none
User get Authentication error in High Trust Provider Hosted Add-In with Windows Authentication mode RRS feed

  • Question

  • Hi,

    I am running a High Trust SharePoint Provider Hosted Add-In with Windows Authentication Mode.

    In my context, all user are getting authenticated through an external Active Directory (full official email address and email password) to login to SharePoint. The users in my local office can login to SharePoint through both the external Active Directory (full official email address and email password) and local AD (local windows user name firstname.lastname and local user password).

    The problem is with my local office users, they login to SharePoint with official email address. But, when they click on the app link to access, they are automatically redirected to the the app with default local windows credentials as they are logged in with that on their PC. Then they get authentication error and cannot access the app.

    Could anybody get me out of this? I am in a big trouble with that. Thanks in advance.

    Monday, March 12, 2018 11:49 AM

Answers

  • Hi,

    1. Check if Issuer ID is invalid or has uppercase letters or has space in Appweb web.config file.

    2. Check if Client ID is invalid, or Client ID has space in Appweb web.config file.

    3. Check if Get-SPSecurityTokenServiceConfig AllowOAuthOverHttp setting is invalid. It must be true if one of the SharePoint web application or Provider hosted App IIS website have HTTP binding. If both SharePoint and Add-ins using SSL, it should be false. In many cases, if you have HTTP binding on SharePoint in addition to SSL and if Add-ins using SSL with AllowOAuthOverHttp=false, may cause an error.

    More information about authentication error, we can refer to:

    https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/troubleshooting-high-trust-sharepoint-add-ins

    Best regards,

    Lee Liu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, March 13, 2018 7:57 AM