none
SharePoint online authentication using REST API/Java Script RRS feed

All replies

  • Hello Deepak,

    Please try the following blog, it may help you.

    https://pholpar.wordpress.com/2013/05/11/accessing-office-365-sharepoint-sites-using-rest-from-a-local-html-javascript-host/


    Thanks Ravikant Chaturvedi

    Monday, April 1, 2019 9:20 AM
  • Hi Ravikant,

    Thanks !! 

    I have tried with above link but it's now working.

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Monday, April 1, 2019 10:14 AM
  • Hi Deepak,

    The following JavaScript code for your reference.

    <script src="https://code.jquery.com/jquery-1.12.4.min.js" type="text/javascript"></script>
    <script type="text/javascript">
    var username="dennis@tenant.onmicrosoft.com";
    var password="xxx";
    var siteUrl="https://tenant.sharepoint.com";
    
    var loginUrl = siteUrl + "/_forms/default.aspx?wa=wsignin1.0";
    var token;
    var digest;
    $(function(){
    	Authenticate();
    });
    function Authenticate() {	
    	var requestBody='<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'
    					+'<s:Header>'
    					+'	<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>'
    					+'	<a:ReplyTo>'
    					+'	  <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>'
    					+'	</a:ReplyTo>'
    					+'	<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>'
    					+'	<o:Security s:mustUnderstand="1"'
    					+'	   xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">'
    					+'	  <o:UsernameToken>'
    					+'		<o:Username>'+username+'</o:Username>'
    					+'		<o:Password>'+password+'</o:Password>'
    					+'	  </o:UsernameToken>'
    					+'	</o:Security>'
    					+'  </s:Header>'
    					+'  <s:Body>'
    					+'	<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">'
    					+'	  <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">'
    					+'		<a:EndpointReference>'
    					+'		  <a:Address>'+loginUrl+'</a:Address>'
    					+'		</a:EndpointReference>'
    					+'	  </wsp:AppliesTo>'
    					+'	  <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>'
    					+'	  <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>'
    					+'	  <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>'
    					+'	</t:RequestSecurityToken>'
    					+'  </s:Body>'
    					+'</s:Envelope>';
    	$.support.cors = true;
        $.ajax({
            url: 'https://login.microsoftonline.com/extSTS.srf',
            dataType: 'xml',
    		crossDomain: true,
            type: 'POST',
            data:requestBody,
    		headers: { Accept: "application/soap+xml; charset=utf-8" },
            success: function (data, textStatus, result) {
    			token = $(result.responseText).find("wsse\\:BinarySecurityToken").text();
    			getFedAuthCookies();
    			//refreshDigestViaREST();
            },
    		error: function (error) {
    			alert(JSON.stringify(error));
    		}
        });
    }
    function getFedAuthCookies(){
    	$.support.cors = true; // enable cross-domain query
    	$.ajax({
    		url: loginUrl,
    		type: 'POST',
    		data: token,
    		crossDomain: true, // had no effect, see support.cors above
    		contentType: 'application/x-www-form-urlencoded',	
    		success: function (data, textStatus, result) {			
    			refreshDigestViaREST();
    		},
    		error: function (error) {
    			alert(JSON.stringify(error));
    		}
    	});
    }
    function refreshDigestViaREST(){
    	var tokenReq = '<?xml version="1.0" encoding="utf-8"?>';
    		tokenReq += '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance&quot; xmlns:xsd="http://www.w3.org/2001/XMLSchema&quot; xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">';
    		tokenReq += '  <soap:Body>';
    		tokenReq += '    <GetUpdatedFormDigestInformation xmlns="http://schemas.microsoft.com/sharepoint/soap/&quot; />';
    		tokenReq += '  </soap:Body>';
    		tokenReq += '</soap:Envelope>';
    	$.support.cors = true; // enable cross-domain query
    	$.ajax({
    		type: 'POST',
    		data: tokenReq,
    		crossDomain: true, // had no effect, see support.cors above
    		contentType: 'text/xml; charset="utf-8"',
    		url: siteUrl + '/_api/contextinfo',
    		dataType: 'xml',
    		success: function (data, textStatus, result) {  
    			digest = $(result.responseText).find("d\\:FormDigestValue").text();
    			CallSPOnline();
    		},
    		error: function (error) {
    			alert(JSON.stringify(error));
    		}
    	});
    }
    function CallSPOnline() {
       $.ajax({
    		url: siteUrl+"/_api/web",
    		dataType: 'JSON',
    		type: 'GET',
    		headers: { Accept: "application/json;odata=verbose" },
    		success: function (data) {
    			alert(data.d.Title);
    		},
    		error: function (error) {
    			alert(JSON.stringify(error));
    		}
    	});
    }
    </script>

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Tuesday, April 2, 2019 3:31 AM
    Moderator
  • Hi Dennis,

    Thank you for reply !

