OAuth2 with Lightswitch HTML client

Category: visual studio lshtml


Boris Ćorković on Tue, 02 Apr 2013 10:28:25


I have a lightswitch app that needs to be multi-tenant. I need my partners to login with their corporate credentials to the same instance.

Is WAAD with ACS going to be supported out of the box? If it won't is it possible to use auto-hosted app on azure with sharepoint layer of authentication (I have sharepoint online) even if some partners don't have sharepoint, but only WAAD and ACS? Also keep in mind all of them must connect to the same instance and see each other data. If it is possible with sharepoint am I going to be in able to allow individuals to login with microsoft account/facebook later on?

If none of this is supported out of the box and won't be is there any tutorial how to achieve this or can you at least tell me what options are possible so that I can give it a try myself?

Thank you very much!


Karol Zadora on Wed, 03 Apr 2013 18:24:54

Dear Boris,

unfortunately LightSwitch does not support WAAD/ACS/federated authentication out of the box today. This is something we want to add in a future release.

An SharePoint-enabled, autohosted LightSwitch application requires users to authenticate with the hosting SP site before it is launched. I do not think SharePoint Online supports federated authentication (http://technet.microsoft.com/en-us/library/jj819267.aspx, search for "claims-based authentication support"), so I do not think your customers will be able to use the app that way.

I have heard from people that were able to use ACS with LightSwitch by adding a special entry point (e.g. and ASPX page) to the server project. The whole application was configured to use forms authentication,; that special page would handle claims-based authentication and then (if successful) log in the user programmatically via forms authN ASP.NET API. This approach has limitations, obviously (e.g. the LightSwitch "User" object has no information about the original claims principal that was used for authentication), but it was deemed good enough. Unfortunately that approach won'd work if you need OAuth-based access to SharePoint; you would only be able to use a fixed identity to talk to SharePoint if the application is configured for forms authentication.

I am sorry LightSwitch does not do what you are looking for. Hope this helps anyway.

Karol Zadora, VS LightSwitch development team

Boris Ćorković on Thu, 04 Apr 2013 02:48:30

When you say in next release does that mean that LS will support that with VS2012 Update 2 RTM or this is feature that you plan but do not know when exactly?

If it isn't too long I could wait for it, otherwise I will take ACS aproach.

Thank you very much!

Karol Zadora on Thu, 04 Apr 2013 16:14:11

Boris, I meant some release after VS 2012 Update 2. We do not have firm plans yet. 

Cheers, Karol