Tag Archives: Azure

PNP Connect to SharePoint Online with 3 DEMOS – Classic, Certificate, and Runbook

Wanted to share step-by-step procedures for how to connect PNP.PowerShell console to SharePoint Online. Three major methods are outlined below, each slightly more advanced than the previous. Drop any questions or comments at bottom of post. Cheers.

VIDEO 1 – Client ID and Client Secret plain text

Demo how to connect with Client ID and Client Secret plain text running PNP.PowerShell.

Steps are included for

  1. Register application with SharePoint Online (SPO) by opening “appregnew.aspx”
  2. Grant permission with SharePoint Online (SPO) by opening “appinv.aspx”
  3. Connect-PNPOnline using Client ID and Client Secret plain text Cheers

CODE

# PNP Client Secret
# https://medium.com/ng-sp/sharepoint-add-in-permission-xml-cheat-sheet-64b87d8d7600
# https://www.koskila.net/fastest-way-to-verify-your-client-id-and-client-secret-are-valid-with-powershell/
<#
The app identifier has been successfully created.
Client Id:  	12306f98-2d2f-49b8-88b3-0eddd71ec25f
Client Secret:  OhYnQV2Hq888LoZOz7C8QSKr81VCNyOWQG9XEjQP111=
Title:  	PNP-PowerShell
App Domain:  	localhost
Redirect URI:  	https://localhost
#>
# Scope
$tenant = "spjeff"
$clientId = "1236f98-2d2f-49b8-88b3-0eddd71ec25f"
$clientSecret = "OhYnQV2Hq888LoZOz7C8QSKr81VCNyOWQG9XEjQP111="
# Connect
Connect-PnPOnline -Url "https://$tenant.sharepoint.com/" -ClientId $clientId -ClientSecret $clientSecret
Get-PnPWeb | Format-Table -AutoSize

VIDEO 2 – PFX Certificate running PNP.PowerShell locally

Demo how to connect with PFX Certificate running PNP.PowerShell locally given PFX input file.

Steps are included for

  1. Register Application with Azure AD
  2. Generate certificate (PFX and CER) with private key saved locally
  3. Connect-PNPOnline using local PFX input file and private key password

PNP-Register.ps1

# PNP Register
# https://pnp.github.io/powershell/articles/connecting.html
# https://pnp.github.io/powershell/articles/authentication.html
# https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/register-pnpazureadapp?view=sharepoint-ps
# https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
# https://mmsharepoint.wordpress.com/2018/12/19/modern-sharepoint-authentication-in-azure-automation-runbook-with-pnp-powershell/
# Scope
$tenant = "spjeff"
$clientFile = "PnP-PowerShell-$tenant.txt"
# Register
$password = ConvertTo-SecureString -String "password" -AsPlainText -Force
$reg = Register-PnPAzureADApp -ApplicationName "PnP-PowerShell-$tenant" -Tenant "$tenant.onmicrosoft.com" -CertificatePassword $password -Interactive
$reg."AzureAppId/ClientId" | Out-File $clientFile -Force

PNP-Connect.ps1

# PNP Connect
# https://pnp.github.io/powershell/articles/connecting.html
# https://pnp.github.io/powershell/articles/authentication.html
# https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/register-pnpazureadapp?view=sharepoint-ps
# https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
# https://mmsharepoint.wordpress.com/2018/12/19/modern-sharepoint-authentication-in-azure-automation-runbook-with-pnp-powershell/
# Scope
$tenant = "spjeff"
$clientFile = "PnP-PowerShell-$tenant.txt"
# Connect
$clientId = Get-Content $clientFile
$password = "password"
$secPassword = $password | ConvertTo-SecureString -AsPlainText -Force
Connect-PnPOnline -ClientId $clientId -Url "https://$tenant.sharepoint.com" -Tenant "$tenant.onmicrosoft.com" -CertificatePath '.\PnP-PowerShell-$tenant.pfx' -CertificatePassword $secPassword
Get-PnPTenantSite | Format-Table -AutoSize

VIDEO 3 – PFX Certificate in Azure Automation Runbook

Demo how to connect with PFX Certificate running PNP.PowerShell in Azure Automation Runbook given PFX input file.

