1. 技术文章
  2. Access SharePoint on-premise with a token obtained from Azure AD and ADAL

Access SharePoint on-premise with a token obtained from Azure AD and ADAL

蹲街弑〆低调 提交于 2019-12-06 09:43:22

问题


The Goal

Access an on-premise SharePoint data with REST requests from a mobile application based on Apache Cordova using OAuth.

What I have tried so far

1. Azure Mobile Services / Hybrid Connection / AAD / ADAL

Similar to the blog post Access SharePoint on behalf of the user, but with an on-premise server instead of O365:

  1. Client side log-in using ADAL for Apache Cordova.
  2. Mobile Service that is connected to the on-premise server through hybrid connections.
  3. Using ADAL.net to acquire a token for the SharePoint server using the token obtained in step 1.

This works fine except step three, since there is no sort of connection between the on-premise server and AAD, hence no token can be acquired.

2. Same as above plus Azure Application Proxy

We've setup the Azure Application Proxy as described by Kirk Evans in this post. The Azure AD application for the mobile service is given access permission to the application for the Application Proxy (in the same Azure AD tenant).

Now steps one to three are working fine. We've been able to obtain a token using the Application Proxy URL as resource. Then we've tried to execute a REST request using the token as follows:

GET https://<server>.msappproxy.net/_api/web/title
Authorization: Bearer <the token>
Accept: application/json;odata=verbose

But this sends a 302 redirect to https://login.microsoftonline.com. I've tried to emulate the handshake being done when using the browser by posting the token as "id_token=" to the app proxy, but this seems a little far fetched and not intended by the Azure Application Proxy setup.

I think the missing part is to enable token based authentication for the on-premise SharePoint. I could not find anything on how to do that. I was considering investigating in a setup for SharePoint Apps (now add-ins) on the on-premise server. I doubt that this will solve the issue. I tried to connect the server to AAD using the follwing method: How to: Use an Office 365 SharePoint site to authorize provider-hosted apps on an on-premises SharePoint site. Again this was more of a shot in the dark.

Question

How can I obtain a token for AAD and use it to execute requests against an on-premise SharePoint from a Cordova mobile app?

来源:https://stackoverflow.com/questions/30643760/access-sharepoint-on-premise-with-a-token-obtained-from-azure-ad-and-adal

标签
cordova
authentication
sharepoint
azure-active-directory
adal
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!