基本身份验证而不是 AAD（Azure Active Directory）身份验证

Question

my Microsoft Teams app needs to access a REST web service that uses Basic Authentication.

the tutorials only seem to show how to do this for authentication with Azure Active Directory:

https://docs.microsoft.com/en-us/learn/modules/embedded-web-experiences/7-exercise-implement-tab-authentication

the above tutorial shows the user a login prompt and authenticates client side. how do i implement something like this for Basic Authentication?

EDIT : i'm mentioning client side because i want Teams to remember the login. the web service is basically for collaboration. so i can't use the same account for all users

EDIT2

for completeness i'm including an example client side call that ended up working (it shows a login popup to the user the first time as it does in a browser):

var url = "https://example.com/Service.svc/Request";
var init = {credentials:"include", headers:{"Accept":"application/json"}};
fetch(url,init)
    .then(response => response.text())
    .then(data => alert(data));

Answer 1

I assume you are trying to access some external page or resource that requires basic auth.. otherwise there would be no reason to try to do oath. Teams Seems to support Basic Auth for tabs, eg i can add a tab point it to a website with basic auth, and a purple popup will appear, but how to trigger it from an application would be a different story. assuming you're just calling https://api.abc.com/whatever all the time in the app, one "maybe" solution would be to embed an iframe somewhere in your teams app view, and load that domain, like https://api.abc.com/test if that page requires authentication, it should popup this purple authenticate window that you can type in your "basic auth" in. after you do that, the teams "browser" in theory should now have a session authed.

If you don't like this way, you could make an initial page in your app where they type in their username and password, take the input and then make an http call something like this: https://stackoverflow.com/a/57665644/13470894 ?

Hopefully that helps a bit

Regards,

Answer 2

Azure AD does not support basic auth for external services. You have two options:

• Migrate from Basic Auth to "Modern Auth" (OpenID Connect / OAuth / (last resort) SAML) if you can. This one is preferred.

• Figure out a wat to ask the enduser for their username / password, as this is basically what you need for basic auth

Last but not least, if your web service does not actually need a user account, but just a service account, you can save the authentication details about that web service in an Azure KeyVault and read them out when you need to construct the basic auth header.

But again, Azure AD does not support Basic Auth. And in fact, Microsoft is deprecating basic auth for Exchange Online as announced here .

Answer 3

There are APIs, which are showing Basic Authentication window / error on trying to reach them, but in fact, access is able by passing some auth header - sometimes totally custom.

Contact with the API owner and ask about that, you will not do anything more without just talk to them.