I have an On-Premises, High-Trust Provider-Hosted App (PHA) written using the standard Visual Studio 2013 PHA template. I've followed the configuration steps for High-Trust/S2S apps presented by Kirk Evans in his blog here:
http://blogs.msdn.com/b/kaevans/archive/2012/11/27/creating-high-trust-sharepoint-apps-with-microsoft-office-developer-tools-for-visual-studio-2012-preview-2.aspx
Everything worked as expected without much need for modification until I added a service to host an event receiver for the AppInstalled event. When I tried installing the app with the event enabled, I received the following error from SharePoint:
The remote event receiver callout failed. Details: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM;Negotiate'.
Out-of-the-box the PHA is not configured to support Anonymous authentication in its service bindings. When I add support for Anonymous authentication via web.config, the app installs and all the event receiver logic executes as expected, including CSOM calls that add lists and security groups to the host web.
This leaves me with a two-part question:
TIA
Anonymous access is definitely required for High-Trust/S2S app event receivers.
You can use HTTPs to secure the communication with App Event receiver. A suggestion would be to block the access of the app event receiver from external domain as SharePoint will call the web service from within the network.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With