Can I use Microsoft Office PartnerCenter SDK for customer admin level instead of CSP level? - c#

Using Microsoft PartnerCenter SDK, I m trying to login to a Customer Admin level through my application. Is that possible ?
I have already used the same SDK for CSP level with success in another application, allowing the CSP to add customer in their PartnerCenter.
Suppose this CSP has created a customer, what I want in this application now is to login in that customer admin account using its username and password and perform operations (like create a new user or assign some licenses to some user). By the way, These operations are perform-able on Admin Portal.
Remember, I only have credentials for the admin account of a single customer of that CSP.
So, does this SDK allow me to login using credentials of a cloud reseller instead of a CSP or their are some other APIs for admin operations ?

Related

How to create programmatically an AWS Console enabled user

I'm trying to add programmatically a "working" AWS account via API.
Actually I'm performing this operations:
Authentication
CreateUser (login)
CreateLoginProfile (password)
When I go on "AWS" console I get an error an if I look to the Accounts linked to the Organization I can't find my new account.
But if I go on https://console.aws.amazon.com/iam/home#/home the user is there.
Do I'm missing something? Is there any difference between USER and ACCOUNT?
Of course USER and ACCOUNT are different. An account contains users and other resources (S3 bucket, EC2 instance).
If you want to create new AWS account, you need to use Organizations API.
See:
create-account in the AWS CLI
CreateAccount documentation

Azure Active Directory sign in with Microsoft Account

I'm using this sample https://github.com/Azure-Samples/active-directory-dotnet-native-headless
Many of the samples, this one inclusive, say:
This sample will not work with a Microsoft account, so if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now.
When I log in with my Microsoft account, the exception I get is:
AADSTS50020: User account '{mymicrosoftaccount}#{domain.com}'
from identity provider 'https://sts.windows.net/00000000-0000-0000-0000-000000000000/'
does not exist in tenant '{my-tenant}' and cannot access the application
'00000000-0000-0000-0000-000000000000' in that tenant.
The account needs to be added as an external user in the tenant first.
Sign out and sign in again with a different Azure Active Directory user account.
What would I need to do to allow logging in with my Microsoft account? At the moment, my authority is https://login.microsoftonline.com/{mytenant} Would I have to provide the user with an option to log in with a Microsoft Account, or the Active Directory account. If so, what authority do I use to allow logins with Microsoft Accounts?
Can you try making your app a multi tenant app and then login using your Microsoft credentials to https://login.microsoftonline.com/common
See if this link is helpful. https://azure.microsoft.com/en-us/documentation/articles/active-directory-add-domain/
The authority is fine.In order to enable login for a user with Microsoft account you need to select "User in another Microsoft Azure AD directory" in the add user window in the tenant on https://manage.windowsazure.com.

Dynamics CRM Online Trial - add user

I am able to access a trial instance without issue. I've added another user though the office 365 portal, they have a professional license. In CRM, I've given them the system admin role. When they login, that user only has the 'Dashboards' section available under Sales and Marketing, but can get to all the Settings items. I've tried to assign accounts to them, but when I do that, I get a message stating they don't have permissions to be assigned records (yet they're sys admin). On the Sales and Marketing dashboards, all the sections state that the user doesn't have permissions. Other than setting them up in the office portal and giving them a role in CRM what else can I do?
Needed to set Access Mode = read/write on the user record in CRM (not in O365)

Access user accounts in a domain without administrator rights

I am making a very simple marketplace app using the new SDK (Oauth 2.0). One of the steps would be to automatically invite team members for a closed group so I would need access to team members (users in same domain) from the user that is starting the process going through the default "navigator icon in google navigation menu".
This is working fine, however it is only working for administrators (tried with both Directory API and Profiles data API).Is there a way to simply "read" the email from users without needing to have administrator rights? It seems quite an overkill to ask a user to be administrator just for the purpose of being able to invite his team members.
These email addresses are in the user contact list for example, when writing an email they are automatically there so it shoulnt be much of permission problem I guess. can anyone help a bit on how I can accomplish this? Maybe a different API that I have not found?
Very much appreciated,
Best regards,
Joao Garin
You can use "Service Accounts" to access the Directory API on behalf of the Administrator when any user accesses the App.
The Drive API has a really good set of samples here - https://developers.google.com/drive/delegation
This same technique will work with Admin SDK. The end result is the auth is not made on behalf of the user at the keyboard but as an authorized Service Account. This Service Account is authorized by the admin at the time of install.

Verify windows log-in via smart card

Hi I need to verify in my WPF application if the user log in to his computer via password or via smart-card.
Both login options are available in my company clients but my application need to open only in the smart-card login.
All the clients are windows 7 OS.
I look at some sites:
http://technet.microsoft.com/en-us/library/ff404285(v=ws.10).aspx
http://www.codeproject.com/Articles/240655/Using-a-Smart-Card-Certificate-with-NET-Security-i
and I'm thinking I need to get the enhanced key usage (EKU) attribute field.
If the EKU is empty => then the user was loged via password and not via smartcard.
I only need this simple check, I do not care for creating/validations on certificates atc.
Windows doesn't record what certificate was used to logon so you can't check the EKU, nor does Windows record what type of credentials were used so there isn't a simple solution. I have a a couple of suggestions:
Option 1: Use Authentication Mechanism Assurance to add an extra group membership to the user’s access token when they log on with a smart card, and set up your app to require that group membership. This requires a domain at to Windows Server 2008 R2 functional level.
Option 2: Implement a credential manager and use the NPLogonNotify callback to check for KERB_INTERACTIVE_LOGON with a KERB_LOGON_SUBMIT_TYPE of KerbSmartCardLogon, then record that somewhere for your app to check.

Resources