The blog of Wictor Wilén

  • SharePoint Online: App Only policy PowerShell tasks with ACS

    Tags: SharePoint, Office 365, PowerShell, Apps

    Here’s a little nugget that I’ve planned to blog about for some time, that I needed today for a small task. I needed to do a background job to SharePoint Online that at a scheduled interval downloads list data, process them and optionally updates some data in my site. This can of course be done by creating an executable storing username and password combos, and with the help of the TokenHelper.cs class from the App for SharePoint Web Toolkit NuGet package and some stored username and password combos we can make the Auth pieces quite easy. I don’t like that approach. There’s two big drawbacks with that approach. The first one is storing the username and password – we can solve that with an AppOnly policy, which I blogged about in the SharePoint 2013: Using the App Only policy and App Principals instead of username and password combos post. The second issue is that I very much prefer to script these kind of tasks, it makes it more flexible. Problem with that approach is that we need to manually do the Auth pieces. But from now on you just copy and paste from this post.

    Creating the App Principal

    In order to create our PowerShell script we need to create an App for it. This step is exactly the same as we did in the blog post mentioned above. But let’s repeat it. Note! I do use the traditional way of registering apps in this scenario using ACS – I do not use an Azure AD app. The reason for this is I want every Site Collection admin to be able to script like this. Azure AD apps requires way to much permissions for the normal user.

    imageIn your site collection, navigate to /_layouts/15/appregnew.aspx. Click on both Generate buttons, so that you get one Client Id and one Client Secret. Next enter a Title, an App Domain and the Redirect URI. The App Domain and Redirect URI can be basically anything in this scenario. Then click Create to create the App Principal. On the next screen you will get all the details of your App. Copy and paste that data so you don’t loose it.

    Next head on over to /_layouts/15/appinv.aspx. Paste your Client Id in the App Id (Microsoft has never been good in naming conventions) text box and click Lookup. This will retrieve the rest of the app details. Since we will not have any UI or install any App we need to manually ask for permissions and then grant the permissions. What we do is that we create a permission request XML. Depending on your requirements your XML may be different from the one below. The following permission request XML asks for Full Read permissions on the whole web.

    <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest
        Scope="http://sharepoint/content/sitecollection/web"
        Right="Read"/>
    </AppPermissionRequests>

    Note the AllowAppOnlyPolicy=”true” attribute – that one is the key to allowing the App to run without username and password. Once you paste the XML into the permission request XML textbox and then click on Create. You will see the Trust screen for your app. Make sure the permission request is what you expect and if so, click on Trust it!.

    Auth in PowerShell

    Now, let’s get to the core of this post and let’s create a PowerShell script that uses this app to read items from a list. I split it up in a few different parts to make it easier to follow. In the end of the post you will get a link to the full code sample.

    Defining some constants

    Let’s start by defining some constants:

    $clientId = "16119847-8ac7-4a3a-a2e5-18debd9fc9d2"
    $secret = "KuZj5UD22oy2.....=";
    $redirecturi = "https://localhost"
    
    $url = "https://tenant.sharepoint.com/sites/thesite/"
    $domain = "tenant.sharepoint.com"
    $identifier = "00000003-0000-0ff1-ce00-000000000000"
    
    

    The $clientId, $secret and $redirecturi are copied directly from the results of my app registration. The $url parameter is the URL of the site where I registered the app, and $domain is just the server part of that URL. Finally the $identifier is a static Guid value, which represents SharePoint (Exchange, Lync, Workflow etc has their own Id’s).

    Retrieving the Realm

    The next step is to retrieve the Realm or Tenant Id. You might already know this or you might just run these commands once and store it as a static variable.

    $realm = ""
    $headers = @{Authorization = "Bearer "} 
    try { 
        $x = Invoke-WebRequest -Uri "$($url)_vti_bin/client.svc" -Headers $headers -Method POST -UseBasicParsing
    } catch {
        #We will get a 401 here
          $realm = $_.Exception.Response.Headers["WWW-Authenticate"].Substring(7).Split(",")[0].Split("=")[1].Trim("`"")
    }
    

    What we do here is to send a request to the client.svc endpoint and actually expect to get thrown a 401 back. When we get the 401 we’ll locate the WWW-Authenticate headers and retrieve the Realm property. Yea, that PoSh line could be a bit more prettier and failsafe, but it works on my machine.

