I recently put together a session around security in SharePoint Apps. There seems to be enough content on this topic to keep people on their toes at all times, so I decided to try and assemble all this information all in one place on this blog with a series of posts. Most of this information…
Tag: Authentication
Another 401 Unauthorized Tip for Working with SharePoint Apps
I've tried to update the related postings to this, but sometimes you need a call out to make sure it catches your attention so…here's another troubleshooting tip for when you get a 401 unauthorized error when your app tries to access SharePoint content. Suppose you have gotten everything working and then create a provider hosted…
Missing Context Token in Low Trust App with SharePoint 2013
Should you decide that you want to write low trust apps for an on-premises SharePoint 2013 farm, there are a number of hoops you should expect to jump through (NOTE: this assumes the SPNs for your web apps are already configured in the MsolServicePrincipal for your o365 tenant): Create a new app in Visual Studio;…
Checklist for Issues with Custom Claims Providers in SharePoint 2010 and 2013
As I was going round and round a few weeks ago trying to figure out why my custom claims provider was not working as I anticipated, one of our great developers (Chris R.) gave me a list of things to look at to try and diagnose the issue. After spending about 5 minutes on his…
Integrating SharePoint 2013 with Azure Active Directory – Part 2 The Custom Claims Provider
In Part 1 of this series, we went through how to configure SharePoint to use ACS and Azure Active Directory (AAD) as our Identity Provider. Once that is complete you will have a working end to end solution in which you can authenticate, get authorized and work in the site. What you also have is…
Using SharePoint Apps with SAML and FBA Sites in SharePoint 2013
Hopefully by now everyone has heard about the new app model in SharePoint 2013. There’s a lot of documentation out there about it so I won’t go into exactly what it is. What you should know is that it’s the preferred model for developing applications going forward. If you’ve done any development with the new…
Using Fiddler With SAML and SharePoint to Get Past the Three Authentication Prompts
Eric Lawrence touches on this topic in one of his Fiddler blog posts, but unless you know what you're looking for it can be hard to track down so I am going to add the SharePoint twist on it here. We often tell folks to use Fiddler to get an idea of what's going on…
More TroubleShooting Tips for High Trust Apps on SharePoint 2013
Hey, I'm an app guy, I like doing dev, but honestly – I may go hoarse screaming at my computer if I have to track down one more "The issuer of the token is not a trusted issuer" problem with my new SharePoint apps. To try and help you save your own voice (and sanity)…
Another Apps for SharePoint Tip with the Error "The issuer of the token is not a trusted issuer"
I was working on a build of SharePoint that is post beta 2 today, and found that one of my custom high trust apps I had built would no longer work. In looking at the ULS logs I was getting the dreaded "The issuer of the token is not a trusted issuer" error message. I…
One Important SAML Claims Property to Never Touch in SharePoint 2013
Hi folks, it has come to my attention that there is one particular property on the SPTrustedIdentityTokenIssuer in SharePoint 2013 that you should absolutely never ever touch or try to change in any way. 2013 introduces a new property on the SPTrustedIdentityTokenIssuer called the MetadataEndPoint, and I won't even bother getting into what that property is…