This value is get in to play mostly when we do POST, PUT, MERGE and DELETE requests via the SharePoint REST API. Unless you match with server digest value you won’t be able to perform the REST requests and it gives security validation issues (mostly 403 forbidden status).
How to get this value?
Send a POST request to below end point it will return the form digest value between “FormDigestValue”
http://<Site URL>/_api/contextinfo
What is X Request Digest (Form Digest Value)?
If you are not entitled to SharePoint using OAuth, your will require this value to authorize your request.
For more information: https://msdn.microsoft.com/en-us/library/office/fp142384.aspx
If you’re creating SharePoint hosted Add-in, you can take the digest value as below with JQuery
Using JQuery
[code lang="javascript" light="true"]
$("#__REQUESTDIGEST").val();
[/code]
Using Angular JS
[gist https://gist.github.com/kushanlahiruperera/3c9eb56ce7967177191cb36d8571d8c1 /]
Sample Digest value :
0x5A846B1414597F46DB8E88D039E949D54BF62773B7E876730C1191F68240C935D57A17904E37992D2A78F9EC75AD462CF2C9AADFCDB30E1E044C1898358F04B6,13 May 2016 10:51:08 -0000May 2016 10:05:13 -0000
It's specific to user, time period, site and changes time to time (basically it every 24 hours).
Further reading;
https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.formdigest.aspx
You forgot "WHY"... why do I need a digest value at all? My REST api request is already authenticated using windows authentication (challenge response). So what is the benefit of this RD thing?
ReplyDeleteThis will be useful when you work with REST API and its not related to authentication to the application. Mostly its done for the validate on your request against server.
ReplyDeleteHope this was usefull and thank you for your valued feedback.
@kushanlahiru
my app is sharepoint-hosted. Do I still need FormDigestValue?
ReplyDeleteThis prevents SharePoint site from CSRF attacks in which attacker may trick you using your currently logged in session to make unethical requests on SharePoint server. More on this can be read at "https://blogs.technet.microsoft.com/rajbugga/2016/05/15/how-sharepoint-is-secured-from-cross-site-request-forgery-csrf-attacks/"
ReplyDelete