Wednesday, June 22, 2016

EWS: How to "spoof" an e-mail in your Inbox without sending it

A few weeks ago I was looking for a way to "spoof" an e-mail in my Inbox using EWS. The e-mail would be to and from users other than myself. Without going into too much detail, the reason for this was I wanted to use my Exchange Inbox as a place to store messages for a group of people, even if I wasn't a sender or recipient of the message, and I didn't want the users to receive these e-mails that I was storing.

I was unlucky then, but yesterday when researching another topic I found the answer in this Microsoft article, How to: Import items by using EWS in Exchange! I hope the wording in the blog post grabs people that are looking for the same thing that I was. I never would have found the above mentioned article from how I was searching in the first place.

The trick is setting a specific property on the EmailMessage that makes it not appear as a Draft before Saving it in my Inbox.


EmailMessage email = new EmailMessage(_ewsService);
// Indicate that this email is not a draft. Otherwise, the email
// will appear as a draft to clients.
ExtendedPropertyDefinition PR_MESSAGE_FLAGS_msgflag_read = new
     ExtendedPropertyDefinition(3591, MapiPropertyType.Integer);
email.SetExtendedProperty(PR_MESSAGE_FLAGS_msgflag_read, 1);
// Set To/From properties to whatever I like
email.From = new EmailAddress("santaclause@northpole.edu");
email.ToRecipients.Add(new
     EmailAddress("easterbunny@greenacres.com");
email.Body = new MessageBody(BodyType.Text, "Hey, need a hand hiding
     candy this year? -S.C.");
email.Save(WellKnownFolderName.Inbox);


What appears is an e-mail in my inbox from Santa Clause to the Easter Bunny. It looks like a normal e-mail not a Draft that I'm working on. The only odd thing (other than it's an e-mail in my Inbox and I'm not a recipient) is that it doesn't appear as an unread e-mail. It looks like an e-mail that I've already read by default.

References

Thursday, June 16, 2016

Developing OAuth with Skype Web SDK: admin pre-requisites

This blog post will cover the system-level steps an Office 365 administrator needs to do in order to "turn on" the Skype Web SDK functionality for code being written with OAuth authentication. Some of these steps may sound familiar if you've read the previous post "UCWA 2.0 and Skype for Business online: Create an Azure AD application". What you will need to accomplish this task is the Sign-on URL and Reply URL for the web application that will be using OAuth and Skype Web SDK. If you're unsure of either of these talk with the developer that will be configuring the web application.

Link Azure and Office 365 accounts together

This step is outside the scope of this article, but it is worth noting. This Microsoft reference "Set up your Office 365 and Azure AD tenant" provides more information.

Create an Azure AD application

To start, this step will be a modified version of the directions from Microsoft's page "Registering your application in Azure AD".  Follow the directions from both sections, register your application with Azure AD and configure your app for OAuth implicit grant flow.

After provisioning the application in step 6, be sure to configure the application's Reply URL. This step isn't mentioned in the Microsoft directions. Another modification is at step 9 under registering your application, select as many of the delegated permissions as desired. For example, the permission "Read and manage Skype for Business user contacts and groups" is required to add or edit contacts and groups in the buddy list. At step 10, do not configure your application to be multi-tenant if it doesn't need to be.

After the above steps are completed, some values from the configuration page should be stored for yourself and others. Any developer or application that will be using the Skype Web SDK will need to know the Client ID and have a Key. To generate a Key, select a duration and save the changes. The Key will appear once it is saved.

Tenant admin consent

Microsoft explains this section best, from their reference "Developing Web SDK applications for Skype for Business Online",
The Skype for Business Online permissions are tenant administrator consent only. For an app to be used by all users of an O365 tenant, a tenant administrator must provide consent. To provide consent for all users in the tenant, construct the following URL for your app as shown in the example below.
Note: update the Client ID and Reply URL (redirect URI) for your app.

https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token
    &client_id= ...
    &redirect_uri=https://app.contoso.com/
    &response_mode=form_post
    &resource=https://webdir.online.lync.com
    &prompt=admin_consent

After the admin grants consent for the tenant, Microsoft will attempt to redirect you to the Reply URL. If you enter the wrong Reply URL, after the admin gives consent a Microsoft error page will appear and in the tiny error message at the bottom it will say, the reply address 'your Reply URL' does not match the reply addresses configured for the application: your Client ID. If the web app is not running at that time, you will see a browser "ERR_CONNECTION_REFUSED" error.

References

https://blogs.msdn.microsoft.com/onenotedev/2015/04/30/set-up-your-office-365-and-azure-ad-tenant/#AssociateO365FromAzure

https://msdn.microsoft.com/en-us/library/office/mt592709(v=office.16).aspx

https://msdn.microsoft.com/en-us/skype/websdk/developwebsdkappsforsfbonline