Feb 17 2017 09:14 AM
Hello,
I have a SharePoint Add-In hosted in an Azure Web App. After turning on the App Service Authentication (Azure AD is the authentication provider), I got a HTTP 403 status when accessing the Add-In from a SharePoint site.
For those that doesn't know how the authentication and authorization flow works in a provider-hosted SharePoint Add-In, check this.
When SharePoint sends the POST request with the context token to the Azure Web App, the IIS module 'EasyAuthModule_32bit' considers this as a threat (Cross-site request forgery). The origin of the request is [tenant].sharepoint.com and the domain of the Azure Web App is [webapp].azuresites.net.
Is there any way to configure this module in order to allow the requests that are coming from an specific domain (e.g. *.sharepoint.com)?
Thanks,
Ricardo
Mar 13 2017 04:51 AM