I'm working on a SharePoint online (O365 Multi-tenant) environment and trying to integrate Yammer feed into the SharePoint site. SharePoint sites are authenticated to the users thru their AD account(/credentials) while Yammer credentials are not (Yammer username is same as the user's email address in AD but the password is different). This scenario is not allowing me to perform single-sign on. Hence, I've resorted to have a service account that will always be used pull the yammer feed on the SharePoint site, irrespective of the user logged in to the SharePoint site.
From my study and understanding so far, embedding yammer script is not really a viable option in my case (because it would always present the login button to the user or take the cached yammer credentials from the browser). My objective is to by pass this for users when they view the SharePoint page, but when they post or reply to yammer network from the SharePoint site feed, they should not be challenged for credentials (or at the least should enter credentials only once). I'm trying to achieve this thru provider hosted SharePoint app. Any suggestions or ideas on how to achieve this?
Related
I want to create a web page that can query a Dynamics CRM Online instance based on a specific user.
I want the user to enter the URL of their CRM instance in a textbox then click on a login button. After clicking the login button they will be directed to the CRM login screen. After successfully entering their login credentials that will be directed back to my web page with an authentication token that will be used to query the CRM instance.
How can I do this? This is effectively how Power BI works when using the CRM Connection.
I thought about using Web API to do this but you need to know the client id and set up a client secret. Is there an easier way to achieve the CRM login as I want the website to be simple to use.
You are not authenticating against CRM, but against Azure Active Directory. You might want to have a look at this page: https://msdn.microsoft.com/en-us/library/hh675418.aspx
and read up on OAUTH to get to what you are looking for.
I'm building mobile applications using .NET. What I'm looking for is a way to manage user sessions and info using Azure Mobile Services. I've read a lot about the authentication in Azure Mobile Services, but this only authenticates a user via Facebook, Twitter, etc ... to access azure services.
I'm looking for user session management, i.e. register, login, logout. Be able to save and retrieve user info, i.e., save certain info against the user such as age for example. Also session management and caching, i.e. the user will remain logged on when the app is closed and re-opened. Also azure mobile services doesn't seem to provide a way to allow me to register users via email.
Basically, If anyone is familiar with Parse, I'm looking for having similar functionality in Azure. Can anyone help please ?
Thanks
Out of the box, Mobile Services provides easy authentication with social providers (Facebook, Twitter, etc) and Azure Active Directory. If you want to do registration via email, you'll have to create a custom auth system. This is going to be more complex than just flipping a switch and using Facebook auth, but totally doable and I can point you in the right direction. First, check out this post that will explain how you can create a registration / login system using custom API and the script backend. If you're using a .NET backend, you'll need to alter thing a bit (the samples are in JS) but it should be pretty easy to convert. The only piece that is really missing from that post is how to do email verification. To do this with Mobile Services, I would suggest the following.
Sign up for a SendGrid account (free in the Azure store)
From your script, after registering the user, generate a random alphanumeric string that is saved to their account / user record in the table.
Use the same string to create a URL which you can send to the user's email address (check out this tutorial for sending email via SendGrid and Mobile Services).
The link can either go to a different custom API or a web front end. When that endpoint is hit, it should update the user record to show that they have verified their email address.
So I have CRM Online and SharePoint Online as document storage. I have the list component installed and everything is working there. I have a plugin I have built which generates emails, and as part of the process, grabs documents from various SharePoint folders and attaches the to the email before sending.
To do this in a SharePoint online environment, I have to go out, grab a SAML token from MS's login STS service, pass the token to SharePoint, receive a couple of authentication cookies back, and pass those cookies along with any requests I make to SharePoint. All of this is working. The bad news is I have to have a username and password hardcoded in (or prompt the user). Is there any way from inside CRM Online to grab the current user's credentials and pass that to get the SAML token? I mean there has to be since CRM does it when you create the document libraries when you turn on Document Management, right?
I can't use the SharePoint dlls inside CRM Online plugins, it is security restricted. I cannot access the CredentialCache, security restricted. Hell, I even looked at trying to intercept the cookies somehow with Javascript, but it looks like they are HTTPOnly and pretty much inaccessible.
Tried putting in a Microsoft ticket and got some low level guy who immediately passed the buck and called it unsupported.
You can't get user's password in CRM. If you are developing a plugin, the plugin can run in the user context and the code will execute based on the logged in user. Therefore you don't need to pass any creds for adding a document in CRM.
Check out this url, it helps you understanding how impersonating works in CRM.
https://msdn.microsoft.com/en-us/library/gg309416.aspx
Hope this helps.
I need to add the new embed Yammer Widget to a page. I managed it by simply adding the embed code to my page, but the yammer login seems to appear all the time.
I have to say that I don't have any experience with Yammer but I've read the Yammer Embed Installation Guide as well as other documents. Still, I am not able to find whether or not it is possible to pass some kind of credentials (mail, etc.) in order to prevent the embed yammer to display the login to the user or at least have the login display only once.
Can anyone help me?
From Yammer support: "A user would still need to log in to both your intranet and Yammer embed instance even with Single Sign On enabled. There is an open project for our Product team to allow for just a single log in so that when a user is logged into SSO for your intranet, they would also be auto-logged into embed."
If you add both the Host site and Yammer (https://.yammer.com & https://.assets-yammer.com) to the trusted zone in IE, it should pass the OAuth token after the first login and authorisation. I've tested this in IE8 and IE10 successfully.
Regards,
Chris
We have three servers that all share the same database. One server is internet facing.
I have a web page in an IFRAME in CRM that talks to the CRM web service using the standard method of connecting for on-premise. When this IFRAME is displayed through the IFD with users logged in through the forms authentication element, you are asked for login credentials.
How do I get around this?
EDIT
The IFRAME that targets the CRM service is on four servers. Two of the servers are used for IFD and On-premise use. The other two are for on-premise only. They are all in the same domain. All of the users are internal users that can log in through the web if they are using a customer's computer or a machine in an Internet cafe and therefore can't use the VPN.
A few questions to better understand you issue. Is the iframe which targets CrmService on the same IFD server? Is the IFD server on the same domain as the rest of the servers? When you say users are logged in are you refereeing to local domain users or external users?
I suspect the problem is not the services, but the IFrame. When you authenticate to MSCRM via on-premise you are doing Windows Authentication, and when you should the IFrame that authentication request is done again. Since the browser knows everything it needs this is all handled transparently.
When using IFD, you are not using authentication on the web server level - you are doing it using forms based which is on the application level. You IFrame though is still wanting authentication, and thus the iframe prompts for authentication.
If you were having a service problem, the IFrame would display and what ever action triggers the service call would fail with a 400 or 500 error.
So the question comes in how do you build a web page that can cater for windows authentication and forms based? Well that is easy in MSCRM, first make sure you are not running authentication on the web page - set it to anonymous. That ensures no more popups, then make sure you use the CrmAuthenticationToken code to get the token and use that for all calls. You should not be setting the .Credentials property of the service itself.
Assuming you're deploying your page within the CRM website (and not its own virtual directory) then here is pointing you at the SDK article for what Robert mentioned:
See the SDK topic titled: Authentication from an ASPX Page.
In my experience you should always use the CRMImpersonator in your web pages within the CRM website.
Now if you've got your own page running on its own website:
You'll want to see the Discovery service and obtaining a CRM Ticket for accessing the services.