MS Teams custom tab app changes Session.SessionID between requests - microsoft-teams

I'm making a custom tab app of MS Teams with ASP.NET, however, the tab doesn't seem to pass a same cookie between requests on MS Teams. So the ASP.NET app behind the tab generates a new Session.SessionID on every request.
I've checked the following question, and tried some settings according to that page, but nothing helped me. Actually my web site works nicely if I navigate it via Chrome or Edge.
ASP.NET: Session.SessionID changes between requests
How do I get a same cookie between requests on MS Teams?

I've not tested this specifically so haven't seen it, but basically the broad idea of session is to have to uniquely "remember" a user, and then restore State for them from a location (e.g. database). From your question, it seems like the out of box "Session" object is giving trouble, but at any rate you should probably avoid using it because it won't "remember" the user even across devices.
However, Teams provides you a way to achieve the same thing yourself quite easily. Remember that the Teams 'Context' object provides a userObjectId property that is unique and valid for the same user on all sessions on all devices (it's actually their Azure Active Directory id). You can simply store whatever you want in your own database, key'ed by this id, and request it on page load. It's also possible to get this from the querystring for a static (personal) tab if you want to handle the behaviour server-side (e.g. C#).

Related

Microsoft teams user detection

I am showing a wordpress website in iframe inside Microsoft teams Tabs. is there any way to detect the loggedIn user in my website?
If you are able to wrap your website inside a Teams app (which you can do for example very easily using App Studio, then you could surface your website as a "Tab" app. Doing this means you can reference the Teams JS library in your code, which will enable you to get a context object. You can get a lot of user information from that.
Be aware though that this context is not really 'trusted' data (it's just inserted via Javascript), so it could be spoofed into your page by a malicious actor. If that's a problem, you should look to implement Tab SSO in your app, which will give you a proper JWT token that you can validate.

Deeplink from bot to tab in Microsoft Teams

I am currently working on a bot specifically targeting Teams. Search feature in this bot returns around 200-500 results. Even though i have integrated refines to narrow down search results, i still have to show around 50-100 records under a refined label. I am trying to avoid showing 100+ records as Carousel or list view in bot. so, I thought of integrating tab with bot and share a deeplink to tab where user can see complete search result in a data table (jquery).
I am unable to figure out two things on this approach and need help.
Tab content might be hosted in a different domain and needs authorization. How do I pass authorization info to Content url without asking user to login?
How do i pass custom parameters while creating a deep link to tab and read custom data in a tab? For example, userID, accessToken.
Note: I am using AzureADV1 token with Adal.Net for Bot authentication, and storing token cache in a persistent storage.
I appreciate any help on this.
You can include a "context" parameter in your static tab deeplink, similar to the configurable tab deeplink. If you include a "subEntityId" property in this context, you can get the value inside your static tab by calling getContext(). Then you can render a filtered results based on this sub-entity id.

Automating Wi-Fi Authorization with Firefox SDK

I'm trying to make a Firefox addon with the Firefox Add-on SDK and API, and I have some questions about their possibilities before I start using them.
My college's Wi-Fi authorization expires every 30 minutes only to have fun pissing off their students. There are already some autofill addons available on many browsers but it's still destructing to move the mouse pointer onto the "Login" button and click it when there is one second left to turn in a midterm paper. I've heard my friends complaining like this for months and I myself think the thing is actually annoying sometimes, so I decided to develop a Firefox addon that takes charge of the job so that the authorization process will feel not even existing once the addon is activated. (I just want to impress my friends honestly.)
For ease I would like to develop the addon within the Firefox add-on SDK. I found that my addon would be utilizing the page-mod, password and request APIs; page-mod to detect the Wi-Fi service's auto-redirection into their authorization page, password to fill in the page's form by a student ID and password stored in the individual Firefox browser, request to redirect the "Login Successful!" page into the originally given destination.
So I guess it should be possible to achieve my goal with this SDK and APIs, but there are still some questions that I need to ask before I proceed:
Is it possible to pass a callback function to page-mod::PageMod (not as a String or a URL to another JavaScript file)? If not, can it be done using the lower level API?
Is it possible to actually redirect a page in a tab into another page only using high level APIs?
Is it possible to remember the original destination's location (with the request method and contents) and call it in the process of page-mod::PageMod (in order to re-redirect out of the authorization page)? If not, can it be done using the lower level API?
Is it possible to perform the addon's redirection function on inactive (background) tabs where the opened webpages automatically keep connecting to the Internet and get redirected to the authorization page?
Thank you so much for reading and please spare a little bit of your time for me. Thank you again!
Is it possible to pass a callback function to page-mod::PageMod (not as a String or a URL to another JavaScript file)? If not, can it be done using the lower level API?
No, everything that goes through the port is serialized using JSON serialization (See docs). Instead you would probably emit an event from your content script to execute the callback method with parameters you pass it in the module scope and hardcode parts that need to be done in the content script with port event listeners.
Is it possible to actually redirect a page in a tab into another page only using high level APIs?
Totally, if you're in a content script, you can just set window.location, or in your modules you set the location of a tab, see https://developer.mozilla.org/en-US/Add-ons/SDK/High-Level_APIs/tabs#url.
Is it possible to remember the original destination's location (with the request method and contents) and call it in the process of page-mod::PageMod (in order to re-redirect out of the authorization page)? If not, can it be done using the lower level API?
Possible? Yes, depends a lot on how the redirection from the W-LAN works. Generally all the SDK offers you is getting load/ready events for tabs and reading a tab's current URL. So if you get a ready event at the point of the redirect you're fine. If your college login remembers the redirect target using a get parameter in the URL you're fine. If your college doesn't adjust the URL, you're fine. If you really need to dig through the request, you'll have to ge a bit deeper than even what the SDK offers you, but it is possible.
Is it possible to perform the addon's redirection function on inactive (background) tabs where the opened webpages automatically keep connecting to the Internet and get redirected to the authorization page?
JS execution for Add-ons is not paused based on a tabs state.

