none
oAuth connection for office 365 RRS feed

  • Question

  • Hi,

    I am new to office 365, having issue  connect to office 365. Like i am connect to office 365 with exchange service successfully but  when ever click on my asp.net normal button it should redirect to office 365 login page nd should check user credentials if credentials are correct[means already registerd candidate] then again it will redirect to my asp.net page.

    any one please help me to resolve the issue.

    Tuesday, November 24, 2015 1:02 PM

All replies

  • For this procedure, you have to specify a verified domain for your Exchange Online organization and the Exchange Online Tenant Name. The first domain should be the same domain used as the primary SMTP domain used for the cloud-based email accounts. This domain is referred as <your verified domain> in the following procedure. The second domain which is your actual tenant name like contoso.onmicrosoft.com is referred to as <your tenant domain>.

    Run the following command in the Exchange Management Shell (Exchange PowerShell) in your on-premises Exchange organization:

    PowerShell

    New-AuthServer -Name "WindowsAzureACS" -AuthMetadataUrl "https://accounts.accesscontrol.windows.net/<your verified domain>/metadata/json/1"
    New-AuthServer -Name "evoSTS" -Type AzureAD -AuthMetadataUrl "https://login.windows.net/<your tenant domain>/federationmetadata/2007-06/federationmetadata.xml"
    Step 2: Enable the partner application for your Exchange Online organization
    Run the following command in the Exchange PowerShell in your on-premises Exchange organization.

    PowerShell

    Get-PartnerApplication |  ?{$_.ApplicationIdentifier -eq "00000002-0000-0ff1-ce00-000000000000" -and $_.Realm -eq ""} | Set-PartnerApplication -Enabled $true
    Step 3: Export the on-premises authorization certificate
    In this step, you have to run a PowerShell script to export the on-premises authorization certificate, which is then imported to your Exchange Online organization in the next step.

    Save the following text to a PowerShell script file named, for example, ExportAuthCert.ps1.

    PowerShell

    $thumbprint = (Get-AuthConfig).CurrentCertificateThumbprint
    if((test-path $env:SYSTEMDRIVE\OAuthConfig) -eq $false)
    {
       md $env:SYSTEMDRIVE\OAuthConfig
    }
    cd $env:SYSTEMDRIVE\OAuthConfig
    $oAuthCert = (dir Cert:\LocalMachine\My) | where {$_.Thumbprint -match $thumbprint}
    $certType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert
    $certBytes = $oAuthCert.Export($certType)
    $CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"
    [System.IO.File]::WriteAllBytes($CertFile, $certBytes)
    In Exchange PowerShell in your on-premises Exchange organization, run the PowerShell script that you created in the previous step. For example:

    PowerShell

    .\ExportAuthCert.ps1
    Step 4: Upload the on-premises authorization certificate to Azure Active Directory Access Control Service (ACS)
    Next, you have to use Windows PowerShell to upload the on-premises authorization certificate that you exported in the previous step to Azure Active Directory Access Control Services (ACS). To do this, the Azure Active Directory Module for Windows PowerShell cmdlets has to be installed. If it's not installed, go to https://aka.ms/aadposh to install the Azure Active Directory Module for Windows PowerShell. Complete the following steps after the Azure Active Directory Module for Windows PowerShell is installed.

    Click the Azure Active Directory Module for Windows PowerShell shortcut to open a Windows PowerShell workspace that has the Azure AD cmdlets installed. All commands in this step will be run using the Windows PowerShell for Azure Active Directory console.

    Save the following text to a PowerShell script file named, for example, UploadAuthCert.ps1.

    PowerShell

    Connect-MsolService
    $CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"
    $objFSO = New-Object -ComObject Scripting.FileSystemObject
    $CertFile = $objFSO.GetAbsolutePathName($CertFile)
    $cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
    $cer.Import($CertFile)
    $binCert = $cer.GetRawCertData()
    $credValue = [System.Convert]::ToBase64String($binCert)
    $ServiceName = "00000002-0000-0ff1-ce00-000000000000"
    $p = Get-MsolServicePrincipal -ServicePrincipalName $ServiceName
    New-MsolServicePrincipalCredential -AppPrincipalId $p.AppPrincipalId -Type asymmetric -Usage Verify -Value $credValue
    Run the PowerShell script that you created in the previous step. For example:

    PowerShell

    .\UploadAuthCert.ps1
    After you start the script, a credentials dialog box is displayed. Enter the credentials for the tenant administrator account in your Microsoft Online Azure AD organization. After running the script, leave the Windows PowerShell for Azure AD session open. You will use this to run a PowerShell script in the next step.

    Step 5: Register all hostname authorities for your internal and external on-premises Exchange HTTP endpoints with Azure Active Directory
    You have to run the script in this step for each endpoint in your on-premises Exchange organization that is publically accessible (Internal and External URLs if you are going to setup Hybrid Modern Authentication). For example, assume that Exchange is externally available on https://mail.contoso.com/ews/exchange.asmx. In this case the service principal name of: https://mail.contoso.com would be used. There isn't a limit for registering additional external hostname authorities.

    If you are not sure of the Exchange endpoints in your on-premises Exchange organization, you can get a list of the external configured Web services endpoints by running the following command in Exchange PowerShell in your on-premises Exchange organization:

    PowerShell

    Get-MapiVirtualDirectory | FL server,*url*
    Get-WebServicesVirtualDirectory | FL server,*url*
    Get-OABVirtualDirectory | FL server,*url*

    This steps also works for zoho mail to office 365 migration as well. To know more about it visit o365cloudexperts.

    Saturday, April 11, 2020 11:50 AM