Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Exploring Graph Native Support for OData

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Exploring Graph Native Support for OData


๐Ÿ’ก Newskategorie: Programmierung
๐Ÿ”— Quelle: devblogs.microsoft.com

We talked in previous articles about the amount of enterprise technologies that offer OData out-of-the-box for itโ€™s RESTFul API communications. some of these technologies are widely spread such as SharePoint, SAP, SQL Server and so many other technologies that leverage a multi-billion user powerful technology like OData.

In this article, Iโ€™m going to show you how you can leverage OData with Microsoft Graph, so you can power your applications with extensive capabilities to search, sort, order and filter all users information, including calendars, security groups, mail and so much more within Microsoft Graph with the smallest effort possible.

But before we start talking about OData integration with Microsoft Graph, let me explain to you first what Microsoft Graph is, and why itโ€™s so beneficial for small, medium size and larger enterprises to have OData as an option if they have their employee data stored and exposed through Graph.

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Office 365, Windows 10, and Enterprise Mobility + Security. Use the wealth of data in Microsoft Graph to build apps for organizations and consumers that interact with millions of users.

In other words, Microsoft Graph exposes an API endpoint to interact programmatically with all Office 365 products to extend the capabilities and features of Office 365 beyond the UI to include your own customized Web, mobile and desktop applications while still being connected to enterprise data.

To bring Microsoft Graph to a real-world scenario, imagine that you need to build a web application that enables employees in your organization to search and contact other employees who are proficient in a particular technology, for instance: in a 20,000 employees company, you want to enable software engineers to find colleagues who can help them with SQL Server โ€“ Graph integration with OData today enables you to search through all employees information and find out about the employees who defined SQL Server as a skill set of theirs.

ย 

Trying Things Out

Microsoft Graph exposes a public demo API explorer where you can make sample API calls and explore the capabilities (and the possibilities) of what Graph could offer with a simple API call.

To get started, navigate to Microsoft Graph Explorer URL, and hit the run query button against the following URL:

https://graph.microsoft.com/v1.0/me/

Graph Explorer will return the following entity as a result:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
    "businessPhones": [
        "+1 412 555 0109"
    ],
    "displayName": "Megan Bowen",
    "givenName": "Megan",
    "jobTitle": "Auditor",
    "mail": "[email protected]",
    "mobilePhone": null,
    "officeLocation": "12/1110",
    "preferredLanguage": "en-US",
    "surname": "Bowen",
    "userPrincipalName": "[email protected]",
    "id": "48d31887-5fad-4d73-a9f5-3c356e68a038"
}

This outcome is just a demo result, we can now modify out API call to include some OData queries as follows:

https://graph.microsoft.com/v1.0/me?$select=displayName

Now, hit the Run Query button, the outcome would be as follows:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(displayName)/$entity",
    "displayName": "Megan Bowen"
}

ย 

Searching Across The Organization

Letโ€™s take Graph a bit further, with respect to the aforementioned example, by finding all the employees in your organization who have experience with Product Marketing Management โ€“ letโ€™s see if Graph powered by OData could help us find individuals who have that skill set.

Letโ€™s hit the following endpoint:

https://graph.microsoft.com/v1.0/users?$filter=jobTitle eq 'Product Marketing Manager'

The result of the query should be as follows:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
    "value": [
        {
            "businessPhones": [
                "+1 425 555 0109"
            ],
            "displayName": "Adele Vance",
            "givenName": "Adele",
            "jobTitle": "Product Marketing Manager",
            "mail": "[email protected]",
            "mobilePhone": null,
            "officeLocation": "18/2111",
            "preferredLanguage": "en-US",
            "surname": "Vance",
            "userPrincipalName": "[email protected]",
            "id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
        }
    ]
}

ย 

Setting Things Up

Now that you can see the capabilities and possibilities of Graph, you must be wondering how can I integrate that in my web, mobile or desktop application?

In this section, I am going to walk you step by step through the process of enabling Microsoft Graph in your current organization and being able to connect to your Graph service in the simplest way possible.

Letโ€™s start with creating a Graph app in our Azure portal by searching for App Registrations as follows:

Searching for App Registration in Azure Portal

ย 

In the App Registrations view, letโ€™s create a new App, click on the New Registration button at the top left corner as follows:

Image New Registration

ย 

Once you clicked New Registration, now we need to fill a form and select the options for creating a new app, for the purpose of this demo, letโ€™s just call our app ODataGraphApp as follows, then click Register:

Image ODataGraphApp Registration Form

ย 

Once you click register, you should see the entire dashboard and overview of your new app as follows:

Image ODataGraphApp Dashboard

ย 

letโ€™s take note of Application (client) ID and the Directory (tenant) ID, we are going to need those later to communicate with our organization Graph endpoint.

the next step is generate a secret key to allow us to communicate with Graph, in order for us to do that, letโ€™s click on the Certificates & Secrets side menu option on the left, the following view should appear:

Image App Secret Generation

ย 

In this view, letโ€™s click on New client secret, select the expiration time of the secret then click Addย as follows:

Image ODataGraphAppSecret

Once you click Add, you will be presented with a new secret, save that somewhere safe (KeyVault is an option) and along with the client and tenant IDs we saved earlier letโ€™s start giving our new App some permissions to access data in our organization.