    I am not able to open below URL it's showing 404 Not found.

    "siteUrl + "/_forms/default.aspx?wa=wsignin1.0";"

    In console I it's showing below issue and response is showing as shown in below images.

    Browse Console 

    Outcome 

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Tuesday, April 2, 2019 7:43 AM
  • Hi,

    The "siteUrl" is root site collection URL, like "https://tenant.sharepoint.com".

    I modify the code as below.

    <script src="https://code.jquery.com/jquery-1.12.4.min.js" type="text/javascript"></script>
    <script type="text/javascript">
    var username="dennis@tenant.onmicrosoft.com";
    var password="xxx";
    var siteCollUrl="https://tenant.sharepoint.com/sites/dennis";
    var loginUrl = "https://tenant.sharepoint.com/_forms/default.aspx?wa=wsignin1.0";
    var token;
    var digest;
    $(function(){
    	Authenticate();
    });
    function Authenticate() {	
    	var requestBody='<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'
    					+'<s:Header>'
    					+'	<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>'
    					+'	<a:ReplyTo>'
    					+'	  <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>'
    					+'	</a:ReplyTo>'
    					+'	<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>'
    					+'	<o:Security s:mustUnderstand="1"'
    					+'	   xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">'
    					+'	  <o:UsernameToken>'
    					+'		<o:Username>'+username+'</o:Username>'
    					+'		<o:Password>'+password+'</o:Password>'
    					+'	  </o:UsernameToken>'
    					+'	</o:Security>'
    					+'  </s:Header>'
    					+'  <s:Body>'
    					+'	<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">'
    					+'	  <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">'
    					+'		<a:EndpointReference>'
    					+'		  <a:Address>'+loginUrl+'</a:Address>'
    					+'		</a:EndpointReference>'
    					+'	  </wsp:AppliesTo>'
    					+'	  <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>'
    					+'	  <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>'
    					+'	  <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>'
    					+'	</t:RequestSecurityToken>'
    					+'  </s:Body>'
    					+'</s:Envelope>';
    	$.support.cors = true;
        $.ajax({
    		url: 'https://login.microsoftonline.com/extSTS.srf',
    		dataType: 'xml',
    		crossDomain: true,
    		type: 'POST',
    		data:requestBody,
    		headers: { Accept: "application/soap+xml; charset=utf-8" },
    		success: function (data, textStatus, result) {
    			token = $(result.responseText).find("wsse\\:BinarySecurityToken").text();
    			getFedAuthCookies();			
    		},
    		error: function (error) {
    			alert(JSON.stringify(error));
    		}
        });
    }
    function getFedAuthCookies(){
    	$.support.cors = true; // enable cross-domain query
    	$.ajax({
    		url: loginUrl,
    		type: 'POST',
    		data: token,
    		crossDomain: true, // had no effect, see support.cors above
    		contentType: 'application/x-www-form-urlencoded',	
    		success: function (data, textStatus, result) {			
    			refreshDigestViaREST();
    		},
    		error: function (error) {
    			alert(JSON.stringify(error));
    		}
    	});
    }
    function refreshDigestViaREST(){
    	var tokenReq = '<?xml version="1.0" encoding="utf-8"?>';
    		tokenReq += '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance&quot; xmlns:xsd="http://www.w3.org/2001/XMLSchema&quot; xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">';
    		tokenReq += '  <soap:Body>';
    		tokenReq += '    <GetUpdatedFormDigestInformation xmlns="http://schemas.microsoft.com/sharepoint/soap/&quot; />';
    		tokenReq += '  </soap:Body>';
    		tokenReq += '</soap:Envelope>';
    	$.support.cors = true; // enable cross-domain query
    	$.ajax({
    		type: 'POST',
    		data: tokenReq,
    		crossDomain: true, // had no effect, see support.cors above
    		contentType: 'text/xml; charset="utf-8"',
    		url: siteCollUrl + '/_api/contextinfo',
    		dataType: 'xml',
    		success: function (data, textStatus, result) {  
    			digest = $(result.responseText).find("d\\:FormDigestValue").text();
    			CallSPOnline();
    		},
    		error: function (error) {
    			alert(JSON.stringify(error));
    		}
    	});
    }
    function CallSPOnline() {
       $.ajax({
    		url: siteCollUrl+"/_api/web",
    		dataType: 'JSON',
    		type: 'GET',
    		headers: { Accept: "application/json;odata=verbose" },
    		success: function (data) {
    			alert(data.d.Title);
    		},
    		error: function (error) {
    			alert(JSON.stringify(error));
    		}
    	});
    }
    </script>

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Tuesday, April 2, 2019 8:57 AM
    Moderator
  • Hi Dennis,

    I have change below parameter as my site collection in SharePoint Online but facing same issue in console and browser.

    username, password, siteCollUrl, loginUrl

    Can you please help me on this.

