SharePoint Add-In not working with Azure App Service Authentication: CSRF issue

Copper Contributor

Hello,

 

I have a SharePoint Add-In hosted in an Azure Web App. After turning on the App Service Authentication (Azure AD is the authentication provider), I got a HTTP 403 status when accessing the Add-In from a SharePoint site.

 

For those that doesn't know how the authentication and authorization flow works in a provider-hosted SharePoint Add-In, check this.

 

When SharePoint sends the POST request with the context token to the Azure Web App, the IIS module 'EasyAuthModule_32bit' considers this as a threat (Cross-site request forgery). The origin of the request is [tenant].sharepoint.com and the domain of the Azure Web App is [webapp].azuresites.net.

 

Is there any way to configure this module in order to allow the requests that are coming from an specific domain (e.g. *.sharepoint.com)?

 

Thanks,

Ricardo

1 Reply