question

AymericdeMontpellier-5876 avatar image
0 Votes"
AymericdeMontpellier-5876 asked AymericdeMontpellier-5876 answered

Access to Sharepoint 2019 OnPrem Web Services using NodeJS app

Hi

In my company I/T has just set up a new Sharepoint 2019 OnPremise, that is hybrid, using Azure AD for authentication.

I'm a site collection admin for my Sharepoint site collection. Let's say the URL to Sharepoint is https://aymeric.sp.my-company.com (only accessible from inside our network).

When I access this URL I'm automatically redirected to https://login.microsoftonline.com/TENANT-ID/wsfed?wa=wsignin1.0&wtrealm=urn%3aSharepoint%3afederation&wctx=https%3a%2f%2faymeric.sp.my-company.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&wreply=https%3a%2f%2faymeric.sp.my-company.com%2f_trust%2fdefault.aspx&sso_nonce=AQABAAAAAABeAFzDwllzTYGDLh_qYbH87qVvvwM4pLiqYXloFo6Il7_-ry9WsQiAA&client-request-id=8dacdcfb-c68f-4ec2-a3e7-7760cecf3699&mscrid=8dacdcfb-c86f-4ec2-a3e7-7760cecf3699 – I'm automatically identified and redirected back to Sharepoint with the correct profile.

One of my I/T contact gave me the below information:

Now I'm trying to access to Sharepoint Web Services (like https://aymeric.sp.my-company.com/_vti_bin/UserProfileService.asmx or another one) using JavaScript and a Node app (node index.js). I'm using this technique with a Sharepoint 2013 OnProm and I have no issue: I just pass my credentials using https://github.com/s-KaiNet/node-sp-auth and it just works.

If I try to access the SP 2019 Web Services in the browser, it just works too.

But using a Node app with this Sharepoint Hybrid based on Azure AD I cannot find how to pass credentials… What to send? How to authenticate? Do I need to use an Azure AD App to connect to my Sharepoint OnProm? If yes, how to configure? Should I just send an "Authentication" header with a "Bearer" and an access token: if yes, how to get this access token?

Whatever I try (and I tried dozen and dozen of things) I always end with (in best cases) an error 403 "Access denied. You do not have permission to perform this action or access this resource.".

I discussed with my I/T contact and he doesn't know how to help. He told me to use a Sharepoint App of my site collection, and not an Azure App. But if I try to connect with a Sharepoint App I got "AADSTS700016: Application with identifier '2a919657-3f38-43d4-a6ac-3a9f4fdedf9e' was not found in the directory 'TENANT-ID'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant."

Any help would be appreciated.

Thanks


azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AymericdeMontpellier-5876 avatar image
0 Votes"
AymericdeMontpellier-5876 answered

Finally, because I'm not a farm/server admin, my last option was to retrieve the FedAuth cookie that can be used in all requests to be recognized by Sharepoint.

I've "just" mimicked the browser's behavior by creating a NodeJs script that reproduces all the required steps.

10 calls including redirection, post form and Kerberos authentication are required to finally get the precious FedAuth cookie.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.