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Tuesday, April 2, 2019 9:23 AM
  • Hi Dennis,

    I am looking forward to hearing from you..

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Wednesday, April 3, 2019 9:04 AM
  • Hi Deepak,

    Please test it in IE browser to check if it works.

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, April 3, 2019 9:39 AM
    Moderator
  • Hi Dennis,

    Thanks !!

    I have checked in IE browser  but facing same above issue can you pleases let me know any other approach to achieve same functionality using client side object model.

    Thanks & Regards

    Deepak chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Wednesday, April 3, 2019 12:13 PM
  • Hi,

    If you use windows environment, we can using PowerShell with CSOM, or CSOM(C#) to access SharePoint Online contents.

    We can use Microsoft.SharePoint.Client.SharePointOnlineCredentials to pass credential.

    https://blogs.msdn.microsoft.com/kaevans/2014/02/23/call-o365-using-csom-with-a-console-application/

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, April 4, 2019 8:52 AM
    Moderator
  • Hi Dennis,


    We can't user CSOM actually we need to authenticate user in SharePoint online using JavaScript/REST API client object model.

    Can you please let me know any other approach to do same thing using JSOM.

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Friday, April 5, 2019 5:49 AM
  • Hi,

    Please save the code into .html file in the local PC and open the file using IE to check if it works.

    And try to add the SharePoint Online site url into trust site in IE.

    And check the articles below with similar error.

    https://stackoverflow.com/questions/20035101/why-does-my-javascript-get-a-no-access-control-allow-origin-header-is-present

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

    https://crunchify.com/how-to-fix-access-control-allow-origin-issue-for-your-https-enabled-wordpress-site-and-maxcdn/

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, April 5, 2019 6:32 AM
    Moderator
  • Hi Dennis,

    I have save file with .html extension and run into IE browser it's not responding as expected.

    Still I am facing same issue Can you please share with me any other approach using JSOM.

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Monday, April 8, 2019 8:20 AM
  • Hi All,

    I am looking for a solution so can you please share your suggestions to resolve this issue.

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Tuesday, April 9, 2019 6:48 AM
  • Hi All,

    I am looking for a solution.

    Thanks you for your understanding !

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Friday, April 12, 2019 6:26 AM
  • Hi,

    Did you use the Admin user to test the code?

    Why do you only want to use JavaScript with REST API to achieve it?

    To hard code the username and password in the JavaScript code have security issue. I do not suggest you use this way.

    If you want to access SharePoint in an asp.net project, I suggest you use CSOM to achieve it. Or create a web service with CSOM in a Server to achieve the business logic and consume the web service in JavaScript.

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, April 12, 2019 8:07 AM
    Moderator
  • Hi Dennis,

    Thank you for response !!

    We are working on SharePoint online environment and we don't have permission to deploy any app (SPH OR PHA) or web service over this so we are looking a solution via JavaScript/REST API.

    For user name and password user will insert credential on text boxes so not hard coded

    This will be good if we achieve it using JSOM.


    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Wednesday, April 17, 2019 12:04 PM
  • Hi,

    You can also create a windows form application with CSOM C# to achieve it.

    https://docs.microsoft.com/en-us/dotnet/framework/winforms/creating-a-new-windows-form

    http://csharp.net-informations.com/gui/cs_forms.htm

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, April 18, 2019 1:05 AM
    Moderator
  • Hi Dennis,

    Thank you for your continuous  suggestions  !!

    As discuss on my previous comment we can not use C# code or any window application.

    We are looking this solution for SP Online so this will be good if we are able to achieve this task using JavaScript/REST API

    I am looking for solution !!

     

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Wednesday, April 24, 2019 7:11 AM
  • Hi All,

    I am looking for Solution.

    Thanks & Regards

    Deepak Chauhan


    SharePoint 2010 & 2013 and Office-365 Branding and Front End Customization, UI Design

    Friday, May 3, 2019 5:36 AM
  • Hello Deepak,

    Was you able to resolve this?

    I am stuck into same issue but no success so any help would be appreciated.

    Thanks,

    Harish

    Tuesday, March 31, 2020 10:56 PM