I am working on an accounting system where the system will generate an excel file using a template and then open it using embedded Office 365 Excel. I can do this with my personal account where I would use the OneDrive API to create an excel file and then use the Embedded option in the OneDrive to generate the iframe link and use it on my website. However, the iframe url exposes the auth token though which could be misused by the users.
In future when we have real customers, I would want my users to be able to edit the excel file with their own Office 365/sharepoint account (that we would create for them during onboarding). I believe embedded excel option is not available for business users of Office 365, and I learned that you could do that with sharepoint though for business use cases. What service do I need? Maybe sharepoint but I dont know what else I need and how to make the integration work.
I am trying to use the Office 365 API to write events to the calendars of anyone at our organization. This should not involve the users logging in to Office 365 at any point. The events to add are written out at various points during the day (when the user who would own the event may not even be at a computer), so the per-user token approach doesn't even make sense.
It appears that Microsoft provides an alternative that uses a service account. This account can be used to write to any user's calendar (or sending email as any user, etc.). However, I can't find any documentation on doing this. Could anyone provide a link to it?
I found a blog post on this topic: http://blogs.msdn.com/b/exchangedev/archive/2015/01/21/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx
Also, if you aren't using Microsoft's client library for this (for example, if you use linux), you'll need to see this too: Office 365 Rest API - Daemon week authentication
I would like to write an Excel Task Pane app to interact with CRM Online - to take data from the Excel worksheet, process it and push it into a CRM entity record. My Excel users are on Office 365, as is CRM Online (obviously). We are using ADFS 2.0.
The specific problem I am experiencing is that I do not know how to get authentication to work for the Task Pane app: specifically, to the OData endpoint via JavaScript. Authentication is not my area, so I don't know how to precisely phrase this next requirement, but as we are using Office 365/CRM Online/ADFS then I need to use the logged-in user's Windows AD credentials to authenticate the request.
As far as I can tell, it is not possible to authenticate the Task Pane app directly with CRM Online, and I would like to know if that is known to be true, and if not what method(s) I can use.
I do know that there is a hack for indirect authentication published by a couple of people (http://survivingcrm.com/2013/12/connecting-crm-online-odata-feed-excel-2013-power-query/ or http://www.crmconsult.co.uk/connecting-to-crm-20112013-with-odata-in-excel-2013/) which authenticates the user via the CRM plug-in and then allows other OData connections to succeed - but it doesn't work for me, and I'm averse to rolling out functionality to users which relies on back-door methods.
In the end, I ended used using SOAP in VBA instead of oData in the Task Pane, which meant I was able to use Jason Lattimer's hard work from http://jlattimer.blogspot.co.uk/2015/02/soap-only-authentication-using-vba.html - I don't think there is any way I would have figured out the Authentication piece without that post, so many thanks to him.
I have somewhat of an odd question (for me, at least).
We have some private information a department would like to place on our SharePoint farm. The problem is, this is very sensitive information, and law demands that we have a 'two-stage' login process to secure the data.
Currently, it is housed using a system that:
A) you have to login to our network (windows logon screen)
B) you have to login to the application.
Our SharePoint farm has integrated authentication enabled. Meaning, once you login to your computer in the morning, you never have to login to sharepoint as it already knows your credentials.
This is a problem for us. Can we enable some sort of custom Sharepoint login?
Will this require a new web app for the site? A new site collection only perhaps?
Thanks,
~~Kolten
What you are looking for is called forms based authentication. Sharepoint 2010 uses claims based authentication and one of the providers you can configure is forms based. Meaning they provide a user name and password.
Here is a tutorial with the steps to do, it is a relatively straight forward process. just follow all the steps.
http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx
If you move you site out of Intranet zone, then IE will automatically ask for credential everytime.
See this:
http://support.microsoft.com/kb/258063
Our environment is Sharepoint 2010, with a web application created (and site collection on top), using claims based authentication. The first site is using port 881. It is using integrated windows authentication. Another web application is created, extending the first application, using port 882. This site is using Forms Based Authentication, the membership provider is System.Web.Security.ActiveDirectoryMembershipProvider, named admembers. I have turned off Client Integration on both sites.
When I login to the 881 site, on my corporate network, logged into the machine with the same domain account that sharepoint uses, I can open an Office file saved in a document library, and it subsequently opens in the appropriate Office application, without asking me login again. But, If I login to Sharepoint from a computer that is not on our network, or login to the computer with an account that is not a domain account, I get prompted again to login when openning an Office document. If I choose the option to save, it does not prompt, but if I choose open in the dialog window, I am forced to enter my domain credentials again.
When I login to the 882 site, which uses FBA, I experience the same problem. If I open an Office document, the appropriate Office application opens, and asks me for my credentials, by showing me a dialog window with the sign in page loaded. If I choose to save the file, then I am not prompted to login, and the file saves to a local folder.
I can't expect my users that are off site to login again everytime they open an Office document, like Work, Excel, Powerpoint, etc. I have tried numerous fixes, including disabling client integration, changing the browser handling mode (strict/permissive), changing internet explorer settings (for integrated windows authentication), changing the integrated windows authentication site to use basic authentication, even hacking the page using jquery to call the sharepoint javascript function that execute the "download a copy" function. None of them work: when choosing to "open" the Office document in the browser, the user has to login again, or just close the dialog window without logging in (as long as client integration for the zone is turned off).
I'm looking to get this accomplished using windows authentication or forms based authentication.
Help!
I found this answer in a similar post which seemed to fix the problem for me when I tested it. The gist of it is you need to deny the HTTP Verbs OPTIONS and PROPFIND in IIS. Having said this, I'm not an IIS guru and am not exactly sure what this means or what else it might affect. Can anyone else shed some light on this?
A bit of background, I'm using SharePoint 2010, on an FBA site.
You have the standard three use cases:
Employee intranet access
Employee remote access
Partner remote access
Employee intranet access
This normally always works out of the box, and it looks like it is working for you.
Employee remote access
The only way that i have seen this work (and i have tried many ways) is to get TMG or ISA. Basically ISA is setup in FORMS auth with SSL, it captures the auth details, and then passes them to the sharepoint server. (and other servers if you have them eg OWA for sharepoint mail web parts)
If you select the "Is private computer" option on the ISA login screen, then Office documents share the auth cookie and don't prompt for another login. I had so many problems, but as soon as i installed TMG, they all went away. I would not recommend any other approach now.
The added bonus of this method, is that remote employees are treated as the same account as the intranet user. The way you are setup with a seperate web application, means that they will be different accounts, so things like [checkout/modifiedby/createdby/personalisation] will be different accounts (though they look the same)
Partner remote access
This may never ever work on some clients (especially Vista), as IE needs to share the authentication with Office
If this is sharepoint 2010, try this.
Get-SPSecurityTokenServiceConfig
Look at your UseSessionCookies value in the output. If True, apply the powershell below.
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $false
$sts.Update()
If UseSessionCookies is true, you will have to login to any docs u want to download...