cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

JSOM - Access Web API secured with Azure AD

Kolitha de Silva
Copper Contributor

‎Aug 20 2016 01:14 PM

‎Aug 20 2016 01:14 PM

JSOM - Access Web API secured with Azure AD

Any sample code on how to access an Azure AD secured web api from JSOM? I have see the samples with ADAL and those are mostly SPA applications. I want to access this from a script embedded in a script editor web part.

Labels:
1,699 Views
2 Likes
6 Replies
Reply
6 Replies
best response confirmed by VI_Migration (Silver Contributor)
Wictor Wilen

‎Aug 21 2016 06:35 AM

‎Aug 21 2016 06:35 AM

Solution

RE: JSOM - Access Web API secured with Azure AD

This is something that will not work as you expect. ADAL relies on that the domains SharePoint site, your web API, (ADFS, ) as well as the login.windows.net are all in the same zone (for internet explorer). This is most often not the case. Users want SharePoint domains etc to be in the intranet zone so that you get the single-sign-on experience with ADFS, Open with Explorer and other, and you do not want login.windows.net to be in the intranet zone, since that will in the end require you to have all Microsoft sites/services in the intranet zone. So, at the moment there is not way to get it to work properly. Unless you can assume all users use Chrome, they don't want SSO and they don't use Open With Explorer.
3 Likes
Reply
Kolitha de Silva

‎Aug 22 2016 01:44 PM

‎Aug 22 2016 01:44 PM

Re: RE: JSOM - Access Web API secured with Azure AD

Thanks Wictor for the response. This is a real pain when migrating on-prem solutions which require integrations to on-prem systems. Not all wants to maintain an on-prem SharePoint server or use additional Azure paid services :)

0 Likes
Reply
Kiril Iliev

‎Aug 23 2016 07:26 AM

‎Aug 23 2016 07:26 AM

Re: JSOM - Access Web API secured with Azure AD

We have successfully implemented Azure AD secured Web API utilizing our own wrapper over Adal.js library. The sole purpose of the wrapper was to provide a silent login experience.

 

Out of the box the Azure ADAL.js would redirect you to the login page of Azure where your users login would login automatically (SSO experience) if they are already logged in SharePoint.

 

We are yet to find a way to create a SharePoint client context on the server using the adal token generated for the authentication. If anyone has encountered this, please share. :)

0 Likes
Reply
Mudasar Syed

‎Jan 19 2017 01:11 PM

‎Jan 19 2017 01:11 PM

Re: JSOM - Access Web API secured with Azure AD

Hi Kiril,

We have a similar requirment of securing a webapi hosted on azure webapp using Azure AD. We are facing a issue while generating the access token from ADALJs. Please can you share some sample code for this. @Kiril Iliev

0 Likes
Reply
Mudasar Syed

‎Jan 20 2017 07:41 AM

‎Jan 20 2017 07:41 AM

Re: JSOM - Access Web API secured with Azure AD

Hi @Kiril Iliev : Thanks for pointing to this links. Yes i had already looked into it while researching.  I am getting a below error. 

 

"ADAL error occurred: Token renewal operation failed due to timeout" while using the front end authentication code snippet

 

Regards,

Syed

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by VI_Migration (Silver Contributor)
Wictor Wilen

‎Aug 21 2016 06:35 AM

‎Aug 21 2016 06:35 AM

Solution

RE: JSOM - Access Web API secured with Azure AD

This is something that will not work as you expect. ADAL relies on that the domains SharePoint site, your web API, (ADFS, ) as well as the login.windows.net are all in the same zone (for internet explorer). This is most often not the case. Users want SharePoint domains etc to be in the intranet zone so that you get the single-sign-on experience with ADFS, Open with Explorer and other, and you do not want login.windows.net to be in the intranet zone, since that will in the end require you to have all Microsoft sites/services in the intranet zone. So, at the moment there is not way to get it to work properly. Unless you can assume all users use Chrome, they don't want SSO and they don't use Open With Explorer.

View solution in original post

3 Likes
Reply