wie sie office 365 mit windows azure steuern...
TRANSCRIPT
Wie Sie Office 365 mit Windows Azure steuern
Toni Pohl
Über mich
Ziel dieser Session
Agenda
Einsatzgebiete
Voraussetzungen
Authentifizierung und Identities
User Provisionierung Demo
Office 365 Demo
Einsatzgebiete, Delegation, Automation
Voraussetzungen
• Office 365 TenantEröffnen Sie einen freien 1-Monat Test:http://office.microsoft.com/
• Windows Azure90-Tage freier Test:http://www.windowsazure.com/de-de/pricing/free-trial/
• Visual Studio 2013
• Ein paar Bibliotheken…
Authentifizierung und Identities
Authentifizierung als
berechtigter Benutzer/App für
das jeweilige Service
Authentifizierung als
berechtigter Benutzer in
unserem Web Portal
Was darf der Benutzer in
unserer App?
Authentifizierunggegen WAAD/Office 365
Federated Authentication
App
STS
Authority
Resource
1. Request Token mit
App-ID + Secret oder
Username + Password
2. Get Token
3. Use Token
Live DemoASP.NET Web Projekt mit Office 365 Authentifizierung
ADAL for .net
• Active Directory Authentication Library (ADAL) v1 for .NET – General Availability! (Vittorio Bertocci)http://www.cloudidentity.com/blog/2013/09/12/active-directory-authentication-library-adal-v1-for-net-general-availability/
• Windows Azure Authentication Library (AAL) for Windows Store: a Deep Dive (Vittorio Bertocci)http://www.cloudidentity.com/blog/2013/04/22/windows-azure-authentication-library-aal-for-windows-store-a-deep-dive/
• ADAL 1.0 and Windows Store Apps (Alex Simons) – coming soonhttp://social.msdn.microsoft.com/Forums/en-US/faf520ce-1653-4eac-b398-c4bfcbc5c7fe/adal-10-and-windows-store-apps
11
Office 365Services verwenden
Wie auf Office 365 zugreifen?
• WAAD -> Graph API, PowerShell
• SPO -> CSOM, REST, PowerShell
• Exchange Online -> Managed API, PowerShell
• Lync Online -> SDK, PowerShell
13
Live DemoFernsteuerung von Office 365
Integrating Applications in Windows Azure Active Directory
15
Access Level Type Description
Single Sign-On
Default permission. The app is enabled for single sign-on with Azure AD,
and the user token will contain claims such as the user’s User Principal
Name, First and Last Name and unique identifiers.
Single Sign-On,
Read Directory Data
Single sign-on plus the ability to read directory data using the Graph
API. This allows querying of company, user and group information.
Single Sign-On,
Read and Write Directory Data
Single sign-on plus the ability to read and write directory data using the
Graph API. This allows querying and writing of company, user, and
group information, but does not allow deleting users or groups.
http://msdn.microsoft.com/en-us/library/windowsazure/b08d91fa-6a64-4deb-92f4-
f5857add9ed8.aspx#BKMK_AccessLevels
Was kann in Windows Azure verwendet werden?
Access method Azure Website
$
Azure Cloud Service
$$$
WAAD
Exchange EWS
Exchange PowerShell
SharePoint CSOM
SharePoint REST
SharePoint PowerShell
Lync SDK
Lync PowerShell
16
Zusammenfassung
• Verwenden Sie Federated Authorization (OAuth2)
• Verwenden Sie GraphAPI für WAAD Manipulationen
• Verwenden Sie Office 365 Services
• Entwicklen Sie tolle Lösungen mit Office 365!
Call 2 Action
• Laden Sie diese Präsentation und den Beispielcode:http://blog.atwork.at
• Interessiert an einer fertigen Office 365 Produktlösung?http://delegate365.com
18
DANKE!
& VIEL SPASS BEIM GET TOGETHER!
19
Toni Pohl
@atwork
Downloads:
blog.atwork.at
Graph API Links
• Windows Azure Graph APIhttp://code.msdn.microsoft.com/Graph-API-Authenticate-and-53c6cb92/view/SourceCode
• GraphAPI Explorerhttps://graphexplorer.cloudapp.net/
• MVC Sample App for Windows Azure Active Directory Graphhttp://code.msdn.microsoft.com/windowsazure/Write-Sample-App-for-79e55502
• Adding Sign-On to Your Web Application Using Windows Azure ADhttp://msdn.microsoft.com/en-us/library/windowsazure/dn151790.aspx
• Group & Role Claims: Use the Graph API …http://www.cloudidentity.com/blog/2013/01/22/group-amp-role-claims-use-the-graph-api-to-get-back-isinrole-and-authorize-in-windows-azure-ad-apps/
20
SharePoint Links
• SharePoint Online Management Shell (PS) http://www.microsoft.com/en-us/download/details.aspx?id=30359
• OAuth and remote apps for SharePointhttp://msdn.microsoft.com/en-us/library/office/apps/fp179932.aspx
• Office365ClaimsConnectorhttp://www.codeproject.com/Articles/637378/How-to-Create-a-Windows-8-App-for-SharePoint-Part
• OAuth authentication and authorization flow for apps that ask for access permissions on the fly in SharePoint 2013 http://msdn.microsoft.com/en-us/library/office/apps/jj687470.aspx
• Helper for:http://json2csharp.com/
21
Exchange Links
• Microsoft Exchange Web Services Managed API 2.0 http://www.microsoft.com/en-us/download/details.aspx?id=35371
• Getting started with the EWS Managed APIhttp://msdn.microsoft.com/en-us/library/dd633626(v=exchg.80).aspx
• Connect to Exchange Online Using Remote PowerShell http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx
22
Lync Links
• Lync 2013 SDK (only for WPF)http://www.microsoft.com/en-us/download/details.aspx?id=36824
• Windows PowerShell Module for Lync Onlinehttp://www.microsoft.com/en-us/download/details.aspx?id=39366
• Lync PowerShellhttp://blogs.office.com/b/office365tech/archive/2013/08/19/remote-powershell-for-lync-online.aspx
• Using Windows PowerShell to Manage Lync Onlinehttp://technet.microsoft.com/en-us/library/dn362831.aspx
23