}

I don't see an "addIns" property in your manifest, as described here: Configure and update file handlers in Office 365. It might be that this property is just suppressed from the downloaded copy of the manifest, but if you haven't added this property to the manifest, please add it and see if that helps.

Related

How to make Microsoft Teams home site app work across different tenants

I have created a home site app for Microsoft Teams that renders a SharePoint communication site (sharepoint) in a personal tab by following the article Teams App with SharePoint. When I install the app in Teams desktop within the same tenant, it is working fine.
When installing the app in another tenant (fabrikam.sharepoint), where the user is added as a guest to the tenant having the SharePoint site (contoso.sharepoint), the site content does not load in Teams desktop. When accessing in a browser tab, the app starts working once I manually open the SharePoint site in a new tab.
The manifest I'm using for the app:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.8/MicrosoftTeams.schema.json",
"manifestVersion": "1.8",
"id": "80322562-deed-42fa-88e7-373884e370f2",
"version": "1.0.0",
"packageName": "MyTeamsApp",
"developer": {
"name": "microsoft.com",
"websiteUrl": "https://MyTeamsApp",
"privacyUrl": "https://MyTeamsApp/privacy.html",
"termsOfUseUrl": "https://MyTeamsApp/tou.html"
},
"name": {
"short": "MyTeamsApp Home Site",
"full": "MyTeamsApp Home Site App for Teams"
},
"description": {
"short": "This is Tone Training Home Site app for Teams",
"full": "This is the Tone Training Home Site app packaged for Teams"
},
"icons": {
"outline": "TeamsOutline.png",
"color": "TeamsColor.png"
},
"accentColor": "#D85028",
"configurableTabs": [],
"staticTabs": [
{
"entityId": "MyTeamsAppHome",
"name": "My Teams App Home",
"contentUrl": "https://contoso.sharepoint.com/_layouts/15/teamslogon.aspx?SPFX=true&dest=/sites/MyTeamsApp",
"websiteUrl": "https://contoso.sharepoint.com/sites/MyTeamsApp",
"scopes": [
"personal"
]
}
],
"webApplicationInfo": {
"id": "00000003-0000-0ff1-ce00-000000000000",
"resource": "https://contoso.sharepoint.com"
},
"bots": [],
"connectors": [],
"composeExtensions": [],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"*.login.microsoftonline.com",
"*.sharepoint.com",
"*.sharepoint-df.com",
"spoppe-a.akamaihd.net",
"spoprod-a.akamaihd.net",
"resourceseng.blob.core.windows.net",
"msft.spoppe.com"
],
"isFullScreen": true
}
What you're trying to do in concept is basically the same as the new "Viva Connections" capability from Microsoft, so you should consider going that route instead as it offers what you're doing plus a whole lot more. I just blogged about the background of that, with links to relevant Microsoft content, so have a look at https://hilton.giesenow.com/2021-03-31-understanding-viva-connections-app-package
In terms of the actual problem you're having though, I don't think you'll be able to get this to work on the desktop because of how the Teams app manages the current login context, but perhaps someone else will have another solution.
Currently Teams don't support the option to view a SharePoint page/site across tenants. Guest users are not supported yet either.

