Wie Sie Office 365 mit Windows Azure steuern

Toni Pohl, MVP Client Development

Über mich

Toni PohlCTO

atwork Vienna/Austriawww.atwork.at

@atworktp@atwork.at

Ziel dieser Session

Agenda

EinsatzgebieteVoraussetzungenAuthentifizierung und IdentitiesUser Provisionierung DemoOffice 365 Demo

Einsatzgebiete, Delegation, Automation

Voraussetzungen

• Office 365 TenantEröffnen Sie einen freien 1-Monat Test:http://office.microsoft.com/ • Windows Azure

90-Tage freier Test:http://www.windowsazure.com/de-de/pricing/free-trial/ • Visual Studio 2013• Ein paar Bibliotheken…

Authentifizierung und Identities

Authentifizierung als berechtigter Benutzer/App für das jeweilige Service

Authentifizierung als berechtigter Benutzer in unserem Web Portal

Was darf der Benutzer in unserer App?

Authentifizierunggegen WAAD/Office 365

Federated Authentication

App

STSAuthorit

y

Resource

1. Request Token mitApp-ID + Secret oder

Username + Password 2. Get Token

3. Use Token

Live DemoASP.NET Web Projekt mit Office 365 Authentifizierung

ADAL for .net

• Active Directory Authentication Library (ADAL) v1 for .NET – General Availability! (Vittorio Bertocci)http://www.cloudidentity.com/blog/2013/09/12/active-directory-authentication-library-adal-v1-for-net-general-availability/ • Windows Azure Authentication Library (AAL) for Windows Store: a Deep

Dive (Vittorio Bertocci)http://www.cloudidentity.com/blog/2013/04/22/windows-azure-authentication-library-aal-for-windows-store-a-deep-dive/ • ADAL 1.0 and Windows Store Apps

(Alex Simons) – coming soonhttp://social.msdn.microsoft.com/Forums/en-US/faf520ce-1653-4eac-b398-c4bfcbc5c7fe/adal-10-and-windows-store-apps

11

Office 365Services verwenden

Wie auf Office 365 zugreifen?

• WAAD -> Graph API, PowerShell• SPO -> CSOM, REST, PowerShell• Exchange Online -> Managed API, PowerShell• Lync Online -> SDK, PowerShell

13

Live DemoFernsteuerung von Office 365

Integrating Applications in Windows Azure Active Directory

15

Access Level Type Description

Single Sign-On

Default permission. The app is enabled for single sign-on with Azure AD, and the user token will contain claims such as the user’s User Principal Name, First and Last Name and unique identifiers.

Single Sign-On, Read Directory Data

Single sign-on plus the ability to read directory data using the Graph API. This allows querying of company, user and group information.

Single Sign-On, Read and Write Directory Data

Single sign-on plus the ability to read and write directory data using the Graph API. This allows querying and writing of company, user, and group information, but does not allow deleting users or groups.

http://msdn.microsoft.com/en-us/library/windowsazure/b08d91fa-6a64-4deb-92f4-f5857add9ed8.aspx#BKMK_AccessLevels

Was kann in Windows Azure verwendet werden?Access method Azure Website

$Azure Cloud Service

$$$

WAAD

Exchange EWS

Exchange PowerShell

SharePoint CSOM

SharePoint REST

SharePoint PowerShell

Lync SDK

Lync PowerShell

16

Zusammenfassung

• Verwenden Sie Federated Authorization (OAuth2)• Verwenden Sie GraphAPI für WAAD Manipulationen• Verwenden Sie Office 365 Services

• Entwicklen Sie tolle Lösungen mit Office 365!

Call 2 Action

• Laden Sie diese Präsentation und den Beispielcode:http://blog.atwork.at

• Interessiert an einer fertigen Office 365 Produktlösung?http://delegate365.com

18

DANKE! & VIEL SPASS BEIM GET TOGETHER!

19

Toni Pohl@atwork

Downloads:blog.atwork.at

Graph API Links• Windows Azure Graph API

http://code.msdn.microsoft.com/Graph-API-Authenticate-and-53c6cb92/view/SourceCode

• GraphAPI Explorerhttps://graphexplorer.cloudapp.net/

• MVC Sample App for Windows Azure Active Directory Graphhttp://code.msdn.microsoft.com/windowsazure/Write-Sample-App-for-79e55502

• Adding Sign-On to Your Web Application Using Windows Azure ADhttp://msdn.microsoft.com/en-us/library/windowsazure/dn151790.aspx

• Group & Role Claims: Use the Graph API …http://www.cloudidentity.com/blog/2013/01/22/group-amp-role-claims-use-the-graph-api-to-get-back-isinrole-and-authorize-in-windows-azure-ad-apps/

20

SharePoint Links

• SharePoint Online Management Shell (PS) http://www.microsoft.com/en-us/download/details.aspx?id=30359• OAuth and remote apps for SharePoint

http://msdn.microsoft.com/en-us/library/office/apps/fp179932.aspx• Office365ClaimsConnector

http://www.codeproject.com/Articles/637378/How-to-Create-a-Windows-8-App-for-SharePoint-Part • OAuth authentication and authorization flow for apps that ask for access

permissions on the fly in SharePoint 2013 http://msdn.microsoft.com/en-us/library/office/apps/jj687470.aspx • Helper for:

http://json2csharp.com/

21

Exchange Links

• Microsoft Exchange Web Services Managed API 2.0 http://www.microsoft.com/en-us/download/details.aspx?id=35371• Getting started with the EWS Managed API

http://msdn.microsoft.com/en-us/library/dd633626(v=exchg.80).aspx • Connect to Exchange Online Using Remote PowerShell

http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx

22

Lync Links

• Lync 2013 SDK (only for WPF)http://www.microsoft.com/en-us/download/details.aspx?id=36824• Windows PowerShell Module for Lync Online

http://www.microsoft.com/en-us/download/details.aspx?id=39366• Lync PowerShell

http://blogs.office.com/b/office365tech/archive/2013/08/19/remote-powershell-for-lync-online.aspx • Using Windows PowerShell to Manage Lync Online

http://technet.microsoft.com/en-us/library/dn362831.aspx 23