There is a Sharepoint 2013 installation which uses ADFS for authentication with the internal domain controller. The need is to write a console app/android app which can browse to a folder and then upload a document into sharepoint server. The problem I am facing is how to authenticate because the SAML 2.0 ECP profile which is required for non-browser based SAML authentication is not supported by ADFS. Is there any way in which the application can be written or is it not possible at all.
Check the code sample available here:
Remote Authentication in SharePoint Online Using the Client Object Model
The idea is to simulate a user browsing Sharepoint to retrieve the FedAuth authentication cookie, and then using this cookie in your app to perform other Sharepoint calls.
Related
I am using FBA authentication model into one of SP WebApplications in our SP 2013 farm to give users outside the AD, accessibility to one of SPSite so they can access the lists & Libraries and run sharepoint apps ..
for that I installed & configured the components necessary to enable & manage the FBA users easily by following the steps in the great article made by Sean Earp
Configuring SharePoint 2013 Forms-Based Authentication with SQLMemberShipProvider
Now I am able to acess my SPsite using FBA users and see the Libraries & Apps inside the SharePoint site. and when I try to access one of the provider-hosted apps, the request redirected to the remote web using the FBA account correctly, but I didn't have any access to web-app or host-app from the remote website.
Is there any restriction to access sharepoint-hosted apps using FBA authentication model in SharePoint 2013.
You need to made some entry in your remote IIS site's web.config file.
Check below link. It might be helpful for you
http://www.sharepointpals.com/post/How-to-create-a-Provider-Hosted-Application-on-Form-Based-Authentication-WebApplication-in-SharePoint-2013
I have a custom c# windows forms application. How can I authenticate to Office 365 SharePoint Online in order to issue HttpWebRequest to customer web-sites using ACS tokens.
User will provide username and password and based on that I want to generate an ACS token that will allow the application to make requests on customer web-site. Also I want to be able to regenerate the token if it's expired, without reprompting username and password if possible.
if this will be a provider hosted app, then no problem is easy to do it but how can I achieve this from a custom application which is not a SharePoint app?
You will have to rewrite the code which supports [SharePointContextFilter] attribute which does the work in provider hosted app. Or port your web forms application to a provider hosted app template and deploy.
We have Sharepoint 2013 single server farm and another one server with ADFS 2.0
Now configure sharepoint site with below steps:
Install ADFS 2.0
Configure ADFS with the web application as a relying party
Configure SharePoint Server 2013 to trust ADFS as an identity provider
Configure the web application to use claims-based authentication.
Demonstrate SAML-based claims authentication from SharePoint web application
and it will working fine with sharepoint.
Now we add one provider hosted app with this sharepoint site but we get some error.
1. When deploy from VS2012 it will give an error
"Error occurred in deployment step 'Install app for SharePoint': The System Account cannot perform this action."
second way we are upload app file into app catalog and try to add this app in to sharepoint site.
Error : “Application error when access /_layouts/15/appInv.aspx, Error=This App is not installed on this site. at Microsoft.SharePoint.Lifecycle.SprocWrappers.GetAppInstanceById(SqlSession dbSessionWrapper, Guid siteId, Guid webId, Guid instanceId, Int32 lcid) at Microsoft.SharePoint.Administration.SPAppCatalog.GetAppInstance(SPWeb web, Guid appInstanceId) at Microsoft.SharePoint.ApplicationPages.AppInvPage.SetControlStateUsingAppInstanceId(String appInstanceId) at Microsoft.SharePoint.ApplicationPages.AppInvPage.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)”
This issue may be due to claim base authentication in sharepoint 2013 site. because this app will working fine in windows base authenication sharepoint site.
I faced the same issue but I was not using ADFS. For me the solution was to use another account for installing the High Trust Provider-Hosted app. The server farm account should not be used for other services. Try using another account that has required permissions.
Is it possible to use sharepoint as an authentication provider?
This is my setup:
Server A -> IIS web application loading custom dll's for different user providers
Server B -> Sharepoint 2007
Server C & D -> Multiple AD's
Sharepoint is configured to use multiple AD's as user provider
This is what I want to achieve:
A user enters his sharepoint credentials in the web application, this automaticly loads the dll (which I need to create)
This dll then forwards the credentials somehow to sharepoint and retreives some sort of user object.
The dll parses the sharepoint user object to it's own class and sends it back to the webapp.
Is this possible? If yes, what would be the best way to do this? I know sharepoint has webservices etc but I don't know if this could work.
All servers are in the same network, accessed locally so passing the credentials isn't a big problem.
UserGroup Web Service
Did you consider using the UserGroup Web Service, http://msdn.microsoft.com/en-us/library/websvcusergroup.aspx.
Available at http://sharepointserver/_vti_bin/UserGroup.asmx
It has the GetUserInfo method, http://msdn.microsoft.com/en-us/library/websvcusergroup.usergroup.getuserinfo.aspx
Authentication Web Service
There is also the Authentication Web Service, but it only return the login result, http://msdn.microsoft.com/en-us/library/websvcauthentication.aspx
Great for checking the validity of a user anyway.
Available at http://sharepointserver/_vti_bin/Authentication.asmx
Can i install the appfabric on my private servers and get the same services that ACS provides in the cloud? specifically I want to be able to accept Live Id, Goggle and Facebook logins in my asp.net mvc application but I don't want to use Azure or pay for another cloud based product.
You can do this without ACS. The Facebook etc. integration is simply an OAuth / OpenID interface on the other side of ACS.
As an example see Sign into SharePoint 2010 with Facebook using a custom STS.
You'll see it refers to a custom C# class which is used to do the actual work of the oAuth 2.0 authentication. You can do a similar thing from your ASP app.
Also have a look at DotNetOpenAuth. This supports OpenID 2.0 and 1.x and OAuth 1.0 and 1.0a.