Hi,

We are planning to use SharePoint as an authentication mechanism. After the user is authenticated, the information needs to be passed in a secure manner to another application in the same domain. In order to do this securely, that application needs to be passed some kind of token that it can verify in addition to the username and password variables being passed.

Can anyone tell me of a simple but secure way to pass this data from SharePoint to the other application? BTW, Kerberos is involved in the SharePoint login process and I would like the other application to know that the login is legitimate without having to query Active Directory.

thanks,

She

Hi Sherazad,

What's the type of the external application? If you plan to develop a custom application to satisfy this authentication mechanism, please consider to design it as a SharePoint App(currently named SharePoint add-ins). SharePoint Provider hosted app can run separately from SharePoint, and integrates authentication with SharePoint. By default when users click an App icon in SharePoint, SharePoint will redirect user to the app URL, and in the meanwhile, post a security token to the app. In addition to authenticate the app, the app can also use the token to access SharePoint resources.

Please find more information in the following articles:

Authorization and authentication of SharePoint Add-ins
https://msdn.microsoft.com/EN-US/library/office/fp142384(v=office.15).aspx

Handle security tokens in provider-hosted low-trust SharePoint Add-ins
https://msdn.microsoft.com/en-us/library/office/dn762763%28v=office.15%29.aspx?f=255&MSPPError=-2147217396

Thanks,
Reken Liu