What's a good authentication mechanism to use in my remote app that is accessed via cross-domain library (SP.RequestExecutor.js) javascript code in a publishing SharePoint page in my host web?
Background: I'm developing a solution for SharePoint Online where I need to access data, from a secured web service, for displaying directly on a publishing page. The App Part is not a good option for me because I need a responsive UI and IFrames don't work well in responsive UI scenarios. So, I've created a provider-hosted app that hosts an ASP.Net Web API endpoint. The Web API controller, for that endpoint, is what makes calls to the secured web service for the data I need. The flow is: the cross-domain library javascript code in the publishing page calls the provider-hosted app web api endpoint which then calls the secured web service. There is an article here on msdn just for this scenario. However, the article leaves out options or ideas on the authentication mechanism to use for the provider-hosted app. It just states that it is the responsibility of the developer to implement the authentication mechanism. Has anybody implemented a solution like this that includes authentication?
Aucun commentaire:
Enregistrer un commentaire