    Retrieving the access token

    When we have the realm we can create the authorization code. This is how we combine all our variables into an authorization code:

    [System.Reflection.Assembly]::LoadWithPartialName("System.Web") | Out-Null
    $body = "grant_type=client_credentials"
    $body += "&client_id=" +[System.Web.HttpUtility]::UrlEncode( $clientId + "@" + $realm)
    $body += "&client_secret=" +[System.Web.HttpUtility]::UrlEncode( $secret)
    $body += "&redirect_uri=" +[System.Web.HttpUtility]::UrlEncode( $redirecturi)
    $body += "&resource=" +[System.Web.HttpUtility]::UrlEncode($identifier + "/" + $domain + "@" + $realm)
    

    Let’s walk this through. First of all I load the System.Web assembly, if you run this as a scheduled task this assembly is not loaded in your app domain, compared to when running it in PowerShell ISE for instance, and we need that assembly for some encoding.

    The actual authorization code starts with a grant_type which we set to the static variable of client_credentials, which means that we do not pass any user credentials or refresh tokens. Client_Id is not exactly the same Client Id as above, here we need to append “@” and the realm to scope the request to our tenant. The Client secret and redirect Uri is the same as when creating the app. Finally we have the resource token which is a combination of the SharePoint identifier, the domain and the realm. Note that if you’re targeting the anything in a Personal Site, you not only have to update the $url variable but also the $domain variable.

    We send all this data to the Azure Access Control Services (ACS), remember we did not use Azure AD, endpoint like this:

    $or = Invoke-WebRequest -Uri "https://accounts.accesscontrol.windows.net/$realm/tokens/OAuth/2" `
        -Method Post -Body $body `
        -ContentType "application/x-www-form-urlencoded"
    $json = $or.Content | ConvertFrom-Json
    
    When invoking the endpoint, using our authorization code above, we will get a JSON formatted string back. We convert this string into an object using ConvertFrom-Json.

    Use the access token

    Finally we can use the result from the ACS endpoint and get our access token which we’ll pass into the REST end point (as an Authorization Bearer token) of the site where we want to do operations.

    $headers = @{
        Authorization = "Bearer " + $json.access_token;
        Accept ="application/json"
    } 
    
    Invoke-RestMethod -Uri "$($url)_api/lists/GetByTitle('Documents')/Items" -Method Get -Headers $headers
    

    Summary

    That wasn’t to hard right? All we needed to know was the basic process of OAuth 2.0 and know how to create and pars the requests and responses. The full code sample can be found here: https://gist.github.com/wictorwilen/db67725a66a3e40789e3

  • Finally time for another SSUG meeting in Stockholm

    Tags: User Group, SharePoint

    It’s been way to long since we had a Sweden SharePoint User Group meeting in Stockholm, but the wait is now over.

    On the 26th of February we are all invited to the local Microsoft offices to learn more about SharePoint. Specifically this evening we will be able to hear from Erwin van Hunen, who will talk about the Office 365 Patterns and Practices project. We will also be able to hear from Microsoft about their Hybrid OneDrive for Business experiences. If this doesn’t get you fired up, then what would!

    We are limited to 100 seats, but have a waiting list. You can sign up for the event, starting at 12:00 today (2015-02-11) at the following link:

    https://www.eventbrite.com/e/ssug-mote-stockholm-26e-februri-2015-biljetter-15723746148

    Remember. If you register and don’t plan to show up, please unregister so someone else can take your place. If you don’t unregister, then we’ll call you out on the meeting!

    See you all there!

  • Joining Avanade

    Tags: Personal, Business

    AvanadeI’m very excited and glad to announce that this is my last day at Connecta/Acando and starting on Monday I will be joining the Avanade forces here in Sweden. I will take the role as the Collaboration lead, continuing my passion for SharePoint and the future of collaboration on the Microsoft stack.

    Joining Avanade and in this role seems like one of the most exciting things I could do at the moment. We’re standing on the brink of huge changes going on in our collaborative environments. Cloud, devices, services, security and identity – there’s so many things going on right now and there’s so many things to think about, plan for and execute on.  Also Avanade, being such a global company but being fairly small here in Sweden, brings a lot of opportunities on the table for me and my future customers. I’m looking forward to expanding and building the Collaboration team here in Sweden in combination with the Nordic and global teams – and build the best Collaboration delivery team on the Microsoft platform! If you want to be a part of this, then just ping me!

