I have a C# app which modifies files in SharePoint Online document libraries. The app authenticates with SharePoint Online using web requests and uses the returned cookies when calling web services. The app can run for several days (possibly even weeks for large file sets) as it churns through files. Do I need to worry about authentication tokens expiring once authentication is successful and the app is running?
This article mentions the session will timeout after 5 days of inactivity, but what if my app is still active?
Related
Hello Stack Community.
I'm looking for formal name of technology/technique that's being used in Microsoft Azure CLI and in Epic Games Desktop application, that is responsible for delegation of authentication from target application to browser, where you perform OpenID Connect authentication and brings you back to target application: CLI App or Desktop App, where you can proceed as logged in user by using authentication you gained via browser.
The steps would be:
you launch target app (CLI, desktop app)
login attempt lets you choose oAuth OIDC via Google or so
selecting it opens default browser, where you proceed with login
You gain auth inside app you started from (CLI, dektop app)
In classic OIDC process you gaining your token in same app/browser environment, while here authorization is expected in app A, token is gained in web browser and afterwards there is possibility to re-use it in completely different application.
I'm wondering is this some particular OIDC extension, usage of some particular grant flow or just some particular hacky way of sharing token across entities?
I found one online resource here but my investigation don't confirm starting of any redirection URL localhost server for toke possession.
I'd appreciate any help in my investigation.
I'm currently implementing GMail integration into a line of business web
application (ASP.NET MVC) which will run across multiple servers behind a load balancer. Additionally there will be a console application, run by the scheduler, to perform regular jobs.
Multiple users will be using the web application – it is the business's backoffice – but there is only a single GMail account used for email communication with customers. Access to that GMail account will be authorised by an admin (users will not have direct access to the GMail account).
I know a single token store will be needed.
My problem is ensuring that when the OAuth 2 refresh token is used to renew
the access token there is no concurrency issue.
I cannot cannot see any ability with the Google .NET OAuth2 Library to control when (eg. by seeing an event) the refresh takes place.
I could manually check the time to expiry before each access, but is there any better way?
(I still need to solve the problem of blocking other processes – including on other servers – from using the token while refreshing, but that is another problem.)
I have a web app that is using the Power BI Web API to display some dashboard data, inside another application. I have followed the authentication examples on GitHub, and can authenticate and query the API.
HOWEVER, all of the examples store the returned tokens in temporary storage (e.g. session), which means that the user has to re-authenticate the application every time they visit (or the app pool restarts).
Ideally, I want to authenticate the web app when it's set up (using a set of credentials set up just for the app), and then have the web app continue to use the same credentials, without the site users having to log back in to Power BI again (as many of the users of the web app do not have direct Power BI access).
Is this possible? If so, how might I go about it? All of the examples I can find are such that you have to re-authenticate every time you access the API. I suspect because I don't know the correct terminology here (this is my first time using the AAD services and authentication) I may be missing something obvious.
To do what you want, you need to securely store the refresh token. The call to get the initial token should return both the accessToken (that expires within 1hr usually) and a refreshToken that you can use to get new accessToken. The refreshToken is usually valid for 90 days, so your access is not indefinitely. There's documentation on MSDN for how to do that:
https://msdn.microsoft.com/en-us/library/ff752395.aspx
After looking through multiple tutorials and posts, I have not found an answer or guide as to how to handle the following issue:
There is an Azure API App communicating with an Azure DocumentDB
There will be an Azure Web App (and some day mobile apps) communicating with the API App.
I would like for anonymous users to have access to read only information through the Web App (and only through the Web App). The
API App will serve up documents as requested. Anonymous users
connecting directly to the API App should not be allowed to retrieve
any information.
For contributors, they will be able to add documents using the Web App
when they are logged in. The documents will go through the API App
to be written to the DocumentDB
What are the suggested ways for handling anonymous users and authenticated users so both can use the Web App and the underlying API App successfully while blocking any use of the API App if it does not come from the Web App (or future mobile apps)? I only want anonymous users to be able to retrieve information when using the Web App.
The API App is developed in C# .NET 4.5, and the Web App will be the same. I'm not planning on writing my own authentication since the Azure Gateway takes care of this, but it only has the options of Public (Anonymous), Public (Authenticated), and Internal. Public (Anonymous) lets everyone in, while Public (Authenticated) blocks the anonymous users that I would like to have read only access. I'm very new to dealing with Authentication so I'm not even sure if this is possible without having to write my own authentication engine.
For clarification, this question is purely for Authentication between the Web App and the API App.
Thanks,
I'm using Office 365 and Windows Azure. I need to create an App on Azure that will require authentication and will be accessible for Sharepoint workflows.
I created simple ASP.NET app that uses Azure Active Directory for single sign-on (according to this steps: http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory )
Then I created workflow on Sharepoint, that calls this App and retrieves response content. Unfortunately it turns out that instead of website content it returns login page.
My question is how to make the connection between Sharepoint Workflow and Azure App, so that the App would require to log in for users, but would be accessible for the Sharepoint Workflows?
Sorry for my poor explanation, but I'm very new in this topic.