Veranstalter:Goldpartner:
Wie Sie Office 365 mit Windows Azure
steuern können
Toni Pohl@atwork
MVP Client Development
Veranstalter:Goldpartner:
Über mich
Toni PohlCTO@[email protected]
atwork Vienna/Austriawww.atwork.at
Veranstalter:Goldpartner:
Ziel dieser Session
Veranstalter:Goldpartner:
Agenda
EinsatzgebieteVoraussetzungenAuthentifizierung und IdentitiesUser Provisionierung DemoOffice 365 Demo
Veranstalter:Goldpartner:
Einsatzgebiete, Delegation, Automation
Veranstalter:Goldpartner:
Voraussetzungen
• Office 365 TenantEröffnen Sie einen freien 1-Monat Test:http://office.microsoft.com/
• Windows Azure90-Tage freier Test:http://www.windowsazure.com/de-de/pricing/free-trial/
• Visual Studio 2013• Ein paar Bibliotheken…
Veranstalter:Goldpartner:
Authentifizierung und Identities
Authentifizierung als berechtigter Benutzer/App für das jeweilige Service
Authentifizierung als berechtigter Benutzer in unserem Web Portal
Was darf der Benutzer in unserer App?
Veranstalter:Goldpartner:
Authentifizierunggegen WAAD/Office 365
Veranstalter:Goldpartner:
Federated Authentication
App
STSAuthorit
y
Resource
1. Request Token mitApp-ID + Secret oder Username + Password
2. Get Token
3. Use Token
Achtung: STS Token <> STS Token!WAAD verwendet JSON Web Token (JWT), SharePoint SAML Token
Veranstalter:Goldpartner:
Live DemoASP.NET Web Projekt mit Office 365 Authentifizierung
Veranstalter:Goldpartner:
ADAL for .net• Active Directory Authentication Library (ADAL) v1
for .NET – General Availability! (Vittorio Bertocci)http://www.cloudidentity.com/blog/2013/09/12/active-directory-authentication-library-adal-v1-for-net-general-availability/
• Windows Azure Authentication Library (AAL) for Windows Store: a Deep Dive (Vittorio Bertocci)http://www.cloudidentity.com/blog/2013/04/22/windows-azure-authentication-library-aal-for-windows-store-a-deep-dive/
• ADAL 1.0 and Windows Store Apps (Alex Simons) – coming soonhttp://social.msdn.microsoft.com/Forums/en-US/faf520ce-1653-4eac-b398-c4bfcbc5c7fe/adal-10-and-windows-store-apps
11
Veranstalter:Goldpartner:
Office 365Services verwenden
Veranstalter:Goldpartner:
Wie auf Office 365 zugreifen?• WAAD -> Graph API, PowerShell• SPO -> CSOM, REST, PowerShell• Exchange Online -> Managed API,
PowerShell• Lync Online -> SDK, PowerShell
13
Veranstalter:Goldpartner:
Live DemoFernsteuerung von Office 365
Veranstalter:Goldpartner:
Integrating Applications in Windows Azure Active Directory
15
Access Level Type Description
Single Sign-On
Default permission. The app is enabled for single sign-on with Azure AD, and the user token will contain claims such as the user’s User Principal Name, First and Last Name and unique identifiers.
Single Sign-On, Read Directory Data
Single sign-on plus the ability to read directory data using the Graph API. This allows querying of company, user and group information.
Single Sign-On, Read and Write Directory Data
Single sign-on plus the ability to read and write directory data using the Graph API. This allows querying and writing of company, user, and group information, but does not allow deleting users or groups.
http://msdn.microsoft.com/en-us/library/windowsazure/b08d91fa-6a64-4deb-92f4-f5857add9ed8.aspx#BKMK_AccessLevels
Veranstalter:Goldpartner:
Was kann in Windows Azure verwendet werden?
Access method Azure Website$
Azure Cloud Service$$$
WAAD
Exchange EWS
Exchange PowerShell
SharePoint CSOM
SharePoint REST
SharePoint PowerShell
Lync SDK
Lync PowerShell
16
Veranstalter:Goldpartner:
Zusammenfassung• Verwenden Sie Federated
Authorization (OAuth2)• Verwenden Sie GraphAPI für WAAD
Manipulationen• Verwenden Sie Office 365 Services
• Entwicklen Sie tolle Lösungen mit Office 365!
Veranstalter:Goldpartner:
Call 2 Action• Laden Sie diese Präsentation und
den Beispielcode:http://blog.atwork.at
• Interessiert an einer fertigen Office 365 Produktlösung?http://delegate365.com
18
Veranstalter:Goldpartner:
Graph API Links
• Windows Azure Graph APIhttp://code.msdn.microsoft.com/Graph-API-Authenticate-and-53c6cb92/view/SourceCode
• GraphAPI Explorerhttps://graphexplorer.cloudapp.net/
• MVC Sample App for Windows Azure Active Directory Graphhttp://code.msdn.microsoft.com/windowsazure/Write-Sample-App-for-79e55502
• Adding Sign-On to Your Web Application Using Windows Azure ADhttp://msdn.microsoft.com/en-us/library/windowsazure/dn151790.aspx
• Group & Role Claims: Use the Graph API …http://www.cloudidentity.com/blog/2013/01/22/group-amp-role-claims-use-the-graph-api-to-get-back-isinrole-and-authorize-in-windows-azure-ad-apps/
19
Veranstalter:Goldpartner:
SharePoint Links
• SharePoint Online Management Shell (PS) http://www.microsoft.com/en-us/download/details.aspx?id=30359
• OAuth and remote apps for SharePointhttp://msdn.microsoft.com/en-us/library/office/apps/fp179932.aspx
• Office365ClaimsConnectorhttp://www.codeproject.com/Articles/637378/How-to-Create-a-Windows-8-App-for-SharePoint-Part
• OAuth authentication and authorization flow for apps that ask for access permissions on the fly in SharePoint 2013 http://msdn.microsoft.com/en-us/library/office/apps/jj687470.aspx
• Helper for:http://json2csharp.com/
20
Veranstalter:Goldpartner:
Exchange Links
• Microsoft Exchange Web Services Managed API 2.0 http://www.microsoft.com/en-us/download/details.aspx?id=35371
• Getting started with the EWS Managed APIhttp://msdn.microsoft.com/en-us/library/dd633626(v=exchg.80).aspx
• Connect to Exchange Online Using Remote PowerShell http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx
21
Veranstalter:Goldpartner:
Lync Links
• Lync 2013 SDK (only for WPF)http://www.microsoft.com/en-us/download/details.aspx?id=36824
• Windows PowerShell Module for Lync Onlinehttp://www.microsoft.com/en-us/download/details.aspx?id=39366
• Lync PowerShellhttp://blogs.office.com/b/office365tech/archive/2013/08/19/remote-powershell-for-lync-online.aspx
• Using Windows PowerShell to Manage Lync Onlinehttp://technet.microsoft.com/en-us/library/dn362831.aspx
22
Veranstalter:Goldpartner:
FRAGEN?
Veranstalter:Goldpartner:
Vielen Dank!Toni Pohl@atwork
Ich freue mich auf Ihr Feedback!