I've been looking at this so long now that I think I'm probably missing something obvious. My scenario is this.
I have a SharePoint 2013 app which needs to pull data from a set of web services (not SharePoint hosted) to populate the application. Because the SharePoint server and API server are hosted in the same domain and authenticate against the same AD server, what I would like is for the user to sign in to SharePoint and then use the same credentials to make the request to the API server. It's a SharePoint hosted app, so the request needs to be made via JavaScript (well, using jQuery).
I'm guessing that this is possible, but what's the best way to look at implementing it.
Related
I'm writing a small tool that accesses data in a SharePoint 2019.
That SharePoint 2019 is configured to use "Windows Claims Based Authentication"; this means that from Windows machines part of the correct domain, users simply open the SharePoint site from Edge and the simply have access, without being prompted for credentials.
QUESTION: how could I authenticate the HTTP request to the SharePoint REST API that my tool does ?
I tried going in "private browsing"; there I was prompted for credentials, but I could not see any authentication header in the HTTP requests, so I don't know exactly how does the process look (so that I can "reproduce" it in my tool...).
Not sure how to go about doing this; I'm not looking for B2C, I don't want my users to sign in. I just want my Xamarin app to be able to access an Azure AAD protected API. In other words, I want to authenticate the app itself with the Azure Active Directory, to access an Azure AAD protected API. From what I've found on the internets, service principal to service principal auth is discouraged when using mobile apps and I've not really found a way to do it service to service anyhow.
Any suggestions on how to properly do this? Links with tutorials would be great.
Thanks!
Azure does provide the ability to generate a client ID which you could have sent from your application and checked. Microsoft talk about this in this article. You will want to be careful with how you store this ID in your app as if someone were to steal this they would be able to access your API. Along with that you'd also want to make sure that your connection between your app and server is secured with a pinned SSL certificate so it cannot be man-in-the-middle'd.
Another interesting approach is software attestation where some service checks various aspects of your app to ensure that it is your app. Full disclosure, I work for a company which does this. See Approov. We take a fingerprint of your app and our SAAS checks that this matches at run time. We then issue a token which your app can use to prove that it is the real app.
I have a web application, and I am looking to make use of SharePoint endpoints using the user's Windows credentials. SharePoint 2013 does not have CORS support, so there is no way for me to send XHR requests to SharePoint from my web page, which is hosted separately from SharePoint.
My thought is then to create a separate WebAPI based web service that uses Windows Authentication. Taking those credentials, I can then make use of the CSOM and pass those credentials through to pull back data from SharePoint with the permissions of the impersonated user.
Is this possible? I have tried several variations, but I have not been able to get it to work.
I'm using Office 365 and Windows Azure. I need to create an App on Azure that will require authentication and will be accessible for Sharepoint workflows.
I created simple ASP.NET app that uses Azure Active Directory for single sign-on (according to this steps: http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory )
Then I created workflow on Sharepoint, that calls this App and retrieves response content. Unfortunately it turns out that instead of website content it returns login page.
My question is how to make the connection between Sharepoint Workflow and Azure App, so that the App would require to log in for users, but would be accessible for the Sharepoint Workflows?
Sorry for my poor explanation, but I'm very new in this topic.
I need to implement a web application hosted on sharepoint. This is a client requirement. So I cannot create a standard asp.net web application. Another client requirement is that the authentication is not an active directory one but they want to use an existing database of users.
I am a bit concerned how this would work on sharepoint because users would need to log-in onto sharepoint. Would it make sense that users log into sharepoint as anonymous and then we use our custom controls for log-in. How does sharepoint handle anonymous users?
Any assistance would be greatly appreciated
When building apps over SharePoint, you use the SharePoint authentication mechanism, whatever it is.
Does the SharePoint farm is already in place ? Or do you have to also build the farm ?
In the former case, probably the authentication mechanism is already in place and you just have to build a "standard" sharepoint application.
In the later case, you will have to carefully plan your authentication. SharePoint can use a combination of AD authentication, Forms authentication (over a DB in your case if you want) or a Claims authentication pattern. My guess is that a Forms authentication with a custom Membership/role provider is the way to go.