none
Provider Hosted APP with ADFS – Created By Issue RRS feed

  • Question

  • I have created one provider hosted app and have done ADFS configuration for SSO to SharePoint Site to SharePoint APP Site.

    But when I adding/updating list item created by user is “i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint” instead of my logged in user in SharePoint Site.

    I am in impression that SharePoint Site passes same user token to SharePoint APP but its passing common token to everyone user and the user is “i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint”. SharePoint Site login as spadmin@spdomain.com.

    I have implemented ADFS version 2.0. SharePoint 2013 and hosted site in my local IIS.

    How can I have same user for both (SharePoint Site and SharePoint Provider APP Site)?

    Both site have different user; how can I have same user in both site with ADFS SSO?

    Thursday, December 22, 2016 5:26 AM

Answers

  • Hi,

    Thank you for your answer!!!

    I used your suggested approach still I am not getting current log in user in Provider Hosted Site. 

    So I tried and passing user in query string in app part page and doing impersonate with User object via CSOM.

    As I log in in SharePoint is "SPDOMAIN\SPADMIN" user but in app context I am getting "IIS APPPool\SPAPP" therefore I am impersonating and doing CRUD operation.

    So I resolved this issue by impersonation concept.

    Thank you for your valuable time.


    Tuesday, December 27, 2016 11:23 AM

All replies

  • Hi,

    Please check the steps below:

    1.Create/Configure Trusted Identity Provider for ADFS configuration.

    2.Configure End Point URI’s for Web Application (URI's trusted by Client Network).

    3.Create SharePoint Web Application with ADFS Trusted Identity Provider configuration.

    4.Create certificate (personal hosting) & register the same with powershell script to generate Issuer ID.

    5.Create Provider Hosted App project with certificate & Issuer ID details.

    6.Replace web.config file with required ADFS configuration settings.

    7.In IIS, create virtual directory with relative path based on End point URI.

    8.Change the 'Application Pool of  .Net site' –> Advanced settings–> Process Model –> User Profile Loading property to TRUE.
    9.For ADFS based Provider Hosted App, Publish the website using web deploy–> File system method.

    10.For publishing the app, create app catalog & then upload .app file with different versions.

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 26, 2016 1:51 AM
    Moderator
  • Hi..

    Thank you for your answer. I used your above steps. And ADFS working properly. But now question as below:

    I have written below code:

         var spContext = SharePointContextProvider.Current.GetSharePointContext(Context);
                using (var clientContext = spContext.CreateUserClientContextForSPHost())
                {

                    clientContext.Load(clientContext.Web, web => web.Title);
                    clientContext.ExecuteQuery();
                    Response.Write("<p>" + clientContext.Web.Title + "</p>");
                }


    It's give access denied.

    But when I am using:

    using (ClientContext clientContext = SharePointContextProvider.Current.GetSharePointContext(Context).CreateAppOnlyClientContextForSPHost()){

                clientContext.Load(clientContext.Web, web => web.Title);
                clientContext.ExecuteQuery();
                 Response.Write("<p>" + clientContext.Web.Title + "</p>");
    }

    It's working fine but user context is "IIS APPPool\SPAPP". As I log in in SharePoint as user "SPDOMAIN\SPADMIN".

    Question: While I am adding records from SharePoint Apps into the SharePoint Custom List. Created by should be "SPDOMAIN\SPADMIN" instead of "IIS APPPool\SPAPP". But Currently it's adding Created by as "SPAPP" in SharePoint custom list. How can I get the "SPDOMAIN\SPADMIN" user context in provider hosted app.

    Waiting for your reply !!!

    Thanks in advance.

    Monday, December 26, 2016 6:21 AM
  • Hi,

    Please check whether you have used the app only policy in your app manifest or not.

    Or try to added Tenant Read permission to the AppManifest file, check the article below:

    https://samlman.wordpress.com/2015/03/02/access-denied-error-with-app-only-access-token-when-reading-profile-info/

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Tuesday, December 27, 2016 8:56 AM
    Moderator
  • Hi,

    Thank you for your answer!!!

    I used your suggested approach still I am not getting current log in user in Provider Hosted Site. 

    So I tried and passing user in query string in app part page and doing impersonate with User object via CSOM.

    As I log in in SharePoint is "SPDOMAIN\SPADMIN" user but in app context I am getting "IIS APPPool\SPAPP" therefore I am impersonating and doing CRUD operation.

    So I resolved this issue by impersonation concept.

    Thank you for your valuable time.


    Tuesday, December 27, 2016 11:23 AM
  • Hi,

    Thanks for sharing the approach, It will help others who suck with the problem!

    You can mark the reply as answer, it will make others who stuck with the similar issue easier to search for valid solutions in this forum.

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Wednesday, December 28, 2016 8:34 AM
    Moderator