1

I need to call my custom .Net 6 core web api from on-premise sharepoint 2019 webpart. The users are already being authenticated using on-premise Active Directory. I want to pass the authentication token that users receive when they first login to SharePoint to the WebApi to make sure that users are already authenticated. Currently, if I am implementing Active Directory authentication for Web API, users are getting the login prompt for credentials again when APIs are called using Axios.

There are already some similar questions and answers on this forum, but they have mentioned AAD (Azure Active Directory), which we cannot currently use.

Thanks!

Improve this question

1 Answer 1

Reset to default
0

Azure AD authentication applies when you're connecting to any Office 365 services (like SharePoint Online webpart connecting to your on-premise API server).

But for this case if you are using Windows Server and IIS, you can turn on Integrated Windows Authentication, to let end-users authenticate themselves using the currently-logged-on account in their machine.

A few notes:

  • Your server must also be joined to the same domain where the client is joined.
  • Integrated Windows Authentication is ancient, it has vulnerability with Cross-site Request Forgery (CSRF) attacks. Make sure to secure them.

I can't advise on Linux or non-IIS web services, but I guess the same idea above applies. Nowadays you can join Linux machine to AD.

Note: Pardon me if my answer is not complete or needs improvement (I'm too old for this topic, but I'm trying my best).

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.