I want to create a web page that can query a Dynamics CRM Online instance based on a specific user.
I want the user to enter the URL of their CRM instance in a textbox then click on a login button. After clicking the login button they will be directed to the CRM login screen. After successfully entering their login credentials that will be directed back to my web page with an authentication token that will be used to query the CRM instance.
How can I do this? This is effectively how Power BI works when using the CRM Connection.
I thought about using Web API to do this but you need to know the client id and set up a client secret. Is there an easier way to achieve the CRM login as I want the website to be simple to use.
You are not authenticating against CRM, but against Azure Active Directory. You might want to have a look at this page: https://msdn.microsoft.com/en-us/library/hh675418.aspx
and read up on OAUTH to get to what you are looking for.
Related
I'm creating an application in Blazor WebAssembly with Microsoft.Authentication.WebAssembly.Msal for the authentication. I followed this link. I'm using the RemoteAuthenticatorView component to perform a login. But I want that the user has to confirm his password for a critical operation. Or maybe he has to re-login. How can I do that ?
Edit: Previously, I used Microsoft.Identity.Client in a desktop application. To do the confirmation, I used the AcquireTokenByUsernamePassword function. But it's not possible in a webapp.
If you using the Azure AD Signin user flow a textfield for password input isn't possible.
This because the form containing the field has to be Remote inside the Azure AD domain.
If you want, as you propose as alternative, a popup to confirm the identity of the user, the only possibility is to logout the user and redirect him to the login.
But in this case you (he) lost any session data and it's hard to use the returnUrl parameter to restore the same status, with i.e. a form with data.
I think should be better to send an email with a verification code, or, as Microsoft does on the Azure Portal, request a keyword to confirm the operation.
Generally speaking this keyword could be any of your choice, in the past I've used a secret word configured by the user himself inside his profile page.
I'm having trouble with Microsoft Teams in the sense that I does not recognise my username and password that I enter in my application. I'm able to get my application to display inside the Teams page, but when I capture my username and password, Teams re-display the login screen. I'm using asp.net core identity framework to authenticate my users.
When I add [anounamous] tags to my controllers, it's possible to navigate to those pages. But anything that is not decorated with [announoumus] will force me back to the login screen and then Teams does not recognise the login details.
It is as if it does not know how to read the information in the cookie.
I'm able to load the manifest.json file without any issues, then select the page to display on the Team Tab. But when I try to navigate to a "restricted" page that requires my user to be logged in, Teams display my login page.
Below is a link to the Manifest file if anyone is able to help: dropbox.com/s/wxw3xtk1458blbu/Ezymapps.zip?dl=0
I have a bot running on a hosting page where users are logged in using SSO.
I want to authenticate the user in the bot automatically when the bot starts and I do not want to use anAuthCard to do it. Just want to automatically authenticate the user without prompting anything to him, just using SSO.
I found an article that refers three ways to authenticate an user in the bot:
Sharing the client's user token directly with the bot via ChannelData
Using an OAuthCard to drive a sign-in experience to any OAuth provider
A third option, called Single Sign-On (SSO), that is in development.
And, according to the article my situation is:
WebChat in an authenticated website where the user is already signed in and the website has a token to the same identity provider but to a different app that the bot needs -> in the future, this is single sign-on, but for now you 'll need to use an OAuthCard.
Is there any update about this functionality? How can I authenticate the user into the bot without using an OAuthCard or a SigninCard?
Thanks in advance
Not sure if you have tried the option of using WebChat with Azure Bot Service’s Authentication which provides built-in authentication capability to authenticate chat users with various identity providers such AAD, GitHub, Facebook, etc.
If you are looking for this built-in feature, then probably you need to build your own custom built solution using Google sign-in by passing the token ID of the authenticated users. Or for an Account linking OAuth2 solution as explained in this link: How to implement Login in Dialogflow chatbot.
Microsoft guys Are looking at the issue now. you can track the progress here.
I implemented a solution that worked for me. I have the bot running in a .net core web app
Here's what I did:
Generate an userId before initializing the BotApp
When the user clicks on the button to open the webchat, I'm opening an authenticated controller in a popup that receives the generated userId. The page is authenticated, so you will need to authenticate. I store the userId in my DB, along with access_token and some user information. The controller should be created in the same webapp where the bot is running.
After storing all the information I close the tab and start the BotApp with the generated userId
In bot code you will be able to query your DB (using userId).
To wait until the popup close, you can have a look into this here.
I hope that this helps someone.
Best regards
I am reading the docs in the Stormpath website. They have documentation about how to create account, application...
But I cannot find the overview the big picture of the Stormpath
especially how can my web application can integrate with it.
I need a picture that describe the flow of the authentication between my Web Server, browser, and stormpath API.
I have a web application and a login page.
My specific questions are:
When a user clicks the submit button of the login page, should I call the RestAPI to Stormpath to authenticate or I need to send username and password to my web server, and web server will send it to Stormpath to authenticate?
If when a user clicks the submit button and I need to call the RestAPI of Stormpath from JavaScript, after login successfully do I have a returned Access token? And what can I do with that token.
Please help me.
Heyo -- I work at Stormpath, so hopefully I can explain this for you a bit.
If you're building a website, and storing your users with Stormpath, here's how authentication works:
A user visits your website, and clicks the login page.
You show a login page and collect the user's email and password (or username).
The user clicks Login, and that form data is transferred to your web server (not Stormpath!).
On your server-side code, you would then use one of the Stormpath libraries to authenticate the user's account. You would take the form data the user submitted to your server, and then call the proper Stormpath method to authenticate the user.
Stormpath will log this user in, by creating an access and refresh token, and securely storing cookies for your user in the browser.
This is how the flow typically works.
I'm working on a SharePoint online (O365 Multi-tenant) environment and trying to integrate Yammer feed into the SharePoint site. SharePoint sites are authenticated to the users thru their AD account(/credentials) while Yammer credentials are not (Yammer username is same as the user's email address in AD but the password is different). This scenario is not allowing me to perform single-sign on. Hence, I've resorted to have a service account that will always be used pull the yammer feed on the SharePoint site, irrespective of the user logged in to the SharePoint site.
From my study and understanding so far, embedding yammer script is not really a viable option in my case (because it would always present the login button to the user or take the cached yammer credentials from the browser). My objective is to by pass this for users when they view the SharePoint page, but when they post or reply to yammer network from the SharePoint site feed, they should not be challenged for credentials (or at the least should enter credentials only once). I'm trying to achieve this thru provider hosted SharePoint app. Any suggestions or ideas on how to achieve this?