Forum Discussion
SharePoint Add-In not working with Azure App Service Authentication: CSRF issue
Hello,
I have a SharePoint Add-In hosted in an Azure Web App. After turning on the App Service Authentication (Azure AD is the authentication provider), I got a HTTP 403 status when accessing the Add-In from a SharePoint site.
For those that doesn't know how the authentication and authorization flow works in a provider-hosted SharePoint Add-In, check https://msdn.microsoft.com/en-us/library/office/fp142382.aspx.
When SharePoint sends the POST request with the context token to the Azure Web App, the IIS module 'EasyAuthModule_32bit' considers this as a threat (Cross-site request forgery). The origin of the request is [tenant].sharepoint.com and the domain of the Azure Web App is [webapp].azuresites.net.
Is there any way to configure this module in order to allow the requests that are coming from an specific domain (e.g. *.sharepoint.com)?
Thanks,
Ricardo
1 Reply
- Hi,
The issue has been solved in http://stackoverflow.com/a/42725165/7581938
Regards,
Ricardo