Create Docs through the Drive API with specific page setups (margins, orientation)

My app is already able to create Google Docs through the Drive API, and when doing so I can choose the title, data, and metadata. But I've been looking at the documentation and it seems there is no way to set some other properties of the Docs, such as the margins and the orientation (portrait or landscape) of the Docs being created. Is there a way to do so?
After not finding an answer in the documentation, the only thing I could think of was logging in with my Google Account, going to one of the created Docs, click on "Page setup", then select "Landscape", and finally "Set as default". I thought that by setting it as the default in my Google Account, it may happen that all the Docs created with it may be created as Landscapes. But it didn't work. A possible reason, however, is that the account actually creating the documents is a Service Account, not my regular Google Account. I guess both accounts, while being linked, are not the same thing, so the defaults of one don't apply to the other. Is there some way to set "Portrait" as the default orientation for the Docs created with my Service Account? If not, would the solution be to stop creating the Docs with my Service Account, and start creating them with my regular Google Account, so that the defaults I apply to them apply too to the newly created Docs?
Drive API doesn't support Docs related features for you to retrieve/set metadata about the documents.
Service accounts are individual Google accounts and no way related with your own user account. On the other hand, your default settings will only apply to you. You cant programatically set other user's defaults.
The best way I can think of, which is really a hack, is to make your own google docs API using headless chrome and pupeteer, which could be used only in part, and in connection with, the official docs API.
This is basically a web browser that runs on your server, which can be controlled to do anything a client would normally do on a web browser, like click buttons, submit forms, etc, only at the command of a server, which can be commanded through HTTP requests etc.
So after installing puppeteer, open the chromium browser, log into your google account, then open google drive with the server, and you should already be logged into the account. If not, you may have to log into the account using the server logic, which can get complicated with 2 step verification...
but anyway once you are logged into your google account on puppeteer, on drive.google.com, simply stay on that page and wait.
If the server receives some kind of HTTP request to make a new document, then have the server just literally click the new document button on the webpage, and it should open the new document in a new tab, which you should be able to access with puppeteer.
Then, when it is made, you can either just send the URL back to the request server, and / or make your page setup changes now, based on the data received in the HTTP request earlier.
For example, if, at one point (either after the document is created, or during its creation), there is some kind of message specifying the color of the background, just manually, on the server side, click File -> page setup, and select Custom, and, programmatically "type" the hex color code etc then click the OK button, then end the POST request.
If you have any questions, let me know
var doc = DocumentApp.getActiveDocument();
var body = doc.getBody();
//turn landscape if portrait
var oldHeight = body.getPageHeight();
if (oldHeight > body.getPageWidth()){
body.setPageHeight(body.getPageWidth());
body.setPageWidth(oldHeight);
}

Access to SMS and browser content tombstoning

WP7 newbie here..
In my application, I am using embedded web browser control to load an external web page.
I have a PIN based validation step in that application, which involves
1) User Leaving the current application, (which has a external web page loaded in the embedded web browser) to launch the SMS Inbox.
2) User reads the SMS he just received, which has the PIN. I am sending this SMS to the user.
3) The User then needs to resume back to the original application by hitting back button, to enter the PIN which he received in the SMS earlier.
Once user enters Step2, my application will go into background, and subsequently will get tombstoned. Once user enter Step3, I want to restore application state (with the embedded web browser control), without making a fresh HTTP request again to load the web page.
So, with the given scenario in my mind, I have following two questions -
1) Is there a better way to do all this, like not having to exit the original application, and still let user read the SMS. ( i.e any api to read sms ?)
2) Is there a way to serialize the browser state/save entire web page (with images, css, js) , such that entire web page can be rendered exactly the way it was, when user left the running application.
Important points:
1) I can only use SMS as a communication channel. I can not use something like raw push notification channel, which could let me show PIN to the user, without exiting the application.
2) I am targeting Windows phone 7.0 runtime, but if there is a better option available in Windows Mango update, please do tell me.
Any sort of help is greatly appreciated.
Update:
Added link to the embedded web browser component.
1) There is no API that would let you access the contents of the Messaging hub from inside your application. This is set up for privacy purposes.
2) By default, the web browser saves its state. So if you navigate away from your app, and then come back - the same web page will still be there unless you explicitly re-navigate on activation
1) The better way to do this would be to not embed the web page within an app. Just build a mobile website. If all the functionality is within the web page you gain nothing but problems by trying to put it inside an app.
The web browser control is not intended to be used to create an alternative browser (which is really what you're doing).
2) You can try using the SaveToString() method to store the state of the page when tombstoned but this doesn't allow for modifications to the page since it was loaded (including anything dynamically updated or any state in javascript). If you have multiple pages you'll also need to maintain the internal backstack and the state of each page separately.
Short answer: If you want to put your application logic in a webBrowser control then you can't support tombstoning. Fast-App-Switching (in Mango) partially addresses this but not completely.

Resources