I wrote a very simple sharepoint hosted app (2013). I kept getting a lot of windows credential prompt, asking for domain user name and password when I tried to deploy to my development server.
I have a separated app domain setup. Also, from the vs2013 deploying output, it shows the app successfully deployed to my hosted web.
When I go to the site (hosted web), I can see the link of my app is appearing on the left hand nav panel, inside of the Recent section.. However, when I click on the link again, the windows security prompts and asking for my network credential. I kept entering it, but it just kept prompting...
My app url is: app-47294dea293202.appDomainName.com usually if this is my regular IIS web, I will go and check the IIS authentication and try to enable/disable the anonymous/windows login, but in this kind of url, where I can go and tweak that?
I have been trying to fix this issue for many hours, I felt really exhausted working with Sharepoint 2013..
Open Internet Explorer -> Internet Options -> Tab Security -> Local Intranet -> Click Sites -> Advanced -> Add the link http(or https) ://*.appDomainName.com.
This is append because the url is not recognize as Local Intranet and IE doesn't pass the current credentials, check also:
Internet Explorer -> Internet Options -> Tab Advanced -> Under Security Group -> Enable Integrated Windows Authentication is checked (This options pass the current credentials on Local Intranet Site).
You can try also the Disable the loopback check
Related
For a reporting application deployed on AWS it is required to enable SSO for the users to access it -
The users are to access the application from their office PCs only within the company network.
The application endpoints are protected by an API gateway to only allow access from internal company network.
Once the user clicks on the URL for the reporting application, the app should authenticate the logged in user with the enterprise AD to ensure that the logged in user is a valid one and that they belong to the correct AD groups that are allowed access to the application.
If the authentication and authorization check is passed then the application should allow access to the user or else prompt up a login page to enter the credentials manually.
Can you advise what would be the best approach to set this up ? We have ADFS deployed on our company infrastructure (not sure of the version) so was wondering if we could use that or instead rely on Windows Kerberos authentication to get tokens to allow the user access.
What would be a better approach or more importantly what would be faster to setup. Completely new to SSO and ADFS in general so appreciate your responses.
Thanks!
Raunak
I would recommend you to use ADFS as it is much easier to integrate web apps with ADFS compare to Kerberos.
Kerberos might be tricky. I see you mentioned the reporting app will only be used from company's internal network, but you may still get into the troubles with Kerberos because it requires certain browser setup on the end user machines. On Windows you will have to ensure some IE settings:
IE -> Internet Options -> Security -> Local intranet -> Custom Level -> Make sure you have "Automatic logon only in Intranet zone" is selected.
IE -> Internet Options > Advanced -> make sure "Enable Integrated Windows Authentication" is on
It is very likely that you will also need to add your reporting application URL to the list of intranet sites and trusted sites on each user's PC (in case you use a custom domain name for your app, i.e. not an local server name in your domain)
Other browsers than IE may need a different setup, you can read more details here
I believe it is also a bit more complicated to work with the AD groups as you can only get a user name from a Kerberos token. Then you will have to make an additional call directly to AD to find user's groups. With ADFS you can get groups right from the token (as claims).
Here is a good manual on how to integrate your web app with ADFS: https://auth0.com/docs/connections/enterprise/adfs
As a collection administrator I am not able to access site settings on SharePoint site collection. if I click on site settings it showing "sorry, this site has doesn't share with you". But I login using site collection administrator account on dev server.
If I create new site collection with same web application I can access everything. one more thing I restored production database on this server and I associated with this web application.
I hope anyone can help to this issue please.
This might happen as the production environment will have different users and when you restore it to your development environment, your development environment changes were override.
To fix this issue, go to Central Administration -> Application management. Under site collection section, click on "Change site collection administrators".
In this select your site collection. Change site collection administrator and click ok.
I have a provider hosted app (a normal asp.net web forms application) deployed on a typical web server IIS 7.5.
While launching the app from SharePoint Site in Office 365 Multi Tenant, it's throwing the below issue on App launch.
