I am creating an application to list all sub sites, attributes and to upload documents. I am trying to use WCF to use sharepoint web services.
TO authenticate i have written the below mentioned code:
HRESULT hr;
ISAXXMLReader* pRdr = NULL;
hr = CoInitialize(NULL);
hr = CoCreateInstance(
__uuidof(SAXXMLReader),
NULL,
CLSCTX_ALL,
__uuidof(ISAXXMLReader),
(void **)&pRdr);
if ( SUCCEEDED(hr) )
{
pRdr->putBaseURL(L"http://bascansp01");
Authentication::CAuthentication* auth = new Authentication::CAuthentication(pRdr);
Authentication::LoginResult* res = new Authentication::LoginResult();
BSTR sUsername = L"aakanksh#abc";
BSTR sPasswd = L"abcd";
hr = auth->Login(sUsername, sPasswd, res);
but my login is failing. While debugging i found out that it failes at the line:
__atlsoap_hr = SendRequest(_T("SOAPAction: \"http://schemas.microsoft.com/sharepoint/soap/Login\"\r\n"));
any clue why it is failing.
Thanks and Regards,
Aakanksha
Related
I'm trying to get the PKCE example to work, but I keep hitting
Error code: 500
Error: invalid_request : code challenge required
Here's a sample url, it does include a code_challenge param generated with the example code.
https://login.xero.com/identity/connect/authorize
?client_id=XXX
&response_type=code
&scope=openid%20profile%20email%20offline_access%20files%20accounting.transactions%20accounting.contacts&redirect_uri=https%3A%2F%2Flocalhost%3A5001%2F
&code_challenge=tj6n3SLd6FZ8g6jjSJYvfC--4r2PHGnpbSGTwIreNqQ
&code_challenge_method=S256
The registered app is a PKCE flow, kind of out of options what it could be.
Here's the code I use, the only changes are the last 2 lines where I launch the browser a I'm connecting from a desktop app. Tried pasting the generated url into the browser directly but that also didn't work.
XeroConfiguration xconfig = new XeroConfiguration();
xconfig.ClientId = "XXX";
xconfig.CallbackUri = new Uri("https://localhost:5001"); //default for standard webapi template
xconfig.Scope = "openid profile email offline_access files accounting.transactions accounting.contacts";
//xconfig.State = "YOUR_STATE"
var client = new XeroClient(xconfig);
// generate a random codeVerifier
var validChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-._~";
Random random = new Random();
int charsLength = random.Next(43, 128);
char[] randomChars = new char[charsLength];
for (int i = 0; i < charsLength; i++) {
randomChars[i] = validChars[random.Next(0, validChars.Length)];
}
string codeVerifier = new String(randomChars);
var uri = client.BuildLoginUriPkce(codeVerifier);
Clipboard.SetText(uri);
System.Diagnostics.Process.Start("explorer.exe", $"\"{uri}\"");
How do I create a local group using Core Services.? Documentation for Core Services says "The Core Services Identity Reference allows developers to support user and group creation.." but there are no examples on how to do it.
Update. This is the code I have so far but It doesn't work and ErrorCode return -2, error description is null. Really struggling to find any documentation that explains how to do it. 0 information on error codes as well.
CFStringRef realName = CFStringCreateWithCString(NULL, "newGroupTest",
kCFStringEncodingMacRoman);
CFStringRef posixName = CFStringCreateWithCString(NULL, "newgrptst1",
kCFStringEncodingMacRoman);
AuthorizationRef auth;
OSStatus status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults,
&auth);
CSIdentityAuthorityRef authority = CSGetDefaultIdentityAuthority();
CSIdentityRef identity = CSIdentityCreate(NULL, kCSIdentityClassGroup, realName,
posixName, kCSIdentityFlagNone, authority);
CFErrorRef error;
BOOL success = CSIdentityCommit(Identity, auth, &error);
if(!success)
{
CFIndex index = CFErrorGetCode(error);
CFStringRef desc = CFErrorCopyDescription(error);
const char* cDesc = CFStringGetCStringPtr(desc, CFStringGetSystemEncoding());
}
Found what was the problem. I wasn't using correct identity authority. To create a local group you need to use CSGetLocaldentityAuthority() that get a local identity authority that stores the identities local to the system, instead of
CSGetDefaultIdentityAuthority() that represents the network-bound authorities.
