This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 39%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
I have an on-prem web API published via Azure App Proxy that I'm trying to access from a SharePoint Online SPFx component using MSAL.js. I'm just doing a simple GET to a text file in IIS as a starting point.
I can access the app proxy and get the text file directly via a browser.
But when I try to use MSAL from inside the SharePoint page it fails at a certain point. I've been using the examples on Microsoft's website to get me started so I think I'm doing the right thing.
The fetch on step 3 does a preflight CORS OPTIONS request and fails with a 403. I get the feeling this request isn't getting as far as the internal IIS server as I can't see any activity in the IIS logs for it.
Is this senario supported?
const msalConfig = {
auth: {
clientId: '<guid>',
authority: 'https://login.microsoftonline.com/<guid>',
redirectUri: '<url>',
},
cache: {
cacheLocation: 'sessionStorage', // This configures where your cache will be stored
storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
},
system: {
loggerOptions: {
loggerCallback: (level, message, containsPii) => {
if (containsPii) {
return;
}
switch (level) {
case msal.LogLevel.Error:
console.error(message);
return;
case msal.LogLevel.Info:
console.info(message);
return;
case msal.LogLevel.Verbose:
console.debug(message);
return;
case msal.LogLevel.Warning:
console.warn(message);
return;
}
},
},
},
};
const myMSALObj = new msal.PublicClientApplication(msalConfig);
const account = myMSALObj.getAllAccounts()[0];
console.log(account);
const silentRequest = {
scopes: ['<app proxy scope>'],
account: account,
forceRefresh: false,
};
myMSALObj
.acquireTokenSilent(silentRequest)
.then(response => {
console.log(response);
const headers = new Headers();
const bearer = `Bearer ${response.accessToken}`;
headers.append('Authorization', bearer);
const options = {
headers: headers
};
fetch('<app proxy resource url>', options).then((res) => {
console.log(res);
console.log(res.text());
});
})
.catch((error) => {
console.error('Silent Error: ' + error);
if (error instanceof msal.InteractionRequiredAuthError) {
myMSALObj.loginRedirect(loginRequest);
}
});
After some more testing, I was able to setup an Azure Function endpoint and use that instead. When I first tested access to the endpoint from SharePoint, I got the same CORS error. However, with an Azure function, you can configure CORS in the Function App which enabled it to work.
As far as I can tell the same CORS configuration isn't available when using an Azure AD Application Proxy, so I guess this isn't supported yet. I believe you can use an Azure AD Application Proxy for an API if the client is native app as the web browser and consequently CORS isn't involved.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi @Tom-BC
Per my test, you can follow the steps to bulid AAD Proxy for SPFX.
Building Proxy Provider for SharePoint Framework and Microsoft Graph Toolkit
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks @RaytheonXie_MSFT does the link you posted work for an on-prem web api/website published via Azure AD Application Proxy?
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy
I've updated my question so this is a bit clearer.