Share via

Invoke Azure web service API using Sharepoint webpart with AAD

Anonymous
2023-08-30T03:32:32+00:00

Component Setup

  • Web App (with proper App Registration) hosted on Azure, with Azure AD Auth enabled.
  • Sharepoint which end users log in using Azure AD too.

Current Situation / Achieved Behaviors

  1. We make use of AadHttpClient (API) inside Sharepoint WebPart using a test project, with proper web-api-permission setup (including App ID from the WebApp and a proper scope value), and we can invoke a REST GET API implemented in Web App with Azure AD authentication/authorization, which the API returns proper response body as expected.
    • Say, the API is called
  2. Not only Sharepoint WebPart mentioned in #1 could access the Web App, but also any browser session (by typing in to browser address bar) can access the Web App when user signed in via AAD.

Questions:

  1. We saw error that when we run the test Sharepoint project, AadHttpClient returns error. Given that we already logged in Sharepoint with AAD.
    1. Console tab in browser shows "401 Unauthorized".
    2. Then, in the same Chrome browser session, put and run in a new tab. The GET returns a message normally.
    3. Then, go back to the test Sharepoint project browser tab, re-run the page and the error is gone.
    4. This error can never be replicated again for this user and this web-app.
    5. However it shows up whenever a new user the first time running this WebPart.
    6. We didn’t do enough test to check if this error will show up for every Sharepoint WebPart (probably once only) and for every Azure Web App (probably each web app will see it once?).
    The error affects user experience (while we may be able to find a workaround like to make the user at least access the web app’s any API at least once, we think there may be a proper way to fix above). Do you have any suggestions?
  2. In above #1.2., we could invoke the GET in browser. Is it possible to restrict the GET API (and anything other APIs from the same domain) which only Sharepoint’s AadHttpClient could invoke/execute?
    • (If possible) is it a setting which Web App’s admin is free to turn the restriction on/off easily to allow debugging using browser or tools like Postman, and how we gonna do that?

Thank you.

Mars

Microsoft 365 and Office | SharePoint | For business | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-08-30T05:53:59+00:00

    Dear Mars,

    What you are experiencing is a SharePoint Development issue. Sorry for that our category may hno enough resources on coping with the issue.

    We have a specific channel SharePoint Development - Microsoft Q&A and the experienced community members there will help you check the configuration and provide some further suggestions.

    I suggest you post a new thread there for expert help.

    Thanks for your understanding and have a nice day!

    Sincerely

    Cliff | Microsoft Community Moderator

    Was this answer helpful?

    0 comments