We are doing a MS Graph API call to get the Sharepoint URL of a Team.
API URL: GET https://graph.microsoft.com/v1.0/groups/{GroupID}/sites/root/weburl
We get this :
Response:
{
"error": {
"code": "serviceNotAvailable",
"message": "The service is not available. Try the request again after a delay. There may be a Retry-After header.",
"innerError": {
"request-id": "9f23d067-e851-4c43-8701-abe137683b87",
"date": "2020-03-05T13:53:43"
}
}
}
What could be the issue?
I have been experiencing a similar problem in searching sites ( GET /sites?search=* ) with the Graph API since March 2nd. I have not been able to recover. I have experienced this over multiple O365 tenants, both free and licensed.
Microsoft docs say this error code is due to MSFT induced throttling, but my request rate is like 50 per hour.
This seems to be a Microsoft bug. I posted a stack overflow issue for this and #rafa-ayadi reported that MSFT was fixing it their side for one of his customers.
I bought an Azure Developer Support subscription for this issue, but MSFT closed it and referred me to Sharepoint Developer Support, for which I can find no link or pricing. So no luck yet in getting MSFT to acknowledge and fix for me.
/**
You need do authentication delegated. See the follow code:
First of all you need from portal.azure.com register app and get:
folder id it is tenantID
App Id. it is clientId
**/
URL urlObj = new
URL("https://login.microsoftonline.com/"+config.tenantID+"/oauth2/v2.0/token");
HttpURLConnection httpCon = (HttpURLConnection) urlObj.openConnection();
String urlParameters = "" + // para la v2.0
"grant_type"+"="+"password"+"&"+ /
"scope" + "=" + "https%3A%2F%2Fgraph.microsoft.com%2F.default" +"&" +
"client_id" + "=" + config.clientId +"&" +
"client_secret" + "=" + config.clientSecret +"&" +
"username" + "=" + config.username +"&" +
"password" + "=" + config.contrasena +"&";
byte[] postData = urlParameters.getBytes( StandardCharsets.UTF_8 );
int postDataLength = postData.length;
httpCon.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
httpCon.setRequestProperty("Content-Length",String.valueOf(postDataLength));
httpCon.setRequestMethod("POST");
httpCon.setDoOutput(true);
OutputStreamWriter writer = new OutputStreamWriter(httpCon.getOutputStream());
writer.write(urlParameters);
writer.flush();
int status = httpCon.getResponseCode();
BufferedReader in = new BufferedReader(new
InputStreamReader(httpCon.getInputStream()));
String inputLine;
StringBuffer content = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
content.append(inputLine);
}
in.close();
String body = getBody(content.toString());
String token = null;
final ObjectNode node = new ObjectMapper().readValue(body, ObjectNode.class);
if (node.has("access_token")) {
token = node.get("access_token").asText();
}
httpCon.disconnect();
return token;
My similar problem accessing any resource in the sites API was caused by having both the Groups.Create and Groups.ReadWrite.All permissions granted at the same time for application type access.
Removing Groups.Create allowed the all CRUD calls to be successful without serviceNotAvailable errors, even command line calls that just access sites.
Be sure to update admin grant and your token if you change the permissions for a test.
User #user13034886 mentioned the permission clash in another post.
After hours of search in Microsoft messed up API documentation for its products, i am still no where on how to authenticate a rest API request in windows azure pack distribution.
Primarily i want to create an API which automate the process of deploying virtual machine, but I cant find any documentation on how to acquire the authentication token to access the resources.
Some documentation states the use of ADFS, but don't provide any reference on the ADFS REST API for authentication.
And I don't want to use ADFS in the first place. I want to authenticate using AZURE tenant and admin interface.
In conclusion, if anyone can provide any help on the REST API authentication, it will make my day.
Thanks in advance.
You can use the following PowerShell to acquire an access token.
