I am currently building a simple web app the flow of which is:
1. Admin user for Office 365 provides auth and signs in
2. App retrieves all mail for all users in the domain
It is possible to do this with Google Apps for business, i.e. retrieve mail for all users with only the admin auth.
How would you go about doing this for Office 365? I am currently encountering this problem using the REST API - Get MS Exchange mail for all group members
Is there another way? EWS? I have to believe it's possible to access mail with an admin auth.
You can do it with impersonation. However, MSDN means how to do it with EWS managed API and SOAP request, but no REST API. If you can use EWS manged API, you should use this. Please refer the MSDN articles for details:
Working with impersonation by using the EWS Managed API.
Using Exchange Impersonation
Related
I have an SPA based application, in which the UI uses Azure AD based authentication, in which the user is presented with a login page by Azure AD and the user logs in to get a token. I am getting the token successfully. Now the UI will call a Web API. This Web API needs to make a call to Office 365 API. I have office 365 tenant and the credentials (User2) are different from the credential the user is used to login from the UI. In this case how should I authenticate User2 to connect to Office 356 API and how should I pass the token to O365 API?
I googled for any sample but I could not find anything worth.
I have a scenario is one where the user has signed into CRM and triggers some functionality that calls a third party API to retrieve data that is not in CRM.
This API is a registered application in the Same Azure Active Directory as where the CRM resides. CRM single sign on is enabled.
I am trying to find an example of C# code which retrieves the authorization code via a CRM plugin. So far, I have managed to retrieve the token using a client secret as described in this article:
Retrieving token without the ADAL client library
I have implemented a basic call with the parameters defined in this article:
Requesting an Authorization code
But I need to pass the user session to make it work. It currently throws an error
A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
Any help appreciated.
AFAIK, it is not suitable to interact with Azure AD using the Oauth code grant flow in the Microsoft Dynamics 365 plug-in since it required users interaction. And it is not able to send the session in the Microsoft Dynamics 365 plug-in to authenticate using ADAL library.
If you only want to access the Microsoft Dynamics 365 organization service in the CRM plug-in, there is no need to use the ADAL library to authenticate again.
It is only required that plug-in code create an instance of the service through the ServiceProvider.GetService method.
// Obtain the organization service reference.
IOrganizationServiceFactory serviceFactory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
IOrganizationService service = serviceFactory.CreateOrganizationService(context.UserId);
More detail about context of Microsoft Dynamics 365 Plug-in development, please refer the link below:
Understand the data context passed to a plug-in
I have created WebApi and hosted it to Azure server, now I want to get data from Microsoft Dynamics CRM into this API with logged in Office 365 users credentials.
So when I call the WebApi from office 365 it takes Office 365 logged in user's credentials and get data from CRM of same user.
For getting Dynamics 365 data you need the access token which as you mentioned is granted by office 365 OAuth server. Assuming that you already registered your app in Azure active directory and gained your client Id and secret key, you need also give permission to your app to access Dynamics 365 (using Required permissions in Setting panel of app registration).
After setting up your app in Azure AD, then you can redirect your user to office 365 login page (OAuth 2.0 Authorization Endpoint) for getting the access token. there are different methods to do it. In my experience I used getting token using Authentication code, but generally you need to compose a url to login page with following param:
'https://login.windows.net/' + tenant + '/oauth2/authorize?response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>&state=<state>&resource=<resource>'
In case of Authentication code it returns a code which you can use to acquire token. Microsoft developed some drivers which does it for you. If you use node.js you can check out adal, for sure they have something similar for dot.net.
After getting your access token, you just need to call your Dynamics 365 (resource) to get the data.
Similar to the question here Accessing Office 365 user mail data with admin authorisation only
Currently i am implementing an application that will access a set of mailboxes on Office365 using a service account.
There is an MSDN blog post announcing oauth support for Office 365 http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx
Can our app use the technique in that link and get authorization from the administrator for the set of mailboxes using the service account for this "group" of mailboxes ?
If you're using OAuth with the new REST APIs, an administrator can consent on behalf of their entire Office 365 organization. They cannot consent only on behalf of a subset of users.
Is it possible to get all email from all mailboxes in MS Exchange?
I have full rights in Azure console for Office365 exchange online.
http://i.stack.imgur.com/DF5n5.png
But when I'm trying make an request to
https://outlook.office365.com/EWS/OData/Users('user#company.onmicrosoft.com')/Inbox/Messages
getting an error "The specified object was not found in the store."
But for logged in admin
https://outlook.office365.com/EWS/OData/Me/Inbox/Messages
https://outlook.office365.com/EWS/OData/Users('admin#company.onmicrosoft.com')/Inbox/Messages
works well.
What should I do, to get access for read mail for all my users in office 365?
The current authorization model for Office 365 Mail, Calendar and Contacts services does not currently expose a permission that would allow your app to query other users' mailboxes.
The REST API consent flow allows you to register a web app that requires Admin consent. Once your web app has been given the global admin consent, it should be able to access information for all users under that tenant.
See the following post for more information:
http://msdn.microsoft.com/EN-US/library/office/dn605895(v=office.15).aspx#ConNavExample_config