ADAL Rest API SharePoint Online

%3CLINGO-SUB%20id%3D%22lingo-sub-173594%22%20slang%3D%22en-US%22%3EADAL%20Rest%20API%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-173594%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Guys%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIs%20it%20possible%20to%20secure%20access%20to%20the%20SharePoint%20Rest%20APIs%20using%20ADAL%3F%20getting%20confused%20messages%20from%20blog%20posts%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20have%20created%20an%20%22Application%20Registration%22%20in%20Azure%20Active%20Directory%20and%20and%20I%20can%20authenticate%20using%20its%20secret%20to%20get%20a%20token.%20However%20when%20I%20pass%20the%20token%20as%20part%20of%20my%20SharePoint%20rest%20call%20I%20get%20a%20401%20error.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20have%20done%20something%20similar%20using%20Dynamics%20and%20ADAL%20and%20I%20had%20to%20assign%20rights%20to%20the%20registered%20application%20within%20Dynamics.%20I%20did%20not%20do%20this%20in%20SharePoint%20however%20I%20did%20give%20it%20Application%20Rights%20in%20the%20Azure%20portal%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%3C%2FP%3E%0A%3CP%3EJoe%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-175889%22%20slang%3D%22en-US%22%3ERe%3A%20ADAL%20Rest%20API%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-175889%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3EHi%20Franck%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ENot%20had%20a%20chance%20yet.%20Thinking%20of%20using%20the%20SharePoint%20CSOM%20and%20wrap%20this%20in%20an%20API%20which%20we%20can%20call%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3Ethanks%20for%20you%20help%3CBR%20%2F%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3ECheers%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3EJoe%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-175887%22%20slang%3D%22en-US%22%3ERe%3A%20ADAL%20Rest%20API%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-175887%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F129902%22%20target%3D%22_blank%22%3E%40Joe%20Gill%3C%2FA%3E%26nbsp%3BDo%20you%20still%20have%20issues%20with%20this%3F%20Did%20you%20try%20the%20certificate%20approach%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-174500%22%20slang%3D%22en-US%22%3ERe%3A%20ADAL%20Rest%20API%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-174500%22%20slang%3D%22en-US%22%3E%3CP%3EYes%20it%20is%20possible%20to%20use%20ADAL%20for%20server-to-server%20authentication%20using%20app-only%20access.%20However%2C%20you%20will%20need%20a%20certificate%20to%20get%20it%20work%20with%20Azure%20AD.%20More%20info%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fsolution-guidance%2Fsecurity-apponly%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%20%3C%2FA%3E%26amp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fsolution-guidance%2Fsecurity-apponly-azuread%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20why%20you%20get%20a%20401%20status%20because%20you%20don't%20have%20one.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFranck.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-174430%22%20slang%3D%22en-US%22%3ERe%3A%20ADAL%20Rest%20API%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-174430%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Franck%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20gave%20the%20application%20rights%20as%20follows%20in%20Azure%20AD.%20Just%20trying%20to%20go%20a%20GET%20to%20read%20items%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIs%20it%20possible%20to%20use%20ADAL%20for%20server%20to%20server%20authentication%20to%20SharePoibt%20online%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%3C%2FP%3E%0A%3CP%3EJoe%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20561px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F30727i4909E90A8D72FBE0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22sahrepoint.png%22%20title%3D%22sahrepoint.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-174408%22%20slang%3D%22en-US%22%3ERe%3A%20ADAL%20Rest%20API%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-174408%22%20slang%3D%22en-US%22%3E%3CP%3EMaybe%20this%20webcast%20could%20give%20you%20also%20some%20more%20insights%20on%20securely%20accessing%20APIs%20using%20the%20SharePoint%20FrameWork%20(SPFx).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdev.office.com%2Fblogs%2Fcalling-enterprise-applications-securely-from-sharepoint-framework%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdev.office.com%2Fblogs%2Fcalling-enterprise-applications-securely-from-sharepoint-framework%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-174243%22%20slang%3D%22en-US%22%3ERe%3A%20ADAL%20Rest%20API%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-174243%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F129902%22%20target%3D%22_blank%22%3E%40Joe%20Gill%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECan%20you%20tell%20us%20what%20SharePoint%20resource%20you%20are%20trying%20to%20access%20to%20(i.e%20what%20is%20your%20REST%20call)%20and%20what%20permissions%20you've%20set%20for%20your%20AAD%20app%3F%20It%20can%20be%20simply%20a%20normal%20behavior%20due%20to%20insufficient%20permissions.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi Guys,

 

Is it possible to secure access to the SharePoint Rest APIs using ADAL? getting confused messages from blog posts

 

I have created an "Application Registration" in Azure Active Directory and and I can authenticate using its secret to get a token. However when I pass the token as part of my SharePoint rest call I get a 401 error.

 

I have done something similar using Dynamics and ADAL and I had to assign rights to the registered application within Dynamics. I did not do this in SharePoint however I did give it Application Rights in the Azure portal

 

Thanks

Joe

 

 

6 Replies
Highlighted

Hi @Joe Gill,

 

Can you tell us what SharePoint resource you are trying to access to (i.e what is your REST call) and what permissions you've set for your AAD app? It can be simply a normal behavior due to insufficient permissions.

Highlighted

Maybe this webcast could give you also some more insights on securely accessing APIs using the SharePoint FrameWork (SPFx).

 

https://dev.office.com/blogs/calling-enterprise-applications-securely-from-sharepoint-framework 

Highlighted

Hi Franck,

 

I gave the application rights as follows in Azure AD. Just trying to go a GET to read items

 

Is it possible to use ADAL for server to server authentication to SharePoibt online?

 

Thanks

Joe

 

sahrepoint.png

Highlighted

Yes it is possible to use ADAL for server-to-server authentication using app-only access. However, you will need a certificate to get it work with Azure AD. More info here here.

 

This is why you get a 401 status because you don't have one.

 

Franck.

 

 

 

Highlighted

@Joe Gill Do you still have issues with this? Did you try the certificate approach?

 

Thanks!

Highlighted

Hi Franck

 

Not had a chance yet. Thinking of using the SharePoint CSOM and wrap this in an API which we can call

 

thanks for you help

Cheers

Joe