Add-Type -Path 'C:\Program Files\Microsoft Azure Active Directory Connect\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
$tenantID = "<the tenant id of you subscription>"
$authString = "https://login.windows.net/$tenantID"
# It must be an MFA-disabled admin.
$username = "<the username>"
$password = "<the password>"
# The resource can be https://graph.windows.net/ if you are using graph api.
# Or, https://management.azure.com/ if you are using ARM.
$resource = "https://management.core.windows.net/"
# This is the common client id.
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" `
-ArgumentList $username,$password
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" `
-ArgumentList $authString
$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds)
# An Authorization header can be formed like this.
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken
I am doing some similar job like you did.
static string GetAspAuthToken(string authSiteEndPoint, string userName, string password)
{
var identityProviderEndpoint = new EndpointAddress(new Uri(authSiteEndPoint + "/wstrust/issue/usernamemixed"));
var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
identityProviderBinding.Security.Message.EstablishSecurityContext = false;
identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint)
{
TrustVersion = TrustVersion.WSTrust13,
};
//This line is only if we're using self-signed certs in the installation
trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None };
trustChannelFactory.Credentials.SupportInteractive = false;
trustChannelFactory.Credentials.UserName.UserName = userName;
trustChannelFactory.Credentials.UserName.Password = password;
var channel = trustChannelFactory.CreateChannel();
var rst = new RequestSecurityToken(RequestTypes.Issue)
{
AppliesTo = new EndpointReference("http://azureservices/TenantSite"),
TokenType = "urn:ietf:params:oauth:token-type:jwt",
KeyType = KeyTypes.Bearer,
};
RequestSecurityTokenResponse rstr = null;
SecurityToken token = null;
token = channel.Issue(rst, out rstr);
var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText;
var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString));
return jwtString;
}
Parameter "authSiteEndPoint" is your Tenant Authentication site url.
default port is 30071.
You can find some resource here:
https://msdn.microsoft.com/en-us/library/dn479258.aspx
The sample program "SampleAuthApplication" can solve your question.
I have a Google Apps Script function used for setting up accounts for new employees in our Google Apps domain.
The first thing it does is makes calls to the Google Admin Settings API and retrieves the currentNumberOfUsers and maximumNumberOfUsers, so it can see if there are available seats (otherwise a subsequent step where the user is created using the Admin SDK Directory API would fail).
It's been working fine until recently when our domain had to migrate from Postini to Google Vault for email archiving.
Before the migration, when creating a Google Apps user using the Admin SDK Directory API, it would increment the currentNumberOfUsers by 1 and the new user account user would automatically have access to all Google Apps services.
Now after the migration, when creating a Google Apps user, they aren't automatically assigned a "license," so I modified my script to use the Enterprise License Manager API and now it assigns a "Google-Apps-For-Business" license. That works fine.
However, the currentNumberOfUsers is now different from the number of assigned licenses, and "Google-Apps-For-Business" is only one of several different types of licenses available.
I can get the current number of assigned "Google-Apps-For-Business" licenses by running this:
var currentXml = AdminLicenseManager.LicenseAssignments.listForProductAndSku('Google-Apps', 'Google-Apps-For-Business', 'domain.com', {maxResults: 1000});
var current = currentXml.items.toString().match(/\/sku\/Google-Apps-For-Business\/user\//g).length;
But the number that produces is different from currentNumberOfUsers.
All I really need to do now is get the maximum number of owned "Google-Apps-For-Business" licenses so the new employee setup script can determine whether there are any available.
I checked the API Reference documentation for the following APIs but...
Enterprise License Manager API → Doesn't have a method for getting the maximum or available number of licenses.
Google Admin Settings API → Doesn't deal with licenses, only "users."
Admin SDK Directory API User resource → Doesn't deal with licenses.
Google Apps Reseller API → This API seems to have what I need, but it's only for Reseller accounts.
I know I can program my new employee setup script to just have a try/catch seeing if it would be able to create the user and assign the license, and end the script execution gracefully if it can't, but that doesn't seem efficient.