    The last five years has been a great ride with Connecta. I need to thank my colleagues for all the inspiring moments. And I also need to thank my former managers who believed in me and allowed me to aim for and pass the MCM, MCA and MCSM certifications! And good luck with the Acando deal – you’ll need it, and don’t let the Google clone droids assimilate all of you…

    That’s it for now – 2015 will be a great adventure, and you can if you want to join me in it!

  • Summing up the year of 2014 and embracing 2015

    Tags: Personal, SharePoint, Microsoft Azure, Office 365, SharePoint 2013

    The time has come for me to do, as I’ve done now for eight years (2013, 2012, 2011, 2010, 2009, 2008, 2007 and 2006), my annual post to sum up the year. It is always fun to look back to what happened the past 12 months. This past year has been a somewhat “in-betweeners” year.

    We (me, my clients, colleagues etc.) are standing on the edge of something big and the bridge over to the other side is really, really long. Some hesitate to pass the bridge, thinks it is to steep down, some people are running across it in fear, some take it just easy and some pass it half-ways and then stalls there not knowing which direction to go. Microsoft has already passed the bridge to the other side, they ran as fast as they could. But, they dropped so many things on the way over, things that I and others need to pick up and fix and very often even remind Microsoft that they dropped it at all!

    Confusing – yes, stressing – hell yea, annoying – yup, new opportunities – oh YEA, wanting to go back – nope!

    Writing

    I think I hit an all-time low in blog postings this year. Not that it has been so little to write, rather that I’ve been having to little time. I have a bunch of posts in the works, that never has been published, due to various reasons.

    According to my telemetry this is what you peeps liked this year:

    I’m really glad that the last two of those posts ended up that high. Really liked working those scenarios out.

    Speaking

    I’ve been fortunate to be invited to a number of conferences the past year as well. The highlight of course is the SharePoint Conference 2014, where I had a total of three sessions. The most awesome experience from that conference was when the room after one of my sessions were empty and people stayed for an hour and a half just asking questions!

    See you in May at the new Microsoft Ignite conference. You can keep up to date on my past and future presentations on this page.

    MVP

    For the fifth time I was awarded the Microsoft MVP Award for my community contributions. Always an honor and passing the five year mark was a bit special.

    Predictions

    Each year I try to predict what is going to happen to us and our business in the future. Last year I talked a lot about SharePoint being a service (six years after the SharePoint Services announcement at PDC08), Azure dominating the cloud space and Microsoft focusing everything on Services. SharePoint may not yet be dead, this product has more lives than a cat. Azure is still growing faster than I can keep up with and I like it! And the Services piece – I think this is the most important of all my predictions last year. Microsoft is focusing on owning the services and the data – the device, product etc. is not the top prio. Take a look at the Microsoft Band – an awesome device but the service behind it is what makes the big difference, no other vendor is even close to competing in that space.

    So, 2015, what will happen? I think I stick to my Services, services, services prediction. 2015 is all about the services! I’ll leave it to that. If you don’t understand how the services will change our business you better look for a career change.

    What’s next?

    I have to admit that 2014 was not one of my favorite years, due to multiple reasons. I’ve been pretty tired of this whole “SharePoint & Office 365” situation and it has taken me some deep reflections and analysis to get my inspiration back. But 2015 will be a really interesting year. Too keep you on the hook a little bit more, head back to this blog on Friday!

    Happy New Year!

    I whish all of you a Happy New Year and I hope that your 2015 will be an awesome ride!

  • Solved: Shutting down VMWare Workstation Virtual Machines on Windows 10 Tech Preview

    Tags: VMWare, Windows 10

    Here’s a quick tip/solution on how to shut down your VMWare Workstation 10 and 11 Virtual Machines if you’re using the Windows 10 Tech Preview (basically all builds, but only tested on 9879).

    Currently if you’re using Windows 10 Tech Preview as your host operating system and if you’re trying to shut down a VMWare Workstation Virtual Machine you will crash Windows 10, and potentially corrupt your machine and virtual machines. You’ll see a Blue Screen of Death with a DPC_WATCHDOG_VIOLATION exception.

