SharePoint 2013 on-premise REST APIs authentication from web application hosted outside SharePoint

%3CLINGO-SUB%20id%3D%22lingo-sub-49603%22%20slang%3D%22en-US%22%3ESharePoint%202013%20on-premise%20REST%20APIs%20authentication%20from%20web%20application%20hosted%20outside%20SharePoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-49603%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20requirement%20wherein%2C%20we%20will%20need%20to%20retreive%20some%20data%20from%20sites%20and%20lists%20hosted%20in%20SharePoint%202013%20on-premise%20into%20an%20externally%26nbsp%3Bhosted%26nbsp%3B.Net%20web%20application.%20The%20obvious%20thought%20was%20to%20the%20execute%20SharePoint%26nbsp%3BREST%20APIs%20from%20the%20externally%20hosted%20.Net%20web%20application%20however%2C%20we%20got%20stuck%20with%20the%20authentication%20issue%20as%20it%20will%20be%26nbsp%3Bcross-domain.%3CBR%20%2F%3EThe%20.Net%20web%20application%20is%20also%20expected%20to%20support%20AD%20authentication%20however%2C%20how%20to%20get%20it%20to%20pass%20the%20same%20to%20the%20REST%20API%20request%3F%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EHence%2C%20we%20were%20thinking%20what%20are%20the%20options%2C%20one%20thought%20is%20to%20use%20the%20cross-domain%20library%20from%20SharePoint%20however%2C%20we%20couldn't%20find%20samples%20around%20this%20(most%20of%20what%20we%20find%20where%20actually%20related%20to%20apps%2Faddins).%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3ESo%2C%20is%26nbsp%3Bcross-domain%20library%20is%20the%20only%20option%20for%20our%20scenario%20or%20are%20there%20any%20more%20options%3F%20Please%20suggest.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-49603%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPIs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-282759%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202013%20on-premise%20REST%20APIs%20authentication%20from%20web%20application%20hosted%20outside%20SharePoi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-282759%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1930%22%20target%3D%22_blank%22%3E%40Devendra%20Singh%3C%2FA%3E%26nbsp%3Bdid%20you%20eventually%20solve%20this%20somehow%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-49877%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202013%20on-premise%20REST%20APIs%20authentication%20from%20web%20application%20hosted%20outside%20SharePoi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-49877%22%20slang%3D%22en-US%22%3E%3CP%3EBelieve%20you%20mean%20establishing%20a%20server%20to%20server%20trust%3F%3C%2FP%3E%3CP%3EIn%20case%20there%20are%20any%20blogs%2Farticles%20that%20provide%20additioanl%20details%20on%20how%20to%20setup%20this%20for%20an%20on-premise%20scenarios%20will%20be%20helpful.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-49797%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202013%20on-premise%20REST%20APIs%20authentication%20from%20web%20application%20hosted%20outside%20SharePoi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-49797%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20S2S%20methods%20are%20for%20on-prem.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-49703%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202013%20on-premise%20REST%20APIs%20authentication%20from%20web%20application%20hosted%20outside%20SharePoi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-49703%22%20slang%3D%22en-US%22%3E%3CP%3EI%20believe%20tokenhelper%20will%20be%20useful%20in%20SharePoint%20Online%20scenarios%20however%2C%20as%20mentioned%20we%20are%20completely%20working%20on%20SharePoint%20On-premise.%3C%2FP%3E%3CP%3ESo%2C%20both%20SharePoint%20and%20.Net%20web%20application%20reside%20on-premise%20however%20hosted%20separately%20in%20different%20envrionments%20in%20on-premise.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-49640%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202013%20on-premise%20REST%20APIs%20authentication%20from%20web%20application%20hosted%20outside%20SharePoi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-49640%22%20slang%3D%22en-US%22%3E%3CP%3EYour%20.Net%20web%20application%20will%20need%20to%20use%20the%20TokenHelper.cs%20classes%20to%20request%20an%20access%20token.%20That%20access%20token%20must%20be%20sent%20in%20the%20Authorization%20header.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnless%20you%20have%20already%20configured%20your%20farm%20to%20connect%20with%20an%20O365%20tenant%2C%20you%20should%20use%20the%20S2S%20methods%20in%20TokenHelper.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

We have a requirement wherein, we will need to retreive some data from sites and lists hosted in SharePoint 2013 on-premise into an externally hosted .Net web application. The obvious thought was to the execute SharePoint REST APIs from the externally hosted .Net web application however, we got stuck with the authentication issue as it will be cross-domain.
The .Net web application is also expected to support AD authentication however, how to get it to pass the same to the REST API request?
 
Hence, we were thinking what are the options, one thought is to use the cross-domain library from SharePoint however, we couldn't find samples around this (most of what we find where actually related to apps/addins).
 
So, is cross-domain library is the only option for our scenario or are there any more options? Please suggest.

5 Replies

Your .Net web application will need to use the TokenHelper.cs classes to request an access token. That access token must be sent in the Authorization header.

 

Unless you have already configured your farm to connect with an O365 tenant, you should use the S2S methods in TokenHelper.

I believe tokenhelper will be useful in SharePoint Online scenarios however, as mentioned we are completely working on SharePoint On-premise.

So, both SharePoint and .Net web application reside on-premise however hosted separately in different envrionments in on-premise.

Believe you mean establishing a server to server trust?

In case there are any blogs/articles that provide additioanl details on how to setup this for an on-premise scenarios will be helpful.