Abstract: This article provides a detailed solution to configure CORS and NTLM authentication for accessing SharePoint 2016 On-Premise REST API from a different domain.
2024-06-11 by DevCodeF1 Editors
Configuring CORS and NTLM Authentication for SharePoint 2016 On-Premise REST API (Different Domains)
Cross-Origin Resource Sharing (CORS) is a security feature implemented in modern web browsers that restricts web pages from making requests to a different domain than the one that served the web page. However, there are situations where allowing cross-domain requests is necessary, such as when building a client-side web application that needs to access resources from a different domain. This article will cover the process of configuring CORS and NTLM Authentication for SharePoint 2016 On-Premise REST API when the client and server are in different domains.
What is CORS and NTLM Authentication?
CORS is a W3C specification that enables web applications to make cross-origin HTTP requests. It allows servers to specify which origins are allowed to access their resources, providing a secure and controlled way to enable cross-domain requests. NTLM (NT LAN Manager) is a security protocol used in Windows environments for authentication and access control.
Configuring CORS for SharePoint 2016 On-Premise REST API
To configure CORS for SharePoint 2016 On-Premise REST API, you need to make changes to the web.config file of the SharePoint web application. The following steps will guide you through the process:
- Open the web.config file of the SharePoint web application.
- Locate the
section. - Add the following code inside the
section:
<httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" /> <add name="Access-Control-Allow-Headers" value="Content-Type, Accept, Authorization, X-RequestDigest" /> <add name="Access-Control-Allow-Credentials" value="true" /> </customHeaders></httpProtocol>
The above code allows all origins (value="\*"), all HTTP methods (value="GET, POST, PUT, DELETE, OPTIONS"), and all headers (value="Content-Type, Accept, Authorization, X-RequestDigest") to access the SharePoint REST API. The "Access-Control-Allow-Credentials" header is set to "true" to allow sending credentials (such as cookies or NTLM tokens) with cross-origin requests.
Configuring NTLM Authentication for SharePoint 2016 On-Premise REST API
To configure NTLM Authentication for SharePoint 2016 On-Premise REST API, you need to make changes to the web.config file of the SharePoint web application. The following steps will guide you through the process:
- Open the web.config file of the SharePoint web application.
- Locate the
section. - Add the following code inside the
section:
<authentication mode="Windows" /><authorization> <allow users="*" /></authorization>
The above code sets the authentication mode to "Windows" and allows all users ("\*") to access the SharePoint web application. Note that allowing all users is not recommended for production environments. You should replace "\*" with a specific group or user that has access to the SharePoint web application.
Testing CORS and NTLM Authentication
To test CORS and NTLM Authentication, you can use a tool such as Postman or Fiddler to send cross-origin requests to the SharePoint REST API. Make sure to include the NTLM token or cookie in the request headers. If everything is configured correctly, you should receive a successful response from the SharePoint REST API.
- CORS is a security feature that restricts web pages from making requests to a different domain than the one that served the web page.
- NTLM is a security protocol used in Windows environments for authentication and access control.
- To configure CORS for SharePoint 2016 On-Premise REST API, you need to make changes to the web.config file of the SharePoint web application.
- To configure NTLM Authentication for SharePoint 2016 On-Premise REST API, you need to make changes to the web.config file of the SharePoint web application.
- Testing CORS and NTLM Authentication can be done using tools such as Postman or Fiddler.
References
- SharePoint Add-in security and privacy
- Authentication in SharePoint
- Use cross-origin resource sharing (CORS) in SharePoint Add-ins
- Configure CORS for SharePoint
- Configure authentication for SharePoint
- Authentication schemes in SharePoint Add-ins
Learn how to overcome issues with CORS and NTLM authentication when accessing SharePoint 2016 On-Premise REST API from a different domain.
Creating a HUD-like Mission Planner with Tkinter and MAVlink in Python
Learn how to create a Head-Up Display (HUD) mission planner using Tkinter, MAVlink, and Python for flight controller telemetry data simulation.
Handling Concurrent Write Conflicts in Spark 3: Multiple Jobs Writing to Hive Table Result in FileNotFoundException
In this article, we discuss how to handle concurrent write conflicts in Spark 3 when multiple jobs try to write to the same Hive table, resulting in FileNotFoundException.
Modifying Plugin Contents Based on Custom Needs in Software Development
Learn how to modify plugin contents according to custom needs using AI language model and data analysis.
AssertionError while scanning documents with pyinsane2 and HPOfficeJetProscannerESCL
This article discusses an issue encountered while using the pyinsane2 library in Python with the HPOfficeJetProscanner and ESCL for scanning documents. The article provides a possible solution to the AssertionError that occurs during the scanning process.
Forced Dotnet Publish: Using Release Configurations with Multiple Modules in a .sln (CSPROJ) Solution (Dotnet 7)
This article explains how to force publish multiple modules in a .sln (CSPROJ) solution using Dotnet and Release Configurations.