    I take no credit for this solution, all goes to piccolonicky, who found out the way to properly shut down the VM’s.  But I share it here so that those who reads this blog (mum?) and suffers from the same issue more easily can find the answer.

    The whole idea is to fake a system shutdown of your host OS. This can be done by using the Logo Testing Tools for Windows, which contains a small utility called Restart Manager (RMTool.exe). This tool can send a system shutdown signal to a process (identified using the PID), and for a VMWare (vmware-vmx.exe) process it will shut your VM down, properly.

    This is how you can do shut down all your VM’s using a line of PowerShell:

    get-process | ?{$_.Name -eq "vmware-vmx"} 
    | % {& 'C:\Program Files (x86)\Microsoft Corporation\Logo Testing Tools for Windows\
    Restart Manager\AMD64\RMTool.exe' -p $_.Id -S -F}
    

    This sends the Force (-F) Shutdown Application (-S) signal to the process (-p) identified using the PID.

    Shutting down the VMWare processes

    So, no need to revert to Windows 8.1 or earlier.

    Merry Christmas to you all, especially to piccolonicky!

  • Office Web Apps Server will only be available for Volume License customers shortly

    Tags: Office Web Apps

    Office Web AppsToday the Office Updates blog added a new blog post titled “Web Apps Server Removal from Download Center”. The contents of that blog post is short:

    As of 11-24-2014 Office Web Apps Server will be removed from the Microsoft Download Center.  At that time it will only be available for download under Volume Licensing agreements.  For more information please visit the site Volume Licensing Service Center.

    Office Web Apps Server, used by SharePoint, Exchange and Lync to view, preview and edit Office documents is and has been one of the key features/add-ons of these products and allows for browser based editing and collaboration. It has up until now been available as a free download, free from licensing for reading but requiring Office client licensing for editing.

    So from the 24th of November you will not be able to download Office Web Apps Server (WAC) from the Microsoft Download center. To download it you will be required to have a Volume License agreement with Microsoft and you will only be able to download it from the Volume Licensing Service Center.

    Why this move? I don’t know. I will try to find out though… This will most likely cause a annoyances for developers and when testing, but I assume that most organizations using WAC likely have a Volume License agreement anyways. What do you think?

    [Update 2014-10-29]: The original blog post has been updated with a small FAQ. The interesting things to note there is that for evaluation there will still be a downloadable copy for MSDN subscribers, and “EXISTING [my emphasis] Web Apps Server installations will continue to be licensed for viewing”. That leaves us with the question – will Office Web Apps Server NOT be free for viewing from now on?

  • SharePoint MVP AMA on October 29th

    Tags: SharePoint, Office 365

    You should mark the 29th of October at 1pm EST (18:00 CET) in your calendar. The MVP Chats are back!

    A couple of years back we regularly held MVP chats where anyone could ask SharePoint MVPs anything (almost at least). These chats was really successful and we received really good feedback. Unfortunately the tool we used for the chats was abandoned and we have been looking for a new way to do this. We think we’ve found a really interesting format for this by using the AMA format at Reddit (/r/sharepoint).

    [Update 2014-10-29]: The thread is located here: http://www.reddit.com/r/sharepoint/comments/2kojof/ama_time_we_are_a_bunch_of_microsoft_mvps_for/

    There will be at least fifteen SharePoint MVP’s answering YOUR questions so feel free to tune it the 29th. We will try to make sure that at least one MVP answers your question, the ones most skilled in the topic of the question, and we’ll make sure that not everyone answers it (which normally is an issue with forums like this).

    We will have experts from infrastructure, to design, to development, to no-code (all definitions of that!) solutions and more, for both SharePoint and Office 365 This will be a great opportunity for all of you to finally get that hard question answered.

    If this turns out to be a successful event I’m pretty sure we will do it again! And to get as much questions as possible, spread the word and use the hashtag #spmvpchat.

  • Speaking at Share-The-Point Southeast Asia 2014

    Tags: Conferences, SharePoint, Microsoft Azure

    See you there!I’m so excited to be once again going to Singapore and speak at the Share-The-Point Southeast Asia 2014, held November 25-26 2014. It is one of my favorite conferences and this will be my third time in the awesome country and city of Singapore! Everything is just great about this; the people, the speakers, the attendees, the city, the food – you name it!

