Authorization to Office 365/Sharepoint online

Question

I writing a WCF service that is hosted in Azure as a (PaaS). The service in turn needs to talk to Sharepoint 2013 Online/Office 365.

I was looking at using the Sharepoint Client object model to talk to it, but keep getting the following error: "The remote server returned an error: (403) Forbidden" When we login to access the SharePoint instance through a browser it usually takes you to https://login.microsoftonline.com/login.srf so you can log in using a Live Id. The problem is we are using a federated account and not a Live Id, and therefore get redirect again to a adfs site to login . I've looked at a code sample at http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx that is using claims based authentication, but this always fails with an "Authentication Failed" message when trying to retrieve Saml Token.

If I understand this correctly. One way of doing this is to get the Saml Token, pass this to SPO, which will in turn return two cookies which I need to include in the requests made with the Client object model. Problem is I'm not finding any proper examples on how to authenticate using the Federated account in C#.

Can anyone point me in the right direction, as to how I might proceed authorizing my WCF service to talk to SharePoint.

Sorry if this is in the wrong forum. I'm not exactly sure whether this is an Azure issue or just SharePoint as I'm pretty new to both technologies.

Answer 1

I was getting a 403 while trying to do similar with the SharePoint object model. All I had to do to rectify it was include the user agent.

Answer here Using WebRequest to obtain cookies to automatically log into Sharepoint Online, getting variour errors

Hope it's of some help.

Answer 2

Try the following blog article. The ability to access the Office 365 API was just announced last month and the ability to call this from your web service is pretty new. This article is a good tutorial on the subject.

Answer 3

Use an Office 365 SharePoint site to create an environment where you can use ACS to establish trust between a provider-hosted app and an on-premises SharePoint 2013 farm, just as you would if you were developing apps for an Office 365 SharePoint site. You can visit the following link for further understanding: http://msdn.microsoft.com/en-us/library/office/dn155905(v=office.15).aspx

Answer 4

I know this is an old post, but using SharePoint Online through an App without using an App Principal may be a violation of your license agreement. You should be using true OAuth and the TokenHelper class that is part of the SDK to use the app model properly.

Answer 5

Have you tried taking Wictor's sample code and just replacing the login.srf URL with your ADFS login endpoint?

Keep fiddler open as you try this out, and inspect the requests/responses each time, you will probably see more detail as to why things aren't working within the response body that C# hides away in its object model.

Check out this blog post too, on how to get the auth token from ADFS using anything where you can create a SOAP envelope:

http://leandrob.com/2012/02/request-a-token-from-adfs-using-ws-trust-from-ios-objective-c-iphone-ipad-android-java-node-js-or-any-platform-or-language/

Answer 6

Hi just in case that we registered as an Office365 reseller a few days ago i had to learn one painfull lession: The auth. token you get from sharepoint is only valid for 2 hours! Maybe that will change in Sharepoint 15 who knows...

I thought this could be an valuable hint because there is no known workaround...