Unable to Deploy Microsoft Team application to Azure

Summary:
When attempting to deploy a Microsoft Teams Node.JS project written in typescript to Azure servers the Teams application throws an error "There was a problem reaching this app." The application works fine when opening in a browser but is not recognized in Teams. It appears that all the manifest is setup correctly and when run in the verification of App Studio no errors are returned.
Attempted Solutions:
Attempted to match the manifest with examples given by Microsoft. Attempted to get a Microsoft teams application deployed to Azure using the examples shared by Microsoft.
Code:
Teams App Manifest:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.7/MicrosoftTeams.schema.json",
"manifestVersion": "1.7",
"id": "dfe1fc96-d4db-4ed4-b76a-c26194928313",
"version": "1.0.0",
"packageName": "messageleapteams",
"developer": {
"name": "Real Data Consulting",
"websiteUrl": "https://messageleapteams.azurewebsites.net",
"privacyUrl": "https://messageleapteams.azurewebsites.net/privacy.html",
"termsOfUseUrl": "https://messageleapteams.azurewebsites.net/tou.html"
},
"name": {
"short": "messageLeapTeams",
"full": "messageLeapTeams"
},
"description": {
"short": "TODO: add short description here",
"full": "TODO: add full description here"
},
"icons": {
"outline": "icon-outline.png",
"color": "icon-color.png"
},
"accentColor": "#D85028",
"configurableTabs": [
{
"configurationUrl": "https://messageleapteams.azurewebsites.net/messageLeapTeamsTab/config.html?name={loginHint}&tenant={tid}&group={groupId}&theme={theme}",
"canUpdateConfiguration": true,
"scopes": [
"team"
]
}
],
"staticTabs": [],
"bots": [],
"connectors": [],
"composeExtensions": [],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"messageleapteams.azurewebsites.net"
],
"showLoadingIndicator": true,
"isFullScreen": false,
"webApplicationInfo": {
"id": "dfe1fc96-d4db-4ed4-b76a-c26194928313",
"resource": "api://messageleapteams.azurewebsites.net/dfe1fc96-d4db-4ed4-b76a-c26194928313"
}
}
It turns out the web application was properly deployed and the manifest built correctly, however with teams tab applications hosted in Azure the loading indicator must be disabled.
I fixed this issue by setting "showLoadingIndicator": false in the manifest.json
In my opinion, if you can ensure there is no error with your code, you can check your configuration.
Next description are based on the c# sample (conversation bot)that Ms provided. And I think nodejs is similar.You can click the link and see the detail.
you have to create an Azure Ad app with client secret, and modify the 'appsetting' file to make sure the code can run in local.
ngrok is needed so you can visit your code running in local.
pls create a bot on Azure portal, enter correct appId, client secret(created in setp 1) and Messaging endpoint(get the https url after starting the ngrok,and don't forget to append '/api/messages' after the url)
now you can test your code running in local environment in web chat.
if you want to test in Teams client, you need to modify 'manifest.json' and create a ZIP file and upload your bot to Teams. Then you have to add the Teams channel in the bot created in step 3.
enter image description here
Please note if the Azure AD application created in step 1 belongs to a tenant which is different from your Teams login account's tenant, you should set the app as a multi-tenant app(when you create an app, it will ask you to choose whom are allowed to visit this app).
If there is no problem running the program locally, it will be fine after deploying to azure app service.

Azure AD integration with Bot Framework / teams

Last week I've been looking at Bot framework Samples, honestly BotFx isn't my area of expertise.
I was playing with these samples from the sample library:
18.bot-authentication
24.bot-authentication-msgraph
46.teams-auth
The required steps for making work each of them are almost the same, for #18 and make it work in the emulator this include:
Register the BotApp in Azure AD
Generate a Secret
Add the Redirect URI (as documented it should be: https://token.botframework.com/.auth/web/redirect)
Create an azure bot service
Customize the OAuth Connection Settings
Then in the solution Modify appsettings.json (sample values below)
{
"ConnectionName": "juank",
"MicrosoftAppId": "cee1234562074c-1b3e-49b4-9e76-b727d73453454e018d",
"MicrosoftAppPassword": "uxPdfgwo.JAYmgrtU]w5I7KdgxLZSJ.a[qtgtrFxYZ02"
}
After that It's required to run the emulator and configure the
following settings
Up to this point the bot works as expected
Then I type any... and it just doesn't work. I receive this answer
from the bot :
And this data from the trace Operation returned an invalid status
code 'Unauthorized'
{
"channelId": "emulator",
"conversation": {
"id": "77631280-22e8-11ea-93e0-6dc9b0b41a7c|livechat"
},
"from": {
"id": "61bab030-214b-11ea-9cf4-193735472c4b",
"name": "Bot",
"role": "bot"
},
"id": "ae429e60-22e8-11ea-9786-a543cb22378b",
"label": "TurnError",
"localTimestamp": "2019-12-20T00:22:13-05:00",
"locale": "en-US",
"name": "OnTurnError Trace",
"recipient": {
"id": "f6982626-923e-4fd3-b930-eabf095e96df",
"role": "user"
},
"replyToId": "aacb51f0-22e8-11ea-9786-a543cb22378b",
"serviceUrl": "https://7eec83e4.ngrok.io",
"timestamp": "2019-12-20T05:22:13.958Z",
"type": "trace",
"value": "Operation returned an invalid status code 'Unauthorized'",
"valueType": "https://www.botframework.com/schemas/error"
}
And that's all.
I've successfully acquired the token from the OAuth setting Test tool in azure portal and also using Postman, but i haven't been able to make these Demos work properly once OAuthCard should be presented for login. Debugging hasn't been helpful since there isn't other information apart from JSON exposed above.
Any guidance or orientation about how to fix this will be appreciated.
There is no need to configure Azure Bot Service configurations in emulator. The Application Id and Application Password should be the same as those in appsettings.
And you should got these values from Azure portal under Configuration part.
Before doing this, please make sure the auth connection works.
Update:
You can change the Microsoft APPId here:

Azure permissions over microsoft.aadiam/diagnosticSettings/write

I'm trying to call above API provider via REST with the following URL:
https://management.azure.com/providers/microsoft.aadiam/diagnosticSettings with api-version=2017-04-01-preview
However, even though the Service Principal I am using is a member of the "Global Administrator" role in my AAD tenant I am getting a does not have authorization to perform action error.
This endpoint doesn't seem to be documented though.
Anybody know what is required to call this API endpoint with a service principal?
Thanks,
David
Try to add a custom role with the action of microsoft.aadiam/diagnosticsettings/write in your AD App.
According to doc, you can use the custom role to do the operation.
This article lists the operations available for each Azure Resource Manager resource provider. These operations can be used in custom roles to provide granular role-based access control (RBAC) to resources in Azure.
For more details to create the custom role, refer to this link.
Sample:
{
"Name": "Test Operator",
"Id": "88888888-8888-8888-8888-888888888888",
"IsCustom": true,
"Description": "xxxxxx",
"Actions": [
microsoft.aadiam/diagnosticsettings/write,
microsoft.aadiam/diagnosticsettings/read
],
"NotActions": [
],
"DataActions": [
],
"NotDataActions": [
],
"AssignableScopes": [
"/subscriptions/{subscriptionId1}",
"/subscriptions/{subscriptionId2}",
"/subscriptions/{subscriptionId3}"
]
}
Update:
You can use a user account with global admin role, refer to the steps below.
1.Navigate to Azure Active Directory -> Diagnostic settings -> Add diagnostic setting -> set the properties and open the Developer Tools(F12) ->Save.
2.In the request we caught, copy the Bearer token.
3.Then we can test the api in the postman.
Request URL:
Put https://management.azure.com/providers/microsoft.aadiam/diagnosticSettings/{name}?api-version=2017-04-01-preview
Request Header:
Request Body:
{
"properties": {
"logs": [
{
"category": "AuditLogs",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
},
{
"category": "SignInLogs",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
}
}
],
"metrics": [],
"storageAccountId": "/subscriptions/xxxx/resourceGroups/xxx/providers/Microsoft.Storage/storageAccounts/xxx"
}
}
It works on my side.
I test it with global administrator user, it works correctly for me.
The following is the detail steps:
Create an native azure AD application and grant permission for it.
2.create an global administrator user, please also change the default password.
Note: the user format should be xxxx#xxx.onmicrosoft.com, or you can't use the password way to get the token based on my test
3.Assign the owner role to the subscription
4.Then we could use the following way to get the access token
Post https://login.windows.net/<tenant-id>/oauth2/token
Content-Type: application/x-www-form-urlencoded
grant_type=password
&resource={resource}
&username={username}
&password={password}
&client_id={client-id}
4.Try to operate the diagnosticSettings
put https://management.azure.com/providers/microsoft.aadiam/diagnosticSettings/{name}?api-version=2017-04-01-preview
{"properties":{"logs":[{"category":"AuditLogs","enabled":true,"retentionPolicy":{"days":0,"enabled":false}},{"category":"SignInLogs","enabled":false,"retentionPolicy":{"days":0,"enabled":false}}],"metrics":[],"storageAccountId":"/subscriptions/{subscriptionId}/resourceGroups/{groupname}/providers/Microsoft.Storage/storageAccounts/{accountName}"}}

How do I use endpointUrl in an inline datasource binding?