Steps are included for

  1. Register Application with Azure AD
  2. Generate certificate (PFX and CER) with private key saved locally
  3. Upload PFX into Azure Automation with [Exportable=Yes] and password
  4. Runbook code to download PFX at runtime (Get-AutomationCertificate)
  5. Connect-PNPOnline using Azure temp PFX file and private key password

CODE

# PNP Connect
# https://pnp.github.io/powershell/articles/connecting.html
# https://pnp.github.io/powershell/articles/authentication.html
# https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/register-pnpazureadapp?view=sharepoint-ps
# https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
# https://mmsharepoint.wordpress.com/2018/12/19/modern-sharepoint-authentication-in-azure-automation-runbook-with-pnp-powershell/
# Scope
$tenant = "spjeff"
# Azure Certificate
$password = "password"
$secPassword = $password | ConvertTo-SecureString -AsPlainText -Force
$cert = Get-AutomationCertificate -Name 'PNP-PowerShell-$tenant'
$pfxCert = $cert.Export("pfx" , $password ) # 3=Pfx
$certPath = "PNP-PowerShell-$tenant.pfx"
Set-Content -Value $pfxCert -Path $certPath -Force -Encoding Byte 
# Connect
$clientId = Get-Content $clientFile
$password = "password"
$secPassword = $password | ConvertTo-SecureString -AsPlainText -Force
Connect-PnPOnline -ClientId $clientId -Url "https://$tenant.sharepoint.com" -Tenant "$tenant.onmicrosoft.com" -CertificatePath '.\PnP-PowerShell.pfx' -CertificatePassword $secPassword
# Display
Get-PnPTenantSite | Format-Table -AutoSize

VIDEO – Azure Function running F5 on localhost

Wanted to share brief for creating a new Azure Function 2.0 on localhost.  Followed quick start wizard within Azure for steps.  Initially received error message pressing F5 but able to resolve by navigate down three folders and run command manually.  Root cause was local PowerShell configuration.   Updating “$profile” to remove Change Directory commands (“CD C:\CODE”) resolved the F5 error with Azure function not starting.

Thank you to @nthonyChu and @fiveisprime for help troubleshooting.   Cheers.  shades_smile

Error

Unable to find project root. Expecting to find one of host.json, local.settings.json in project root.

Resolution

  1. Launch PowerShell
  2. Run “notepad $profile
  3. Remove any “CD” commands with modify working directory
  4. Save and restart

Workaround (Temporary)

  1. Navigate down 3 folders with cd “bin\debug\netcoreapp2.1\”
  2. Run “func start host

Video

Screenshots

image

image

image

image

image

VIDEO – Create and connect to Oracle in Azure

Wanted to record a demo of how to create Oracle 12 instance in Azure and connect with GUI tools from Windows client.   Video shows full processing (including troubleshooting) with TCP firewall, DBCA create command, system password, and all.    Great way to build personal dev environment to learn Oracle connection strings and syntax, while staying out of live production corporate Oracle system.

Cheers.  shades_smile

Video

Code

ssh adminUser@publicipaddress
sudo su - oracle
lsnrctl start
# Find file
find / -name sqlplus -print
# Environment variables
ORACLE_HOME=/u01/app/oracle/product/12.1.0/dbhome_1; export ORACLE_HOME
ORACLE_SID=cdb1; export ORACLE_SID
PATH=$PATH:$ORACLE_HOME/bin
# Connect Oracle SQL Developer GUI
system
OraPasswd1
# Display Version
SELECT * FROM v$version

Screenshots

image

image

image

image

image

image

References

VIDEO – Validate Azure AD Username Password

Applications often need a way to validate current user account.   For example, completing online forms and provide signature with password.  With Active Directory on-premise, the [System.DirectoryServices] namespace can be used to validate username and password with [PrincipalContext] and [ValidateCredentials].

