I am working on a project where I have a requirement to create workitem on Visual Studio Online instance. I am using personal access token. This will set CreatedBy as my name (Expected behavior). I am considering to use Oauth2; However, I am not sure if there's the way to do this Server-to-Server (Non-Interactive)? Any suggestions thoughts?
var personalAccessToken = "PAT Value fro Config";
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",
Convert.ToBase64String(Encoding.ASCII.GetBytes(string.Format("{0}:{1}", "", personalAccessToken))));
return client;
PAT's are created in Security context of the user. I need to find a way to use Oauth without having to involved UI. So I'm looking for Server-to-Server Auth.
object[] patchDocument = new object[5];
patchDocument[0] = new { op = "add", path = "/fields/System.Title", value = bugTitle };
patchDocument[1] = new { op = "add", path = "/fields/Microsoft.VSTS.TCM.ReproSteps", value = bugReproSteps };
patchDocument[2] = new { op = "add", path = "/fields/Microsoft.VSTS.Common.Priority", value = "1" };
patchDocument[3] = new { op = "add", path = "/fields/Microsoft.VSTS.Common.Severity", value = "2 - High" };
patchDocument[4] = new { op = "add", path = "/fields/System.IterationPath", value = deserializeIteration };
//System.IterationPath
string postUrl = $"{_vsoInstanceUrl}/DefaultCollection/ProjectName/_apis/wit/workitems/$Bug?api-version=1.0";
await ExecutePatch(patchDocument.ToArray(), postUrl, "application/json-patch+json");
No there is no Server-to-Server OAuth support. If you use the .NET Client Object Model you can leverage Impersonation support.
If your account has "Act on behalf of others" permissions you can also achieve a "User X via YourAccount".
Related
I'm having an issue where the token validation fails after some time (exactly when varies I think but usually counted in days). Restarting the app resolves the issue, so I think it's something wrong with how I initialize things.
I'm using Firebase and below is the bootstrapping code that runs at app startup.
I read in a comment on this old post https://stackoverflow.com/a/29779351/611441 that Google rotates certs, so now I'm thinking that might be the issue? I'm only fetching the certs once for the lifetime of the application. If that's the case, how would I be able to refresh these every now and then since this only runs at startup?
public void ConfigureAuthentication(IAppBuilder app)
{
var issuerSigningKeys = GetIssuerSigningKeys();
var firebaseAdminProjectId = ConfigurationManager.AppSettings.Get("FirebaseAdminProjectId");
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions()
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = new[] { firebaseAdminProjectId },
Provider = new OAuthBearerAuthenticationProvider
{
OnValidateIdentity = context =>
{
context.OwinContext.Set<bool>("OnValidateIdentity", true);
return Task.FromResult(0);
}
},
TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKeys = issuerSigningKeys,
ValidAudience = firebaseAdminProjectId,
ValidIssuer = ConfigurationManager.AppSettings.Get("FirebaseAdminValidIssuer"),
IssuerSigningKeyResolver = (arbitrarily, declaring, these, parameters) => issuerSigningKeys
}
});
}
private static List<X509SecurityKey> GetIssuerSigningKeys()
{
HttpClient client = new HttpClient();
var task = client.GetStringAsync("https://www.googleapis.com/robot/v1/metadata/x509/securetoken#system.gserviceaccount.com"));
task.Wait();
string jsonResult = task.Result;
//Extract X509SecurityKeys from JSON result
List<X509SecurityKey> x509IssuerSigningKeys = JObject.Parse(jsonResult)
.Children()
.Cast<JProperty>()
.Select(i => BuildSecurityKey(i.Value.ToString())).ToList();
return x509IssuerSigningKeys;
}
private static X509SecurityKey BuildSecurityKey(string certificate)
{
//Removing "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines
var lines = certificate.Split('\n');
var selectedLines = lines.Skip(1).Take(lines.Length - 3);
var key = string.Join(Environment.NewLine, selectedLines);
return new X509SecurityKey(new X509Certificate2(Convert.FromBase64String(key)));
}
I think I've finally figured this out.
First of all, the signing keys seems to be rotated every 5 days because they have a validity property set with a date. This makes sense with the pattern I see...
However, I think the issue is in my code. The TokenValidationParameters' property IssuerSigningKeyResolver expects a delegate. But I'm getting the keys and assigning them to a variable which in turn is assigned to the property. So the "resolver" always resolves the initial keys returned. They'll never refresh. The fix is to simply assign the GetIssuerSigningKeys() method to the property instead:
IssuerSigningKeyResolver = (arbitrarily, declaring, these, parameters) => GetIssuerSigningKeys()
My company has created a Yammer application that we use internally. Our app automatically subscribes people to various threads that have been created. We have found that there is a difference between "subscribing" someone to a thread and what happens when a user clicks the "follow in inbox" link on the site. When we automatically subscribe people, the only thing that we can see happening is that the thread will appear in the users "Following" section in the Home tab. Contrast this with what happens when a user clicks the "Follow in Inbox" link. From that point on any comments added to the thread will show up in the user's inbox and an email will be sent out to the user when this happens. We would really like for this to happen when we automatically subscribe someone to a thread, however, this feature seems to be missing from the REST API. Does anyone know of a way to accomplish this? The functionality provided by the subscription API endpoint is not sufficient for our purposes.
