SharePoint Provider hosted app with Claims authentication

At one customer we have a SharePoint 2013 environment with ADFS 3.0 as the main authentication provider. I wanted to create a SharePoint Provider hosted app to do a Proof of Concept. I had configured everything to get started with apps and build a SharePoint hosted app to prove that my settings on SharePoint are correct.

I did the SharePoint configuration with the help of the following 2 blogs: Mirjan van Olst and Wictor Wilén These 2 blogs provided the information and settings that we need to get SharePoint hosted apps to work.

With this I toughed I had everything in place to create a SharePoint provider hosted app. When I created the app I choose for the High trust and setup the certificate and trusted this within SharePoint. So now I have a default app and the first thing I tried is to run this and check if it was working. This was not the case, the moment the code hit the “clientContext.ExecuteQuery();” I got an error that I was not authenticated.

I was thinking I did something wrong with the certificate but after some digging and searching I found another blog of Wictor that had the answer to my problem.

The SharePoint App has to have the same kind of authentication as SharePoint when using a high trusted app (certificate).

Another solution is to go with a low trust app, for this we need ACS (Azure Control Services). This works out-of-the-box with SharePoint Online but for using it with your on-premises farm we need a bit more. For this I found the following blog. This blog will explain that we need an Azure Active Directory which is provided from an Office 365 Subscription. This means that we need to request an Office 365 subscription. We cannot use a regular Azure Active Directory as explained in this MSDN article.

For more information about SharePoint apps and ACS