With Azure AD, different methods are needed.  Video demo below.  Source code available at https://github.com/spjeff/VerifyAzureAD/

Cheers!  shades_smile

Video

References

VIDEO – HTTP Header Client Secret protected Web API

Watch the video below to see a demo of protecting WebAPI with HTTP header and a Client Secret.    By default, new Web API projects lack any security mechanism and are open to any anonymous user.    Protecting Dot Net methods with an IF() statement condition provides a simple security mechanism to ensure only users who know the Client Secret are able to run the API and execute the method.

NOTE – Check out https://www.spjeff.com/2017/10/05/video-azure-ad-protected-web-api-in-an-angularjs-spa/ for more complete WebAPI security with Azure AD.

Cheers! shades_smile

Video

Screenshots

image

Code

public bool keyMatch()
{
	// security HTTP header
	string key = "12345678901234567890123456789012345678901234567890";
	IEnumerable headerValues;
	var keyFilter = string.Empty;
	if (Request.Headers.TryGetValues("key", out headerValues))
	{
		// ALLOW - match key
		keyFilter = headerValues.FirstOrDefault();
	}
	if (keyFilter == key)
	{
		return true;
	}
	else
	{
		return false;
	}
}

References

VIDEO – Microsoft Azure AD Portal (AAD)

Check out https://aad.portal.azure.com/.   Microsoft Azure Activity Directory admin center is open to all users and is a great tool to browse Azure AD, lookup user details, locate groups, manage applications, monitor usage, and more.

Users with higher permissions will see more tiles including:

  • Azure Active Directory
  • Users and groups
  • Enterprise applications
  • App registrations
  • Azure AD Connect Health
  • Azure AD Cloud App Discovery
  • Azure AD Privileged Identity Management
  • Azure AD Identity Protection
  • Devices

Cheers!    shades_smile

Manage Azure Active Directory

Video

Screenshots

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

References

SharePoint as a Service (SPaaS)

SharePoint is often treated as a final SAAS product to perform Microsoft native functions only.  Management can be reluctant to engage customization and development for the perceived cost. 

However, what is the cost of lacking a needed business tool?  Lost productivity and opportunity?  

What is the cost to create native SP features?   Make a blank IIS website?  Then create your own search, audit, permission interface, file store, REST endpoint, etc.?

 

Today is the best time ever to be a developer.  Many services and many tools.   Agile design can be applied to leverage 90% native platform with 10% custom code to spin up helpful business applications with low cost.   Micro services, REST api, and JavaScript frameworks provide the building blocks.   Developers are challenged to learn these new tools.  Ones that do can help deliver business value faster than ever.

 

Remember, SharePoint is a service– not the final product.  shades_smile

 

Features

  • Authentication – User context.  Password management, new account creation, integrated single sign-on.
  • Permissions – Groups, roles, custom permission levels,
  • Tables & Files – Storage of flat database (rows, columns, validated input, query) and binary files (folder, files)
  • Notification – Alert on data changes.  Daily and weekly summary.  Custom email body with Workflow.
  • Search – Index content, word parsing, custom results display, full REST api.
  • Audit – Regulatory compliance.  Reports, export, filter, and granular detail.
  • … and many more

 

Diagram

image

 

References

VIDEO – Online WebAPI Generator

I created an online service at https://spjeff.azurewebsites.net/ which generates a MVC WebAPI 2.2 project with the name you enter.   A custom ZIP file is generated server side with your custom name for the Project, Namespaces, Assembly, and sent to the browser for download.   Best practices are already enabled such as:

  • [CORS] decorator
  • [Authorize] decorator
  • Minimal packages and dependency
  • Zero MVC boilerplate
  • Lean mean API ready for dev & prod

From there double click SLN and begin coding.  Enjoy!  shades_smile

 

Video

Online WebAPI Generator from Jeff Jones on Vimeo.

 

Screenshots

 

image

 

image

 

image

FIXED – AzurePlugin was not able to get Tenant Info from configuration server (CSSA)

While enabling the CSSA (Cloud Search Service Application) I came across this error during first full crawl after successfully completing the on-boarding steps outlined at https://blogs.msdn.microsoft.com/spses/2015/09/15/cloud-hybrid-search-service-application/ with PowerShell scripts.    The Azure plugin was unable to crawl on-premise content.   Root cause was proxy server configuration, which needs to be consistent across three places.  Hope this helps!

