Verify SharePoint user in ajax request

Question

Consider the following: A logged-in user visits a publishing page in a SharePoint Online environment. The page loads data from a service running on another server using an ajax request.

In this scenario, how do I, as an author of the service, make sure the user making the request is who he says he is? Can I use any data in the request to check back with the SharePoint site that there's a valid session for the given user?

EDIT: To further elaborate: on the server side, in my custom service, I will get a request initiated on the client side of a sharepoint online site. How do I, as an author of that custom service, determine if the request comes from a valid user? I mean, anyone can fire up the javascript console in their browser and issue an ajax request to my service, pretending to be whoever.

score 1 · Answer 1 · edited Apr 13 '17 at 12:41

if you are SharePoint online, i would suggest that you leverage the AppModel.

Register an App Id and App Secret.
Have your service build a context to SharePoint.
- You can use the SharePoint Web Toolkit to build a context to SharePoint in .NET.
Using the Client Side Object Model (CSOM), request the current user information from SharePoint Online.

You can do this from non-Microsoft technologies and/or from the browser even. Hope this helps.

score 0 · Answer 2 · edited Nov 09 '14 at 08:05

0

Using SPServices is easier.

 $().SPServices.SPGetCurrentUser({
   webURL: "",      // Added in 2013.01
   fieldName: "Name",
   fieldNames: {},      // Added in v0.7.2 to allow multiple columns
   debug: false
});

http://spservices.codeplex.com/wikipage?title=%24().SPServices.SPGetCurrentUser

edited Nov 09 '14 at 08:05

Robert Lindgren

24,520
12
53
79

answered Nov 09 '14 at 06:52

Syed Muhammad Hasan Rizvi

11
3

Does this really answer the question? If so I'm not getting it. See my EDIT on the question... – claesv Dec 19 '14 at 13:03
if you want to validate a user using JavaScript/AJAX Requests / Jquery ...Than i will suggest to use the above answer for this ... SPServices.SPGetCurrntUser will give u the user name and you can Condition it if its a valid user or not... simple – Syed Muhammad Hasan Rizvi Dec 20 '14 at 00:10

score 0 · Answer 3 · answered Dec 19 '14 at 08:31

the user would be belong to a group to access the site so verify if the user have been included to any of the group using sp services the below code would help

var selector = 'Group[ID=\'' + GroupId+ '\']';
$().SPServices({
    operation: "GetGroupCollectionFromUser",
    userLoginName: $().SPServices.SPGetCurrentUser(),
    async: false,
    completefunc: function(xData, Status) {
        if($(xData.responseXML).find(selector).length == 1) {
            result = true;
    }
  }   });

pass the group id of sharepoint in the Place of GropuId parameter, you can find the id of group by opening the group the id would be there in the url

Verify SharePoint user in ajax request

3 Answers3