I'm writing a custom task to publish documents to the Azure API portal. I want the UI for the task to list out the available API Management services for a selected Subscription and Resource Group. According to this issue, this should technically be possible by specifying the endpointUrl inline with my datasource binding. I've tried to model the endpoint after the datasources in the Azure RM Web Deployment task, but I can't seem to get it working. In my task I am able to select my subscription, select my resource group, but the pickList for my custom data source is always empty. I'm not doing any explicit authentication in my task defintion, so I'm not sure if that's somehow related. Below are the inputs and dataSourceBindings for my task:
"inputs": [
{
"name": "ConnectedServiceName",
"type": "connectedService:AzureRM",
"label": "Azure RM Subscription",
"defaultValue": "",
"required": true,
"helpMarkDown": "Select the Azure Resource Manager subscription for the deployment."
},
{
"name": "ResourceGroupName",
"label": "Resource Group",
"type": "pickList",
"required": true,
"helpMarkDown": "Select resource group which contains the API portal"
},
{
"name": "ApiPortalName",
"type": "pickList",
"label": "API Portals",
"defaultValue": "",
"required": true,
"properties": {
"EditableOptions": "True"
},
"helpMarkDown": "Select the Azure Resource Manager subscription for the deployment."
}
],
"dataSourceBindings": [
{
"target": "ResourceGroupName",
"endpointId": "$(ConnectedServiceName)",
"dataSourceName": "AzureResourceGroups"
},
{
"name": "ApiPortals",
"target": "ApiPortalName",
"endpointId": "$(ConnectedServiceName)",
"endpointUrl": "https://management.azure.com/subscriptions/$(endpoint.subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.ApiManagement/service?api-version=2016-07-07",
"resultSelector": "jsonpath:$.value[*].name",
"parameters": {
"ResourceGroupName": "$(ResourceGroupName)"
}
}
UPDATE
After inspecting the console in Chrome I received an error message indicating that I cannot call URLs that don't start with {{endpoint.url}}. I updated my task with {{endpoint.url}} at the root and I did see it attempt to make the API call I expected:
{
"name": "ApiPortals",
"target": "ApiPortalName",
"endpointId": "$(ConnectedServiceName)",
"endpointUrl": "{{endpoint.url}}/subscriptions/$(endpoint.subscriptionId)/resourceGroups/$(ResourceGroupName)/providers/Microsoft.ApiManagement/service?api-version=2016-07-07",
"resultSelector": "jsonpath:$.value[*].name",
"parameters": {
"ResourceGroupName": "$(ResourceGroupName)"
}
}
The problem now is that for some reason endpoint.url resolves to https://management.core.windows.net for Azure RM endpoint types. Azure RM APIs are hosted at https://management.azure.com. As a result I am receiving a 403 since my endpoint credentials are for an Azure RM Service Principal, not the Azure Classic Management APIs.
I've updated my Github Issue with this information as well. I believe this is a bug and endpoint.url for the Azure RM Service endpoint should resolve to https://management.azure.com. If you look at the data sources that are defined in the Azure RM Service Endpoint, they all reference APIs hosted at https://managemnet.azure.com not https://management.core.windows.net.
Check Custom build task JSON schema, you cannot use "endpointUrl" and "resultSelector" for "dataSourceBindings" in task.json. There are used to define the custom service endpoint in vss-extension.json file. And you also missed the "dataSourceName" for "ApiPortals".
If you want to call the Rest API with URL and use the selector from task.json, you can use "sourceDefinitions" instead of "dataSourceBindings". Refer to my answer in this question for details. However, only basic authentication is supported with "sourceDefinitions" for now which means that this is not applicable to you scenario either.
So you need to create a custom service endpoint to achieve the feature you want for now.

Resources