Thank you
P.S. I've sent the link to this question to several of my colleges they may respond before I get a chance to.
As a verified admin it is possible to create an impersonation token and then perform actions on behalf of the user such as join group/thread.
Note that for private groups, the group admin's are still required to approve the new member
https://developer.yammer.com/docs/impersonation
You can achieve your desired behaviour by adding users directly to the groups.
A C#.Net example I use:
// Impersonate user to join group
string ClientID = ConfigurationSettings.AppSettings["ClientID"]; // ClientID of custom app.
string userid = XMLDoc.Root.Element("response").Element("id").Value; // Yammer user id (in this case retreived from a previous API query)
string YammerGroupID = "123456"; // set group id.
string url = "https://www.yammer.com/api/v1/oauth/tokens.json?user_id=" + userid + "&consumer_key=" + ClientID; // impersonation end-point
HttpWebRequest request;
request = (HttpWebRequest)WebRequest.Create(url);
request.Headers.Add("Authorization", "Bearer " + bearer); // Bearer token of verified admin running the custom app.
request.Timeout = 90000;
request.Method = "GET";
request.ContentType = "application/json";
request.Proxy = new WebProxy() { UseDefaultCredentials = true };
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
using (Stream responseStream = response.GetResponseStream())
{
StreamReader reader = new StreamReader(responseStream);
string UserTokenJSON = reader.ReadToEnd(); // UserOAuth token as a JSON string.
string UserToken = UserTokenJSON.Substring(UserTokenJSON.IndexOf("token") + 8, 22); // Find 'token' in json string.
string temp = UserToken.Substring(UserToken.Length); // there is likely a much better way to parse out the token value, although this works.
temp = UserToken.Substring(UserToken.Length - 1);
temp = UserToken.Substring(UserToken.Length - 2);
if (UserToken.Substring(UserToken.Length) == "\\")
{ UserToken = UserToken.Substring(0, UserToken.Length); }
if (UserToken.Substring(UserToken.Length - 1) == "\"")
{ UserToken = UserToken.Substring(0, UserToken.Length - 1); }
if (UserToken.Substring(UserToken.Length - 2) == "\",")
{ UserToken = UserToken.Substring(0, UserToken.Length - 2); }
string url2 = "https://www.yammer.com/api/v1/group_memberships.json?group_id=" + YammerGroupID; // group membership endpoint,
HttpWebRequest request2;
request2 = (HttpWebRequest)WebRequest.Create(url2);
request2.Headers.Add("Authorization", "Bearer " + UserToken); // Impersonation Token
request2.Timeout = 90000;
request2.Method = "POST";
request2.ContentType = "application/json";
request2.Proxy = new WebProxy() { UseDefaultCredentials = true };
try
{
using (WebResponse response2 = (HttpWebResponse)request2.GetResponse())
{
confirmedstring += " New member: " + Email + "\\r\\n"; // This is used for posting summary back to a Yammer group in further code.
confirmedadditions++;
}
}
catch
{
Errorstring += "Error in adding " + Email + " to group " + YammerGroupID + "\\r\\n";
errors++;
}
}
}
I have problem with crm 2011 caching. I don't need it, but I don't know how to disable it.
First I generate this:
CrmSvcUtil.exe
/codeCustomization:"Microsoft.Xrm.Client.CodeGeneration.CodeCustomization,
Microsoft.Xrm.Client.CodeGeneration" /out:Outputcs
/url:https://crmaddress/XRMServices/2011/Organization.svc
/username:usr/password:pw
/namespace:ns/serviceContextName:XrmServiceContext
then I have the following code:
private XrmServiceContext _crmService;
public CrmWS()
{
CrmConnection _connection = new CrmConnection();
_connection.ServiceUri = new Uri("https://url");
ClientCredentials credentials = new ClientCredentials();
credentials.Windows.ClientCredential = new NetworkCredential("1","2","3");
_connection.ClientCredentials = credentials;
_connection.ClientCredentials.UserName.UserName = "1";
_connection.ClientCredentials.UserName.Password = "2";
_crmService = new XrmServiceContext(_connection);
var l = _crmService.EntitySet.where(m => m.name == "a").ToList();
}
What should I do to turn off caching?
Specify the service in your configuration file:
<microsoft.xrm.client>
<services>
<add name="Xrm" type="Microsoft.Xrm.Client.Services.OrganizationService, Microsoft.Xrm.Client"/>
</services>
</microsoft.xrm.client>
Another bypass I found which can be used, its not perfect and people might give me bad reviews.
But you can always use a query which always changes with a random number or other random code:
Random r = new Random();
int rInt = r.Next(-100000000, 100000000);
var l = _crmService.EntitySet.where(m => m.name == "a" && m.name!=rInt.ToString()).ToList();
I am trying to query Opportunity information from Microsoft Dynamincs CRM 2011.
Any idea why I keep getting a 401 Unauthorized error?