    This year I will have two sessions:

    • Using Microsoft Azure for your SharePoint and Office Apps
      One of my personal favorite sessions, scenario based and packed with demos showing you tips and tricks, awesome Azure features and lots of code.
    • Building out your SharePoint Infrastructure using Azure
      Another really interesting session where I’ll walk you through the pros and cons, the do’s and don’ts of hosting your SharePoint infrastructure in Azure.

     

    If you are planning to be close to Singapore during those days you should make sure to get your conference passes as soon as possible! OR, if you have trouble convincing your boss about what you and your company will miss if you bail out of this, leave a comment (with your e-mail) and the first three persons will get a free pass (full attendance to the 2 day event, including catering and access to the exhibition area and all sessions) – what are you waiting for?

  • Presenting the new Office 365 APIs at TechDays in Sweden

    Tags: Presentations, Office 365

    TechDays 2014I’m thrilled to be presenting at TechDays 2014 in Stockholm the 19-20 November. This is the 5th time the TechDays conference is held here in Sweden and I know that this years edition will be even more awesome than the previous times. As usual the best speakers from Sweden will be there and some international really interesting speakers, such as the well-known Mary Jo Foley.

    I will be presenting a session about the new and interesting Office 365 APIs. We will walk through what these new APIs do, what they can be used for, how to do authentication and why you should invest your time in these APIs. It will be a developer focused session and we will look at code as much as possible – and we will have as much fun as possible.

    I really look forward to meeting you there, and if you’re not already booked, then head on over to your manager and say that if he or she doesn’t send you to TechDays, then you will in the wake of your competitors. Oh, and by the way, don’t miss out on the early bird offer which is valid until the last of august.

  • The SharePoint Team is listening - make your voice heard

    Tags: SharePoint 2013, Office 365, Microsoft

    There’s a lot of stuff happening right now at Microsoft, they innovate, create great software and services, the new CEO accepts and wins almost all challenges and the SharePoint and Office team is listening! This is the Microsoft that I like and this is how I want Microsoft to continue to be. But Microsoft and the SharePoint team can’t just listen in blind – they listens to us out here in the real world, customers, clients etc. and we need to make our voice heard. This can be done in several ways, we can talk to our Microsoft representatives, we can whine on our blogs and on social networks OR we could make ourselves heard at UserVoice.

    Microsoft and different divisions and groups within Microsoft has started to use UserVoice pretty extensively lately. UserVoice is a great service where you can set up your own channel, listen for feedback and questions, and answer them and most importantly act upon them. Just recently the SharePoint team had a blog post called “UserVoice driving improvements to SharePoint API” which shows just this. From the feedback they received on UserVoice and with direct and indirect customer contact they’ve made some pretty significant improvements to the SharePoint API’s, such as JSON Light support and others. I really dig this!

    FeedbackSo, if you have a suggestion or improvement to Office, SharePoint and/or the Office 365 service then get your sorry behind over to UserVoice and make yourself heard. Read other peoples suggestions and vote on them. The more votes, the more likely the teams will pick up it.

    Here are some of the UserVoice channels that Microsoft and the different product groups use:

     

    One suggestion that I made the other day was a suggestion that the Office/SharePoint/Office 365 team has a publically posted “change log”. I would like them to post any changes done to the API, UI, CSS, JavaScript, PowerShell etc in a chronological change log, so we don’t have to read between the lines in KB articles etc. If you think that this is a great idea, then I invite you to vote on my suggestion here: http://officespdev.uservoice.com/forums/224641-general/suggestions/6297224-sharepoint-and-sharepoint-online-change-log

About Wictor...

Wictor Wilén is a Group Manager and Collaboration Lead working at Avanade. Wictor has achieved the Microsoft Certified Architect (MCA) - SharePoint 2010, Microsoft Certified Solutions Master (MCSM) - SharePoint  and Microsoft Certified Master (MCM) - SharePoint 2010 certifications. He has also been awarded Microsoft Most Valuable Professional (MVP) for six consecutive years.

And a word from our sponsors...

SharePoint 2010 Web Parts in Action