Also, part of the old script was that if there were less than X seats available, it would email me a heads-up to order more. I can program a loop that attempts to repeatedly create dummy users and assign them licenses and count the number of times it can do that before it fails, then delete all the dummy users, but, once again, that's not efficient at all.
Any ideas?
Update 3/11/2020: Since the Admin Settings API had shut down a few years ago I've been using the Enterprise License Manager API to get the current number of used licenses, like this:
function getCurrentNumberOfUsedGoogleLicenses(skuId) {
var success = false, error = null, count = 0;
var adminEmail = 'admin#domain.com';
var gSuiteDomain = adminEmail.split('#')[1];
// for more information on the domain-wide delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
// the getDomainWideDelegationService() function uses this:
// https://github.com/gsuitedevs/apps-script-oauth2
var service = getDomainWideDelegationService('EnterpriseLicenseManager: ', 'https://www.googleapis.com/auth/apps.licensing', adminEmail);
if (skuId == 'Google-Apps-Unlimited') var productId = 'Google-Apps';
else return { success: success, error: "Unsupported skuId", count: count };
var requestBody = {};
requestBody.headers = {'Authorization': 'Bearer ' + service.getAccessToken()};
requestBody.method = "GET";
requestBody.muteHttpExceptions = false;
var data, pageToken, pageTokenString;
var maxAttempts = 5;
var currentAttempts = 0;
var pauseBetweenAttemptsSeconds = 3;
loopThroughPages:
do {
if (typeof pageToken === 'undefined') pageTokenString = "";
else pageTokenString = "&pageToken=" + encodeURIComponent(pageToken);
var url = 'https://www.googleapis.com/apps/licensing/v1/product/' + productId + '/sku/' + skuId + '/users?maxResults=1000&customerId=' + gSuiteDomain + pageTokenString;
try {
currentAttempts++;
var response = UrlFetchApp.fetch(url, requestBody);
var result = JSON.parse(response.getContentText());
if (result.items) {
var licenseAssignments = result.items;
var licenseAssignmentsString = '';
for (var i = 0; i < licenseAssignments.length; i++) {
licenseAssignmentsString += JSON.stringify(licenseAssignments[i]);
}
if (skuId == 'Google-Apps-Unlimited') count += licenseAssignmentsString.match(/\/sku\/Google-Apps-Unlimited\/user\//g).length;
currentAttempts = 0; // reset currentAttempts before the next page
}
} catch(e) {
error = "Error: " + e.message;
if (currentAttempts >= maxAttempts) {
error = 'Exceeded ' + maxAttempts + ' attempts to get license count: ' + error;
break loopThroughPages;
}
} // end of try catch
if (result) pageToken = result.nextPageToken;
} while (pageToken);
if (!error) success = true;
return { success: success, error: error, count: count };
}
However, there still does not appear to be a way to get the maximum number available to the domain using this API.
Use CustomerUsageReports.
jay0lee is kind enough to provide the GAM source code in Python. I crudely modified the doGetCustomerInfo() function into Apps Script thusly:
function getNumberOfLicenses() {
var tryDate = new Date();
var dateString = tryDate.getFullYear().toString() + "-" + (tryDate.getMonth() + 1).toString() + "-" + tryDate.getDate().toString();
while (true) {
try {
var response = AdminReports.CustomerUsageReports.get(dateString,{parameters : "accounts:gsuite_basic_total_licenses,accounts:gsuite_basic_used_licenses"});
break;
} catch(e) {
//Logger.log(e.warnings.toString());
tryDate.setDate(tryDate.getDate()-1);
dateString = tryDate.getFullYear().toString() + "-" + (tryDate.getMonth() + 1).toString() + "-" + tryDate.getDate().toString();
continue;
}
};
var availLicenseCount = response.usageReports[0].parameters[0].intValue;
var usedLicenseCount = response.usageReports[0].parameters[1].intValue;
Logger.log("Available licenses:" + availLicenseCount.toString());
Logger.log("Used licenses:" + usedLicenseCount.toString());
return availLicenseCount;
}
I would recommend exploring GAM which is a tool that gives command line access to the administration functions of your domain.