If I use the URL in the browser it seems to work.
Uri organizationUri = new Uri("/XRMServices/2011/OrganizationData.svc");
Uri homeRealmUri = null;
ClientCredentials credentials = new ClientCredentials();
credentials.Windows.ClientCredential = new System.Net.NetworkCredential("username", "password", "domain");
OrganizationServiceProxy orgProxy = new OrganizationServiceProxy(organizationUri, homeRealmUri, credentials, null);
// Get the IOrganizationService
IOrganizationService orgService = (IOrganizationService)orgProxy;
//Get OrganizationServiceContext -the organization service context class implements the IQueryable interface and
//a .NET Language-Integrated Query (LINQ) query provider so we can write LINQ queries against Microsoft Dynamics CRM data.
OrganizationServiceContext orgServiceContext = new OrganizationServiceContext(orgService);
// Get name,number and ownerid for all the account records
var queryAccount1 = from r in orgServiceContext.CreateQuery("opportunity")
select new
{
CustomerID = r["customerid"],
};
foreach (var account in queryAccount1)
{
txtCustomerID.Text = account.CustomerID.ToString();
}
Are you accessing you CRM on the intranet or IFD? I think the problem is the way you set up credentials.
Setting up NetworkCredential class will not work if you are accessing your CRM through IFD
var credentials = new ClientCredentials();
credentials.UserName.UserName = "username";
credentials.UserName.Password = "password";
var organizationUri = new Uri("https://externaluri");
var organizationServiceProxy = new OrganizationServiceProxy(organizationUri, null, credentials, null);
organizationServiceProxy.ServiceConfiguration.CurrentServiceEndpoint.Behaviors.Add(new ProxyTypesBehavior());
I would like to create User Properties using EWS so that they appear in the field chooser in Outlook. I know it's possible using VBA, the object model exposes an Item.UserProperties collection. However, using EWS I can only access Item.ExtendedProperty.
The issue with ExtendedProperty is that is doesn't appear in the selectable user properties list.
The underlying issue is that our server-side application tries to work nicely together with the Dynamics CRM Outlook Client. The CRM Outlook client uses UserProperty for storing custom properties and our application can only work with EWS and we cannot find a way to create user properties.
Some example code:
User Properties (VBA Outlook):
Dim WithEvents m_objApp As Outlook.AppointmentItem
Private Sub Application_ItemLoad(ByVal Item As Object)
If Item.Class = olAppointment Then
Set m_objApp = Item
End If
End Sub
Private Sub m_objApp_Open(Cancel As Boolean)
Dim oProp1 As UserProperty
Dim oProp2 As UserProperty
If m_objApp.UserProperties.Count = 0 Then
Set oProp1 = m_objApp.UserProperties.Add("crmid", olText)
oProp1.Value = ""
Set oProp2 = m_objApp.UserProperties.Add("crmLinkState", olText)
oProp2.Value = "0"
m_objApp.Save
End If
End Sub
Extended Properties (Exchange EWS):
CalendarItemType item = new CalendarItemType();
item.MeetingTimeZone = new TimeZoneType() { TimeZoneName = _userTimeZone };
item.StartSpecified = true;
item.Start = GetDateFromXml(node.Value);
item.EndSpecified = true;
item.End = GetDateFromXml(node.Value);
List<ExtendedPropertyType> properties = new List<ExtendedPropertyType>();
properties.Add(CreateExtendedProperty("crmid", pending.CrmId.Value.ToString(), MapiPropertyTypeType.String));
properties.Add(CreateExtendedProperty("crmLinkState", "2", MapiPropertyTypeType.Double));
item.ExtendedProperty = properties.ToArray();
CreateRequest createRequest = new CreateItemType()
{
Items = new NonEmptyArrayOfAllItemsType
{
Items = new ItemType[] { item }
},
SavedItemFolderId = new TargetFolderIdType()
{
Item = new DistinguishedFolderIdType()
{
Id = folder,
Mailbox = new EmailAddressType() { EmailAddress = _user.MailBox }
}
},
SendMeetingInvitations = CalendarItemCreateOrDeleteOperationType.SendToNone,
SendMeetingInvitationsSpecified = true
};
CreateItemResponseType response = exchange.CreateItem(createRequest);
private ExtendedPropertyType CreateExtendedProperty(string name, string value, MapiPropertyTypeType type)
{
return new ExtendedPropertyType()
{
ExtendedFieldURI = new PathToExtendedFieldType()
{
PropertyName = name,
DistinguishedPropertySetId = DistinguishedPropertySetType.PublicStrings,
DistinguishedPropertySetIdSpecified = true,
PropertyType = type
},
Item = value
};
}
A similar question has been asked on a Microsoft forum almost a year ago, but no answer yet. http://social.technet.microsoft.com/Forums/en-NZ/exchangesvrdevelopment/thread/c4d6bbb9-ba6a-4aa4-9e39-98a52b733a8c
I was hoping SO would be more successful :)
Thanks,
Jeffry
I thought the two methods were equivalent as long as you used publicstrings (which it looks like you do). How about using MFCMAPI to see the difference in what's generated?