SOLVED
Home

AJAX call from Sharepoint Online to Azure Web Application with AAD authentication

Highlighted
Michal Guzowski
Contributor

Hi everyone,

 

I need your help.

 

I have web service on Azure. I'm making AJAX call to it from SPO (CORS implemented). If there is no authentication everything is fine. But then when I turn on AAD authentication for web service then it's not working and I get:

"XMLHttpRequest cannot load https://<App_URL>. Redirect from https://<App_URL> to 'https://login.windows.net/some_guid/oauth2_tokens/etc has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://<tenant_name>.sharepoint.com' is therefore not allowed access."

 

I assume that it's because my web service makes redirection to login.windows.net and such redirection is not properly handled in terms of CORS.

 

I'm in the dead end. How to resolve such issue? Any ideas, solutions, advices?

 

Thanks in advance

3 Replies
Thanks for response.
Unfortunately that works only if user accessed directly web service at least one time. If not - same error as before. It's strange because web service does not require user assignment to access. Possible bug? What's a workaround? Access using app perms?
Solution

I finally resolve my issue.

Since adal.js does not support app permissions (client id + secret) the only option to prevent issue when user does not visit app directly for the first time is to handle that manually. In other words I catch onerror event when sending XMLHttpRequest, set some flags (just to prevent loopback) and redirect user to special endpoint on my web service. This endpoint redirect user back where he comes from and that's it. Every next access to the Sharepoint page does not require such roundtrip since app has been visited for the first time and now pure adal.js works fine (adviced by @Pieter Veenstra).

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
48 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies