BLUETOOTH_PRIVILEGED permission is not available to third party apps, which is required for setPairingConfirmation() method call. Is there any other way to enable BLUETOOTH_PRIVILEGED for third party apps?
Related
We have an internal website that provides map data.
We'd like to make this data available to a 3rd party via http get requests, secured by oauth2.
I've created an openapi definition that corresponds to some of the high level website urls. I then imported this into apim and added a validate-jwt policy.
This works well. The 3rd party is able to obtain a jwt token from aad and get data from one of the apim operations that maps to a website page.
My question is, do I need to extend the openapi definition to include an api operation for each of the data "pages" that the 3rd party may need access to? I suspect there's an easier way and wondered if anyone can point me at an example?
I have a project where:
I create/add a label on an issue at a Github Repo.
Github initiates a call to my server via webhooks.
I do some stuff backend, and if ok decide to make a call to Azure Devops to open a card.
My question is the 3rd step. I looked through the REST API documentation / authorization, but I cannot find anything related to authenticating from a 3rd party server.
Any idea/documentation or even using a third party app solution to bypass (Github -> My server -> Some other 3rd party app -> Azure) is appreciated.
Please take look here - Authenticate access with personal access tokens. With PAT token you can call to REST API form wherever you want, powershell, postman etc.
Is that what you are looking for?
Scenario:
We have a MS SQL DB which holds content for various sites/apps - we plan to create a c# .net web api and then build in REST calls from our sites/apps (these are typically all client side code). Some sites/apps have a user login and some do not
Problem:
- how do we go about securing the api so only our sites and apps can access it
- how do we build in to cope with and without a user login
Any suggestions and thoughts welcomed
Generate JWT token for each app assign it to your Apps(Like APP secret), which call your rest API, using authorization header or create any custom header in API Call.
If you are not planning to open your webapi for 3rd party usage. One quick way could be
Create a certificate and deploy on all servers
From Server1, generate hash of sometext e.g. hello.
Send this hash to Server 2 in header or querystring.
At Server 2, validate this hash.
In case, there are plans to open webapi for 3rd party usage then secure your endpoints using oAuth. I would recommend using IdentityServer4.
As with many applications, my service's authentication logic lives in the application code. Now however, I need to expand my authentication to incorporate 3rd party identity providers for single sign on.
I want to retain the old authentication behavior (database lookup) but also want to add support for 3rd party identity providers.
With this increase in complexity, does it make sense to separate the authentication logic to its own service? In this model the application server will redirect unauthenticated users to the authentication server. After authentication is successful, the authentication server will redirect back to the application server.
Is this approach sound?
If you have available servers and infrastructure budget, let your web application perform the authentication, using a community maintained library.
Generally its no recommended to build one by yourself.
Store your users in a database table.
Authentication using other sites problems:
Your visitor may not want to have an account with 3rd party site.
It results in giving too much information to the 3rd party site (who share much of it with other sites which use their authentication mechanism).
It is generally a good idea to separate your authentication logic and have a different service perform that task. This is also true for other 'cross cutting' concerns such as authorization and SSL offloading. It gives you a simpler development environment and in general an app that is easier to reason about (for example, you don't have to worry about authentication while in development mode and you can develop the services independently which goes a long way in terms of productivity and velocity).
In order to compose the authentication service with your application, it is better to have a third component that orchestrates and routes the calls accordingly (as opposed to having autentication related code in your application).
Looking for a pointer in the right direction ...
Is there a mechanism which allows you to configure SharePoint in such a way that:
if a user has been successfully authenticated within a SharePoint site that there is some kind of "authentication token" what can be passed or is available to 3rd party sites
or a way for 3rd party sites to "recognize" that the user is currently authenticated within a sharepoint environment
all 3rd party apps can be modified to accommodate whatever needs to be done
but the constraint is: SharePoint may or may not be a hosted (by a separate service provider) and how the original authentication took place is irrelevant i.e. just need to know they authenticated ok, not how
EDIT
scenario to help clarify:
authenticated SP users require access to a 3rd party service provider for additional content. a "link" on their SP site redirects through to the 3rd party. the 3rd party needs to recognize the referrer (based on a collection of evidence supplied by the request) so that it need not challenge for a secondary authentication process.
one of the 3rd parties is me. the SP instances are many and varied and would be any one of my clients (which i don't offer support to, just provide a content service to).
so the attempt is to solve more of a general "community/ecosystem" problem.
Going on the small amount of information available here.... You are probably going to use Windows Authentication (via Active Directory) or Forms based authentication.
If you are using AD within your organization and the other server you are authenticating to is using the same AD, it's a no brainer. If it's AD based but both servers are using different domains, it's much more complex. One option would be to setup a trusted share between the ADs.
If you are using Forms Based authentication it becomes a bit more of an issue. If both servers are using the same FBA, you could create the authentication cookie in SharePoint and then add the cookie as a header to a Request object and then redirect to the server.
If they are different authentication methods totally, you need to determine if your security requirements will allow users to authenticate via some URL based mechanism (like querystrings) and then develop the logic on your SP box to create the URL to authentication.
Your requirements are a little vuage but this should point you in the right direction.
Plan authentication methods (SharePoint Server 2010)
Specifically Claims based authentication.
I'm guessing that by "3rd party sites" you mean sites that aren't hosted in your domain. If that's the case, then the servers won't be able to use your AD authentication (unless you share them, which probably isn't worth it).
I would suggest modifying the way users are authenticated on the 3rd party servers, as you have control over how you send your users over there. You could easily encrypt their usernames/emails/unique IDs and a timestamp (to make sure they can't bookmark that link) in a query string.
The information is then decrypted on the 3rd party server. Invalid information and they are redirected to your login page. Valid information and the 3rd knows that they were authenticated in your sharepoint app.
Your question is very confusing.
SharePoint may or may not be a hosted
What do you mean by that?
Are you invoking a 3rd party web app from a SharePoint page? You can get the current user using SPWeb.CurrentUser property and make use of it.