ย 

Granting Permissions

In order for our newly registered app to be able to access particular information, a permission has to be granted first, letโ€™s go back to our new app dashboard in Azure and click on the View API Permissions button as follows:

Image Permissions

ย 

You will notice at first glance, that thereโ€™s an existing default permission for your app, which is a user delegated permission to allow users accessing your app to view their own information.

Before we go any further, Graph offers two different types of permissions, Application Permissions and Delegated Permissions,ย the first type doesnโ€™t require a user to present or logged in to access the information throughout the organization, the second type requires a user to authorize the app to access the information, which is much more secure.

Both types of permissions are needed, depending on the business requirement and the architecture of your application, for the purpose of this demo, we are going to grant an application permission to our new app to read all the information about all users in our organization as follows:

ย 

Image Microsoft Graph Permissions

ย 

Click on Add Permissionย then select Microsoft Graph from the menu that will appear on the right side as shows above.

Image Select Application Permission

We will need to select Application Permissions before moving forward with which types of permissions we need to grant our app, once youโ€™ve selected Application permissions, you will be presented with all types of permissions categorized by the entity type these permissions grant for access as follows:

Image Select Users Read

ย 

As shows above, there are hundreds of permissions that we can grant our app, in so many different aspects, for our demo we will select User.Read.All permission then click Add permissions as shows above.

Once you click Add Permissions, we will need to grant Admin consent for Default Directory permissions as follows:

Image Grant Admin Permissions

You can grant the consent but selecting the highlighted permission we added then click the Grant admin consent for Default Directoryย button to do so, when the permission is granted, a green check mark should be displayed next to the new permission you just granted consent as follows:

Image Admin Permission Granted

ย 

Now we are all set! we are ready to access all organization users information using Graph through a simple Console Application.

ย 

The Code

In this section, I am going to show you how you can write a simple console application to retrieve Users information, letโ€™s create a simple console app and add the following Nuget packages in its:

  1. Microsoft.Graph (3.5.0)
  2. Microsoft.Graph.Authย  (1.0.0-preview.4)

With these two libraries, letโ€™s change the default code in our console app Program.csย file to the following:

using System;
using System.Threading.Tasks;
using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;

namespace GraphODataDemo
{
    class Program
    {
        static async Task Main(string[] args)
        {
            var confidentialClientApplication = ConfidentialClientApplicationBuilder
               .Create("YOUR_CLIENT_ID")
               .WithTenantId("YOUR_TENANT_ID")
               .WithClientSecret("YOUR_APP_SECRET")
               .Build();

            var clientCredentialProvider = 
                new ClientCredentialProvider(confidentialClientApplication);
            
            var graphServiceClient = 
                new GraphServiceClient(clientCredentialProvider);

            var users = await graphServiceClient.Users.Request()
                .Filter("displayName eq 'Hassan Habib'").GetAsync();

            foreach(var user in users)
            {
                Console.WriteLine(user.DisplayName);
            }
        }
    }
}

When you run your application the application will filter all users to only the ones with the displayNameย equivalent to Hassan Habib, hereโ€™s a screenshot of the result:

Image OData Output

ย 

ย 

Native Support

As you saw in the code above, the Filterย functionality comes out of the box with the Graph client we are using, so is the case with the following features:

ย 

$Select

We can examine the select option as follows:

var users = await graphServiceClient.Users.Request()
    .Select(user => user.DisplayName).GetAsync();

The Select functionality in the Graph Client supports both fluent API with expressions and raw select queries as follows:

var users = await graphServiceClient.Users.Request()
    .Select("displayName").GetAsync();

in both cases, the API will return entire objects with all their properties nullified except for the properties we selected.

ย 

$Expand

You can also use the expand to search through other related entities, for instance, we can check the calendar of a particular user as follows:

var users = await graphServiceClient.Users.Request()
    .Expand(user => user.Calendar).GetAsync();

You can also do the same thing with raw queries as follows:

var users = await graphServiceClient.Users.Request()
    .Expand("calendar").GetAsync();

Itโ€™s important to understand that expanding to related entities might require additional permissions, just the exact same way we granted our app access to user information.

ย 

$Filter

The filter functionality doesnโ€™t currently support expressions, but as we have shown above it can support raw expressions as follows:

var users = await graphServiceClient.Users.Request()
    .Filter("displayName eq 'Hassan Habib'").GetAsync();

ย 

The same functionality applies to other OData features such as $OrderBy, $Skipย and $Top.

