Azure AD secured WebAPI invoking room services (SharePoint, SQL)

I went through this great streak from Kirk Evans :

http://blogs.msdn.com/b/kaevans/archive/2015/03/27/the-api-economy-consuming-our-web-api-from-a-single-page-app.aspx

but I need to move on. I need the same architecture as in the article: http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-25-31-metablogapi/4064 .image_5F00_6A334CB5.png

but now a custom WebAPI in Azure must call a different API in the On Premises framework, given that the Premises API will need to retrieve information from the SharePoint Premises "on behalf of" the user (and of course from another source such as SQL Servers or other internal services).

It is assumed that both active directories (Azure AD and AD premises) are merged.

Any idea on how to achieve this?

Many thanks.

+3


source to share


1 answer


If this is a website and you want something like Kerberos constrained delegation see my blog:

http://blogs.msdn.com/b/kaevans/archive/2015/04/13/azure-ad-application-proxy-and-sharepoint-2013.aspx

If you need to connect through a specific protocol, such as TDS connections to SQL Server, you can use hybrid connections.



http://blogs.msdn.com/b/alimaz/archive/2014/07/31/connect-sharepoint-online-to-an-on-premises-sql-server-from-an-azure-provider-hosted- app-using-hybrid-connections.aspx

If you need to use Kerberos Constrained Delegation for a non-HTTP protocol, see the next session where they demonstrate a few lines of code in .NET to read incoming claims and impersonate a user. Requires Kerberos Constrained Delegation setup as shown in the first article above.

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/OFC-B327#fbid=

+2


source







All Articles