I am working on a MEAP (Mobile Ent. Application platform) which uses PHP on server side and javascript on client side. The web application is consumed through an appshell (hybrid app) on IOS devices. The application also stores the userid and password so user doesn't have to enter it again.
We also have a portal link (portal in SharePoint) in this application which user click and it launches the Safari which again presents login prompt to user. (windows authentication to sharepoint).
Is it possible to somehow pass the userid/password to safari so it will automatically login to sharepoint portal??
I just need to know the best approach to follow in this scenario?
According to my knowledge, the sharepoint uses NTLM authentication so I tried creating Ajax call by passing NTLM authorization header, but it doesn't work?
I used below js to create NTLM authentication.
https://github.com/erlandranvinge/ntlm.js
Since you are launching safari, you can pass it a url. Why not pass query parameters to the url and get the credentials from there?
Ofcourse, this will require a slight modification of the sharepoint side, a small javascript will do.
Related
I'm working on a windows app using pure JavaScript and try to use AAD for authentication. The issue that I'm facing is aftering calling the "login" function from adal.js which will redirect user to the login page, how shall the app receive the response assuming the user logged in successfully? The page that I'm seeing now after login is saying"This page cannot be displayed. Make sure the web address https://login.microsoftonline.com is correct." I have entered the redirectURI value in azure with the one starting with "ms-app://s-1-15-***".
I've gone through the examples from the AAD developer's guide and I don't see examples of windows app + pure JavaScript. The "Windows Universal" section has example of C# and the "JavaScript" section is for web page application.
As adal for js is designed for web application, the redirect_url parameter requires a web server host location. So the using plain javascript to integrate adal for js is not so suitable in this scenario.
You can try to follow several workarounds:
To use C# lib in your UWP application.
To use Azure Mobile Apps' Authentication feature to authenticate & authorize your users. On sever side, you can refer to https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-windows-store-dotnet-get-started-users. And on your UWP side, you can refer to https://yorkporc.wordpress.com/2014/06/07/winjs-windows-store-app-and-aad-sso-experience-i-e-save-cookies-from-microsoftonlineaad-login-pages/ for similar usage.
Any further concern, please feel free to let me know.
I finally figured out how to perform the AAD authentication in windows app using javascript. So there's the WebAuthenticationBorker from WinRT that can be utilized for the authentication through the OAuth2 endpoint.
A link here is a very helpful example.
I have a scenario that I think should be fairly simple, yet I'm not finding a solution and wondering if someone can point me in the right direction.
The setup:
1) SharePoint online website (user must be authenticated to see page)
2) .NET MVC Web API service endpoint (user must be authenticated to get data from the service)
Both of these authenticate using the same Azure Active Directory. The Web API has been registered in Azure AD.
The problem:
I would like to put some javascript on a SharePoint Online page (not a Sharepoint Add-in, not an AngularJS SPA) that will make an AJAX call to the Web API using the logged in user's credentials without any kind of user prompt (since this is an ajax call, the user won't see the prompt anyway).
I've tried looking into the ADAL libraries, but all the JavaScript ones I can find require the use of Angular and require the user to authenticate a second time. I've found some documentation using OAuth 2.0, but (from what I can tell) require you to get the client to authorize the Sharepoint Online page to act on their behalf - which the user will not be able to consent to because it's an AJAX call and the consent page is not displayed in the browser (and it's still doing this despite having the app already approved by an administrator in Azure AD).
It seems to me the user shouldn't have to leave the SharePoint page and shouldn't have to enter their credentials a second time. I believe there should be some way that the log-in to SharePoint Online should also be able to be used as the log-in for our in-house app.
If someone could just point me in the correct direction, I would be very much appreciate it. Thanks in advance.
Normally, if we call the resource which protected by Azure AD, we need to authorize the app via OAuth 2.0.
Were you able to put a hidden iframe in the SharePoint online page? If it is possible, then we can use the Azure AD implicit flow get the token through iframe, and we can call the REST which protected by Azure AD via the token return by iframe. To enable the implicit flow, we need to download the application manifest from Azure portal and switch ‘oauth2AllowImplicitFlow’ to true.
And if you were only developing a single tenant which doesn’t require users to consent the app. Here is the HTML code request the token from a Iframe for your reference:
<iframe width="0" height="0" id="oauthHideIframe" src="https://login.microsoftonline.com/{tenantId}/oauth2/authorize?response_type=token&client_id={Client_Id}&redirect_uri={redirect_Url}&resource={your web api app url register on the protal}"> </iframe>
And to pass the token from iframe to the parent window, we can use the window.postmessage which allow the corss-orignal communication.
I have successfully setup a Sandbox Environment for WeChat with a URL for my API Config and a JS API Secure Domain. These work as intended, allowing me to receive messages from Followers and calling APIs from Javascript pages.
However, when attempting to retrieve a user profile via the web using OAuth2 I encounter an 'Oops. Something went wrong!' message. If I use one of the supplied example links it works as intended.
http://admin.wechat.com/wiki/index.php?title=User_Profile_via_Web
Is it possible to test User Profile via Web in a Sandbox Environment?
Background on the Application:
Embedded system that will connect to nest-api as a client to retrieve required data. This embedded system can connect to a wifi network and provides a web interface through which user can carry out authentication.
For authentication, currently the user is directed to
https://home.nest.com/login/oauth2...
and user can carry out the authorization procedure and get an 8-char PIN.
The user is then asked to input this PIN in a text box and submit it to the embedded web server which then requests the access_token (using C platform).
There are two questions related to this issue:
1) Is there a way to carry out request for access_token also from the client browser, and only return the access_token back to the embedded system? Any Javascript code that can request access_token after user inputs the PIN and submits?
2) The second issue is related to lack of automation. The user needs to type the PIN back in the web interface. Is there a way to extract the PIN from the website automatically using some script. For example, open the /login/oauth2 page embedded within another page and run a script on the main page to keep scanning the embedded page until the PIN becomes available (i.e. the user logs in and grants permissions). As soon as it becomes available, it can be copied and returned back to device web and access_token requested automatically.
I understand that this type of automation can be achieved by web-based authentication, but from my understanding that would require a proxy server for redirect URI. The idea is to make the device self-sufficient without a need for maintaining another server.
Yes, see the control-jquery sample code for an example of how to work with OAuth tokens in JavaScript
Nest allows you to use addresses that start with http://localhost or https:// as the OAuth Redirect URI. You can either run a web server locally, or monitor the WebView for a redirect URI pattern of your choice and parse the results.
My current project constists of 2 components:
a WCF server application
a purely client-sided (javascript, jQuery, TypeScript etc) website which consumes the service.
When the client saves data to my database via the WCF service, I need to log who made the last modification to that data.
To do this I need the username of the account the client website's browser is running under.
Browser support needs to be:
Chrome
Firefox
IE 10/11.
I don't want to create a login form for my website, I want the user to be able to open the website and be logged on using their Windows/Citrix account.
Javascript can't get to the account username because of security concerns obviously.
Any suggestions?
I have a experimental answer for you. Not sure but posible to work correctly. I think, you can activate impersonation and basic authentication on iis. Then client(browsers) ask credentials to client. In service layer, you can enable impersonation too. but only iis impersonation may enough.