I have an Office 365 subscription at work. When I go to the Account screen in MS Word, it shows my corporate identity. So behind the scenes, there is an active logon session with the Microsoft Graph API.
Can I tap into that login session from a VBA macro (e. g. retrieve a logon token)? I'd like to create a list item in a Sharepoint Online list without making the user go through the logon flow.
Related
Our website allows users to create a new account using a registration page where we collect username, email, passwords, avatar, etc. The users activate their account and then login and browse, buy, comment, etc like normal.
We recently added the Login with Google button to our site as an additional option. Currently the system does the following:
Get a post request from Google
Verify the signature on the JWT and prepare the credentials
Do some security checks on the request
Check if the email exists with an existing user in our system - if it does, authorize them and login
If the email and sub don't exist, create a new account and load the data from Googles credential POST to make a new account
The conflict here is whether or not we should be doing step 4 on existing accounts that were not created using Google or if those accounts should be converted to Google only accounts when they login.
For example,
I register with john#gmail.com as my account name with a password created on the register page. One day, I accidentally, or on purpose, click Sign in with Google. The system sees my email from the oauth login and finds my account already in the system.
Should it:
Log me into the account without checking password, since its already my Google account, and keep everything else the same.
Give me an error that my email is already in use on another account and abort the login process.
Convert the account to a Google only sign-in and remove the password to prevent me from logging in without using Google in the future.
Update the account with the Google sub id but keep the password option and allow them to reset their website password independently from Google should they wish to "unlink" their Google account in the future.
I believe step 4 would be the most logical, but as we have not implemented this before we want to follow the standard that most other developers would use - or maybe there's an even better way.
I'm trying to connect my current MS Access forms to SharePoint online. I was able to fetch and feed data without any problem. My only problem is that I want to share the front end to multiple users, but I also need to create a login form to check whether they have access to SharePoint online or not.
Is there a way to add a username/password to the below connection string?
"Provider=Microsoft.ACE.OLEDB.12.0;WSS;IMEX=2;RetrieveIds=Yes;DATABASE=https://CompanySharepoint.com/Lists/;"
Nope.
Access will determine if the user is able to login using integrated authentication. This means that users that don't have access to SharePoint won't be able to access the lists.
Depending on your SharePoint config, they might get an error message, or might get a prompt asking them for a username and password. As long as you're cleaning the cache properly, they won't be able to access any data if they have no permission to view the data on SharePoint.
If I want to access an Office 365 API in and Office add-in I have to use the Azure AD login screen in my application. However, this will always result in a pop-up for the login action itself. Is there a way to prevent his pop-up?
Actually, what you're looking for is a way to make sure that the external domain (where the Azure AD login screen is hosted, something like https://login.microsoftonline.com for Office 365 users) is showed within the same add-in frame rather than launching a popup frame. While there actually s a way to do this using the appdomains tag in your add-in manifest (see AppDomains).
While this works for most, it is actually not a best practice because many organizations use federated logins for their Azure AD, which means they have their own login screen domains. Wile you could theoretically add them all there is no way of knowing in advance what the domain is going to be, so for the time being a pop-up is a necessary evil and a best practice.
You will want to use the Dialog API. See https://github.com/OfficeDev/office-js-docs/blob/master/reference/shared/officeui.md
I have a user community of about 100 with three being writers, the remainder are read only. Although I have two front end sessions, one reader and the other writer, and can control the latter through a Form_Load() event function, it fails if the user's macro security is set to high. The form opens regardless and an unauthorized user can edit records. Any way I can control which users can edit and which cannot by some means other than through VBA?
You can ask your network admin to grant either read or modify user specific rights to the folder that holds the backend file or to the backend file itself.
As a high level administrator I have option to login as an other administrator by setting proper session. To develop this option I want to be able to login as multiple admins and jump between their account where some browser tab may be involved in account 1 when other tab involves in account 2 (something like Gmail multiple user login).
How should I manage this? using session (session changes in all tabs)? cookies (So which tab read which cookies?), server object? passing a query string between pages? or what?