About these samples
The Trusted Application API is a REST API that enables developers to build Skype for Business Online back-end communications services for the cloud. The Trusted Application API Samples contain samples for the backend Trusted Application and samples for how to interact with the trusted application from a client-side browser using the Skype Web SDK.
The Trusted Application sample deploys to an Azure Cloud Service and:
- Permits anonymous sign-in
- Creates an adhoc meeting URL
The sample Web SDK application interacts with the Trusted Application sample and contains two demos:
- Get an anon application token from the Trusted Application
- Get an adhoc meeting URL from the Trusted Application
- Use the anon application token to join Anonymously into a Skype for Business Online meeting
- Enable audio/video in an anonymously-joined Skype for Business Online meeting
Prerequisites
Download Azure SDK v2.9.
Create a Cloud Service from Azure and give it a name to reserve a
*.cloudapp.netURL. For more details, see Azure Cloud Services documentation.The Trusted Application API requires the use of SSL and https for your cloud service. You'll need to create a DNS CName that points to your
*.cloudapp.netcloud service to give it a custom domain. For details, see Configuring a custom domain name for an Azure cloud service.Use the quick registration tool to register Skype for Business Trusted Applications in Azure and Skype for Business Online. This eliminates the need to register an application manually in Azure portal. Optionally, you can manually register your application in Azure Portal, where you'll get a Client ID and set an App ID URI. For details, see Registration in Azure Active Directory.
Register Trusted Endpoints in a Skype for Business Online tenant using PowerShell. Refer to Setting up a Trusted Application Endpoint for details.
When the application is registered in AAD, it's registered in the context of a tenant. For a tenant to use the Service Application, for example, when the application is developed as a multi-tenant application, that tenant's admin must provide consent. For details, see Tenant admin consent.
Deploy the the client (anonymous webpage) code contained in the
WebsiteSamplesfolder to a web server (e.g. IIS on localhost, or Azure App Service to deploy to*.azurewebsites.net).Create Azure storage used to save event messages from Platform Service, where you will get an account name and account key. For details, see Create a storage account.
Create Azure Service Bus for the process of saving the event messages to storage, and getting the connection string. For details, see Get started with Azure Service Bus queues (.NET).
Deployment
Once you've satisfied the prerequisites, it's time to configure the Trusted Application source code and deploy it to the Azure Cloud Service created in Step 2.
If you plan on pointing a custom domain or subdomain to your *.cloudapp.net server, use that FQDN as your base URL. Otherwise, use resourcename.cloudapp.net as your base URL, as created in step 2.
Trusted Application Agent
Clone code from the samples repo.
Build the solution (NuGet packages will be restored).
Edit the
ServiceConfiguration.Prod.cscfgfile, substituting[parameters]as follows:<ConfigurationSettings> <!-- Replace base.url with your app's url; as registered on Azure --> <!--Optional. Only needed if you want to leverage the AzureDiagnosticLogger which log all traces in azure diagnostic storage table. If you have other storage to store your trace, this is not needed. --> <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="[Application Client ID from Prerequisite Step 7]" /> <!--this is needed if you are using QueueBasedEventChannel in this sample --> <Setting name="Microsoft.ServiceBus.ConnectionString" value="[Application Client ID from Prerequisite Step 8]" /> <Setting name="AudienceUri" value="https://base.url" /> <Setting name="CallbackUriFormat" value="https://base.url/callback?callbackContext={0}" /> <Setting name="ResourcesUriFormat" value="https://base.url/resources/{0}" /> <!-- Replace these with values relevant to your deployment --> <Setting name="AAD_ClientId" value="[Application Client ID from Prerequisite Step 2]"/> <Setting name="AAD_ClientSecret" value="[Application Client secret from Prerequisite Step 3]" /> <Setting name="ApplicationEndpointId" value="[Get the sip: uri from Prerequisite Step 4]" /> <Setting name="LogFullHttpRequestResponse" value="true" /> </ConfigurationSettings>Update the
EnableCorsAttribute.csfile fromFrontEndproject to allow CORS requests on your Base URL:// Add allowed origins. _policy.Origins.Add("http://localhost"); _policy.Origins.Add("https://base.url"); // Replace base.url with your app's url; as registered on AzurePublish the application (right-click
PlatformServiceSamplesAzureServiceand select Publish...) using the Production slot
When visiting your base URL (e.g. https://name.cloudapp.net), the expected response is a simple 403.
Client webpage
You'll need to modify the WebsiteSamples\scripts\index.js file and replace https://[name].cloudapp.net with your trusted agent's base URL. You'll also need to modify the `WebsiteSamples\Samples\scripts\sign-in.js' file and replace InviteTargetUri 'toshm@metio.onmicrsoft.com' with your valid user in your own tenant.
Questions & troubleshooting
Q: I published to my Cloud Service, but get a generic application error page
If you see this error message:
An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
You need to adjust web.config on the Cloud Service to set customError="off" per the error message.
- Enable Remote Desktop on the
FrontEndrole instance - see here for details - Remote it and start the IIS Manager
- Find the Under Sites, right-click the configured website (there should only be one) and select Explore....
- Edit
web.configand allow custom errors on remote hosts, as per the error page's instructions. - Make the original web request again, and the correct error code & description should be returned.
Q: I published my Cloud Service, but get a 500 error
You may want to remote into the machine (see question above) and enable IIS failed request tracing to view the traceback details.
Q: I published to my Cloud Service but get a 401 error on the client samples
Verify the error description - if you see reference to Azure Storage or Azure Service Bus, you likely have provided an incorrect connection string in your service definition file. Proper connection strings can be obtained from the Azure Portal. Ensure that there are no leading or trailing spaces in the provided connection string.
Q: How to check the traffic message between my app and Platform Service and logs?
Attach debugger from the Cloud app your are using, open 'Output' window and you will see real time data going back and forth between you app and Trusted Application API.