On capturing details using Fiddler, found the following when the app is launched
SPAppToken=&SPSiteUrl=https%3A%2F%2Fabc.sharepoint.com%2Fsites%2Fspdev%2Famsdev%2Famitamsdev&SPSiteTitle=amitamsdev&SPSiteLogoUrl=%2Fsites%2Fspdev%2FSiteAssets%2Flogo.gif&SPSiteLanguage=en-US&SPSiteCulture=en-US&SPRedirectMessage=EndpointAuthorityMatches&SPCorrelationId=31477a9c-2902-204a-8393-67eced1a10b8&SPErrorCorrelationId=31477a9c-2902-204a-8393-67eced1a10b8&
SPErrorInfo=The+requested+operation+requires+an+HTTPS+%28SSL%29+channel.++Ensure+that+the+target+endpoint+address+supports+SSL+and+try+again.++Target+endpoint+address
The SPErrorInfo Part is interesting. I am unable to confirm whether we really need the remote site to be configured for https?
Additional Information - Identity Provider is ACS and it is a low trust app.
Can someone suggest?
Regards,
Nitin Rastogi
In a production environment, you should always be using HTTPS. If you don't, you're exposing yourself (and your organization) to many risks.
If this is your development environment and you are confident this isn't an issue, you may want to look at the accepted answer to this question on the MSDN forums, which mentions the same error message. Their solution to bypass the HTTPS checking:
$c = Get-SPSecurityTokenServiceConfig
$c.AllowMetadataOverHttp = $true
$c.AllowOAuthOverHttp=$true
$c.Update()
When packaging the SharePoint App from Visual Studio, you must ensure that the URL you use is using HTTPS:
In IIS, add an HTTPS binding to the site to achieve this. You would have to reupload the App to SharePoint after packaging it with the new HTTPS URL.
More information here.
When I try to open Visio documents uploaded to my SharePoint site, I get "the server failed to process the request" error. Any help is appreciated!
Here are the steps that I followed that fixed the issue:
Open SharePoint Central Administration on SharePoint server.
Manage service applications (under Application Management).
Select Visio Graphics Service -> Properties
Check what Application Pool is used (SharePoint Web Services Default in my case).
Open IIS -> Application Pools.
Visio App Pool is usually represented by a GUID name. To get the name:
Open SharePoint Management Shell (run as administrator)
Run command: Get-SPServiceApplicationPool | Select Id, Name
Find Id of App Pool (from step 4)
Find the same id in IIS under Name column and check the value in Identity column
Remote to the sql server
Open Sql Server Management Studio -> Connect
Expand the databases that stores your SharePoint content -> Security -> Users
Right click user name obtained in step 6d -> Properties
In Owned Schema and Membership check db_owner
You shouldn't mess with Database unless absolutely necessary. Try this:
$webApp = Get-SPWebApplication http://contoso.com
$webApp.GrantAccessToProcessIdentity("contoso\ServiceAppID")
In our situation, there were errors in event log on the app and WFEs for a bunch of services including the Visio graphic service:
System.IO.FileLoadException: Loading this assembly would produce a different grant set from other instances
I went in to the Visio Graphics Service Settings > Global Settings and looked at the value in the Unattended Service Account, meaning it was registered with the secure store service. I went in to the secure store service and got the following error:
Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator
Recycling IIS on our app server resolved both the issues, so obviously the services having problems were a result of the secure store service being down.
If in the Windows Events the following error is being logged:
Failed to access the cache.
Then, on your SharePoint Web Front End servers, run the following command in the command prompt or PowerShell:
iisreset -noforce
I have a problem for a few months now...
I have a web service and a client using the web service.
When i try to add the web service to the client(with "Add Web Reference.."), i search for web services on the local machine and finds it. but when i click it in order to add it to the project i get a prompt dialog asking me for username and password.
I recall times when i didn't have this dialog and I'm not sure why this happens now...
the Web.config file of the web service contains <authentication mode="Windows" />
Few details:
I'm using Visual Studio 2008 Standard.
the programs are written in C#.
I'm using IIS 5.1 and the web service configured only with "Integrated Windows Authentication" checked.
in my windows XP I'm using (in order to login) a user name and password.
No matter what i do to add the web Service to the client i can't add it. it fails.
Check to see if your web project (client) is running on vs2008's built-in web server... under Project -> Properties -> Web section.
If not, can you check those same settings on the web service project and try connecting with both options?
That should do it.
**from comments above
I would recommend that you check and see if you have the option NTLM Authentication checked under Project Properties -> Web. If you uncheck this option you should be able to add the Web Service without having to authenticate.
http://msdn.microsoft.com/en-us/library/aa378749.aspx