 

Central Admin

An unexpected error occurred in the Azure plugin. This item will be retried in the next incremental crawl. ( AzureException AzurePlugin was not able to get Tenant Info from configuration server; SearchID = B056F137-1C77-4792-B402-256B615DBE82 )

 

Verbose ULS

Get-SPLogLevel |? {$_.Area -like "SharePoint Server Search"} | Set-SPLogLevel -TraceSeverity VerboseEx
New-SPLogFile

ULS Log

By running PowerShell commands “Set-SPLogLevel” and “New-SPLogFile” I was able to get verbose URL for the CSSA crawl process.   Here are the entries showing inability to communicate over the proxy server to the Internet.

12/08/2016 15:36:31.55  mssearch.exe (0x195C) 0x0B18  SharePoint Server Search             Crawler:Azure Plugin                amn0f   High       AzureServiceProxy::GetCerts caught AggregateException: The ServicePointManager does not support proxies with the myproxy scheme.  

12/08/2016 15:36:31.55  mssearch.exe (0x195C) 0x0B18  SharePoint Server Search             Crawler:Azure Plugin                amn0g  High       AzureServiceProxy::GetCerts: Failed to get encryption certificates from cert server https://tenant.sharepoint.com for realm 67d7b889-884d-4c2a-a8d8-3ff81f37b497, documents will be send unencrypted (if unecrypted submit is allowed) 

12/08/2016 15:36:31.55  mssearch.exe (0x195C) 0x0B18  SharePoint Server Search             Crawler:Azure Plugin                amn0h  High       AzureServiceProxy::GetAzureTenantInfo caught AggregateException: The ServicePointManager does not support proxies with the myproxy scheme., unable to get EndpointAddress, submit is blocked               

12/08/2016 15:36:31.55  mssearch.exe (0x195C) 0x0B18  SharePoint Server Search             Crawler:Azure Plugin                amn0i    High       AzureServiceProxy caught Exception: *** Microsoft.Office.Server.Search.AzureSearchService.AzureException: AzurePlugin was not able to get Tenant Info from configuration server     at Microsoft.Office.Server.Search.AzureSearchService.AzureServiceProxy.GetAzureTenantInfo(String portalURL, String realm, String& returnPropertyValue, String propertyName)     at Microsoft.Office.Server.Search.AzureSearchService.AzureServiceProxy.SubmitDocuments(String azureServiceLocation, String authRealm, String SPOServiceTenantID, String SearchContentService_ContentFarmId, String portalURL, String testId, String encryptionCert, Boolean allowUnencryptedSubmit, sSubmitDocument[] documents, sDocumentResult[]& results, sAzureRequestInfo& RequestInfo) ***   

 

Resolution

Proxy server settings need to be confirmed in three places.   The crawler was attempting to use “myproxy:8080” DNS names when it actually needs URL format “http://myproxy:8080”   

 

1)  Internet Explorer

Tools > Options > Connections > LAN Settings

Provide either PAC URL (proxy auto config) or proxy server DNS name.

2016-12-12_8-46-00

 

2)  Command Line

NETSH WINHTTP SHOW PROXY

NETSH WINHTTP SET PROXY PROXY-SERVER=”myproxy:8080” BYPASS-LIST=”*.company.com;<local>”

image

 

3)  Dot Net Global [machine.config]

Run notepad

Open “C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config”

Add following XML code

<system.net>
<defaultProxy>
<proxy usesystemdefault=”false” proxyaddress=”http://myproxy:8080” bypassonlocal=”true” />
</defaultProxy>
</system.net>

 

image

 

Notes

  • Completed the “Hybrid Onedrive” click once application to create “ACS” and “SPO” service application proxies before Hybrid Search CSSA onboarding.   https://configure.office.com/

References

2728.image_0ACB058C

Return to Top ▲Return to Top ▲