none
CSOM behind ADFS 3.0 and WAP RRS feed

  • Question

  • Hi all,

    I tried to access a Sharepoint 2013 via the Client Sharepoint Object Model. Now the new Sharepoint is behind a Web Authentication Proxy and only accessable via ADFS 3.0. I can log on via browser without any problems.

    How can I use the object model (or the REST webservice api) behind the WAP ?

    Michael,..,

    Tuesday, February 7, 2017 6:01 PM

All replies

  • Hi mmuehr,

    We can use AuthManager class to create clientcontext object with ADFS token to access the SharePoint site, here is a code demo for your reference:

    Using the client side object model against SharePoint with ADFS as trusted identity token issuer

    Thanks

    Best Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, February 8, 2017 5:46 AM
  • Hi,

    I tried the example above

    but I get a error "ID3082: The request scope is not valid or is unsupported." at ctx.ExcecuteQuery

    My samlSite = "https://intranet.domain.de/sites/intranet

    ctx = am.GetADFSUserNameMixedAuthenticatedContext(samlSite, "user", "pwd", "adDomain", "adfs.domain.de", "urn:sharepoint:saml");

    If I try the RequestToken function I get an valid token.

    How can I convet the token to a SamlToken ?

    How can I get further ?

    Michael,..,

    Thursday, February 9, 2017 1:51 PM
  • You should extend the web application to another zone with Windows authentication only on it and use that zone URL for your coding purposes.  This is good practice in general and what I do with all my SharePoint web applications.  End users on one URL with whatever authentication method(s) required on.  Administration and web service calls happen on another URL that is not public or known to the end users.
    Thursday, February 9, 2017 6:42 PM
  • Are you making calls outside of SharePoint and outside of the same network SharePoint is on?  Otherwise, what I proposed is the simplest solution and requires no code to be written.  Also is the added bonus of not having to worry about this if the authentication method changes from ADFS to something else.  I always say keep it simple and only do complicated when things are complicated.  This isn't complicated unless you make it that.

    • Edited by DubaStep Monday, February 13, 2017 12:53 PM
    Monday, February 13, 2017 12:52 PM