ย 

Final Notes

  1. Microsoft Graph combined with OData is a very powerful technology that grants access to all members within an organization, it also prevents duplication of an organization members data and offers an option to reference these members by their organization id.
  2. Microsoft Graph team has provided tremendous documentations around the technology and itโ€™s use cases, you can find all about Microsoft Graph here.
  3. You can find the source code for the Console app I created for this demo in here
  4. OData is natively supported in much more platforms for multi-billion users, itโ€™s heavily used within these platforms which should encourage application developers to trust OData to integrate the technology in their current or future applications.

ย 

ย 

The post Exploring Graph Native Support for OData appeared first on OData.

...



๐Ÿ“Œ Exploring Graph Native Support for OData


๐Ÿ“ˆ 61.84 Punkte

๐Ÿ“Œ Using SkipToken for Paging in Asp.Net OData and Asp.Net Core OData


๐Ÿ“ˆ 43.78 Punkte

๐Ÿ“Œ Migrating OData V3 Services to OData V4 without Disrupting Existing Clients


๐Ÿ“ˆ 43.78 Punkte

๐Ÿ“Œ How to create alias for only one half of the command? Like "git graph", where graph="log --all --graph"?


๐Ÿ“ˆ 40.23 Punkte

๐Ÿ“Œ Intro to Graph and Native Graph Databases


๐Ÿ“ˆ 35.86 Punkte

๐Ÿ“Œ Developer's guide to Microsoft Graph | Learn Together: Building Apps with Microsoft Graph


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ CVE-2020-36518 | Oracle Big Data Spatial and Graph Big Data Graph denial of service


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ CVE-2021-42340 | Oracle Big Data Spatial and Graph Big Data Graph denial of service


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ CVE-2021-41184 | Oracle Big Data Spatial and Graph Big Data Graph cross site scripting


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ A graph extension written in C: quick and easy deployment of graph model on relational database


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ CVE-2023-28606 | MISP prior 2.4.169 Event-Graph Node Tooltip js/event-graph.js cross site scripting


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ CVE-2023-46589 | Oracle Big Data Spatial and Graph 3.0.4 Big Data Graph unknown vulnerability


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ Graph-Datenbanken: Graph Query Language soll ISO-Standard werden


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ MISP 2.4.111 event-graph View event-graph.js cross site scripting


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ Oracle Big Data Graph up to 2.x Spatial/Graph Remote Code Execution


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ Build a GNN-based real-time fraud detection solution using the Deep Graph Library without using external graph storage


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ Enhancing Graph Data Embeddings with Machine Learning: The Deep Manifold Graph Auto-Encoder (DMVGAE/DMGAE) Approach


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ Meet Graph-Mamba: A Novel Graph Model that Leverages State Space Models SSM for Efficient Data-Dependent Context Selection


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ How to Test Graph Quality to Improve Graph Machine Learning Performance


๐Ÿ“ˆ 26.82 Punkte

๐Ÿ“Œ Exploring the Implementation of Graph Data in OceanBase


๐Ÿ“ˆ 25.76 Punkte

๐Ÿ“Œ What Next? Exploring Graph Neural Network Recommendation Engines


๐Ÿ“ˆ 25.76 Punkte

๐Ÿ“Œ Exploring the Microsoft Graph Toolkit | On .NET


๐Ÿ“ˆ 25.76 Punkte

๐Ÿ“Œ Exploring the Implementation of Graph Data in OceanBase


๐Ÿ“ˆ 25.76 Punkte

๐Ÿ“Œ ๐Ÿš€Exploring React Storybook: A Journey Through Button Components and exploring Typescriptโœ๐Ÿฝ


๐Ÿ“ˆ 24.69 Punkte

๐Ÿ“Œ Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape


๐Ÿ“ˆ 22.45 Punkte

๐Ÿ“Œ Vuln: Microsoft OData CVE-2018-8269 Denial of Service Vulnerability


๐Ÿ“ˆ 21.89 Punkte

๐Ÿ“Œ Simplifying EDM with OData


๐Ÿ“ˆ 21.89 Punkte

๐Ÿ“Œ Enabling Pagination in Blazor with OData


๐Ÿ“ˆ 21.89 Punkte

๐Ÿ“Œ Integrating Cosmos DB with OData (Part 1)


๐Ÿ“ˆ 21.89 Punkte

๐Ÿ“Œ #0daytoday #Apache Olingo OData 4.0 - XML External Entity Injection Exploit [webapps #exploits #0day #Exploit]


๐Ÿ“ˆ 21.89 Punkte

๐Ÿ“Œ [webapps] Apache Olingo OData 4.0 - XML External Entity Injection


๐Ÿ“ˆ 21.89 Punkte

๐Ÿ“Œ Apache Olingo OData 4.6.x XML Injection


๐Ÿ“ˆ 21.89 Punkte

๐Ÿ“Œ Experimenting with OData in ASP.NET Core 3.1


๐Ÿ“ˆ 21.89 Punkte











matomo