Username and password integrating application with Microsoft Teams - microsoft-teams

I'm having trouble with Microsoft Teams in the sense that I does not recognise my username and password that I enter in my application. I'm able to get my application to display inside the Teams page, but when I capture my username and password, Teams re-display the login screen. I'm using asp.net core identity framework to authenticate my users.
When I add [anounamous] tags to my controllers, it's possible to navigate to those pages. But anything that is not decorated with [announoumus] will force me back to the login screen and then Teams does not recognise the login details.
It is as if it does not know how to read the information in the cookie.
I'm able to load the manifest.json file without any issues, then select the page to display on the Team Tab. But when I try to navigate to a "restricted" page that requires my user to be logged in, Teams display my login page.
Below is a link to the Manifest file if anyone is able to help: dropbox.com/s/wxw3xtk1458blbu/Ezymapps.zip?dl=0

Related

Why does the Google Oauth2 consent form display company URL instead of product name?

This just my local test page.
is there some parameter to show my product name ?
https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=750613625541-ju0p2hvmml1eahjmt9l4f01gdtp9s33o.apps.googleusercontent.com&as=-2201fc670d7b92ee&nosignup=1&destination=https%3A%2F%2Fwww.storage.com&approval_state=!ChRxdl9WYmw4YURnUWxCemhGSTFUZRIfMC1LRl90bTZ2Z2NaWUg3R0Q2SDQtRUVFOEJjeHpoVQ%E2%88%99ADiIGyEAAAAAWVH50eZlchIgJ3-_vV2dZuQUMH9bhmmI&passive=1209600&ltmpl=nosignup&oauth=1&sarp=1&scc=1&xsrfsig=AHgIfE_ysFUz37usqpUy0VanY6KxOc5Kkg&flowName=GeneralOAuthFlow
This is the url of authorization in my App.
This used to be possible as a is a setting in the Google developer console.
Google developer console -> credentials -> Oauth consent screen tab
Google has been making a number of changes to the OAuth consent form recently. This is a direct consequence of the Gmail phishing hack a few months ago. One of the changes is as you see it the website of the application is now being displayed instead of the application name. This it was thought would be easier for users to understand WHO they are granting access to their data rather than what application has access to their data. This is not something you can change.

Login Page for CRM

I want to create a web page that can query a Dynamics CRM Online instance based on a specific user.
I want the user to enter the URL of their CRM instance in a textbox then click on a login button. After clicking the login button they will be directed to the CRM login screen. After successfully entering their login credentials that will be directed back to my web page with an authentication token that will be used to query the CRM instance.
How can I do this? This is effectively how Power BI works when using the CRM Connection.
I thought about using Web API to do this but you need to know the client id and set up a client secret. Is there an easier way to achieve the CRM login as I want the website to be simple to use.
You are not authenticating against CRM, but against Azure Active Directory. You might want to have a look at this page: https://msdn.microsoft.com/en-us/library/hh675418.aspx
and read up on OAUTH to get to what you are looking for.

Google Calendar - Permission to Access

Is it possible for me to create an application that can send our requests to access to users' Google Calendar so that I can see the events in there and be able to add, edit, and delete events?
I do not want the users to log into my website to enable this access. Rather, I want to be able to send this request, perhaps via email.
Alternatively, perhaps they could log in the web app and authorize access themselves somehow.
One option would be to e-mail the user a link to the OAuth 2.0 consent screen. The users would still need to open the link in a browser, sign in to their Google account (if not already signed in), and click the "Authorize" button to grant your application access to their Google calendar events.
First, you will need to register your application as a Web App in Google's Developer Console (just like for any other application) and obtain a client_id. Be sure to fill in the name of your application and a link to your website in the "OAuth consent screen" section, because these values will be shown to your users when they click the authorization link.
Then, follow these steps:
Send the user an authorization link in an HTML e-mail message. The link should be constructed according to the guidelines in "Redirecting to Google's OAuth 2.0 server", and pay attention to the following aspects:
Ensure that the redirect_uri parameter in the authorization link points to your application.
Since you already know the e-mail address of the user, consider including the login_hint=<email address> parameter to bypass the account selection screen.
Important: provide a value in the state parameter so that you can link this authorization request with the user.
The link should be placed in an <a> tag somewhere in the body of the e-mail: Allow access to my Google calendar
When the user clicks on this link, their browser will open and show the standard Google consent screen:
Once the user has made a choice, their browser will be redirected to the redirect_uri which you have provided.
Make sure that the redirect_uri will work even if the user isn't signed in to your application. Capture the state and authorization_code values which Google appends to the redirect_uri, and then return a confirmation page (e.g. "Thank you for giving us access to your Google calendar" would be a good idea).
Using the state and authorization_code values, follow the rest of the standard OAuth 2.0 flow and retrieve a refresh_token which will allow you to access the user's Google calendar from your application.
Keep in mind that the calendar owner (the user who is clicking the link in the e-mail and granting your application consent to access the calendar) may not even be a user of your application. This is why it is important to provide as much information as possible on the consent screen and in the confirmation page.
Since your confirmation page will be loaded even if the user does not grant your application consent, you could take the opportunity to give the user a full description of why you are asking for access to their calendar and provide a link that will take them back to the consent screen. This should increase your success rate.
Every request your application sends to the Google Calendar API must
include an authorization token. The token also identifies your
application to Google.
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses
Google+ Sign-In, some aspects of authorization are handled for you.
The details of the authorization process, or "flow," for OAuth 2.0
vary somewhat depending on what kind of application you're writing.
For more details on the workflow to gain access click here. Once your app has access, it will be able to view and edit a user's calendar events, depending on the approved permissions.

Windows Authentication using MVC5, display Username at the top of every View

I am developing a MVC5 application for the DOE. We use windows authentication to login to our computers. I need help getting the users Name when logged in to be display "Welcome, Username"(across all pages) when they navigate to site. My problem is that when I navigate to the page it displays our ID which is what we use to login, i.e. i5456 and password. It would be much appreciated if someone would assist me and walk me through how to set this up.
I have already disabled Forms auth and enabled windows auth in VS 2013. I have tried using #User.Identity.Name in my SiteLayout, but like I said the ID is the only thing displayed. I'm not sure how to setup my model or view, or if I even have to. Is there a way to retrieve the Username so it can be displayed instead of the ID?
Try this #User.Identity.GetUserName() in your view
works for me

Login in Yammer Embed - Pass Credentials?

I need to add the new embed Yammer Widget to a page. I managed it by simply adding the embed code to my page, but the yammer login seems to appear all the time.
I have to say that I don't have any experience with Yammer but I've read the Yammer Embed Installation Guide as well as other documents. Still, I am not able to find whether or not it is possible to pass some kind of credentials (mail, etc.) in order to prevent the embed yammer to display the login to the user or at least have the login display only once.
Can anyone help me?
From Yammer support: "A user would still need to log in to both your intranet and Yammer embed instance even with Single Sign On enabled. There is an open project for our Product team to allow for just a single log in so that when a user is logged into SSO for your intranet, they would also be auto-logged into embed."
If you add both the Host site and Yammer (https://.yammer.com & https://.assets-yammer.com) to the trusted zone in IE, it should pass the OAuth token after the first login and authorisation. I've tested this in IE8 and IE10 successfully.
Regards,
Chris

Resources