Authentication Manager is one of the key capability from PnP core component and it provides the methods to authenticate different SharePoint environments (SharePoint Online, SharePoint 2013, SharePoint 2016) irrespective of any authentication methods configured to the SharePoint sites.
The methods used for authentication are available under OfficeDevPnP.Core.AuthenticationManager class from OfficeDevPnP.Core assembly. I have listed those methods based on the environment type.

SharePoint Online

  • GetSharePointOnlineAuthenticatedContextTenant
    Returns ClientContext object to be used by CSOM code

    GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, string tenantUserPassword)
    
    GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, SecureString tenantUserPassword)
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    tenantUser User to be used to instantiate the ClientContext object
    tenantUserPassword Password (SecureString) of the user used to instantiate the ClientContext object

    The below example code returns the ClientContext object from SharePoint Online site using explicit credentials,

    //SharePoint Online - Credentials
    string siteUrl = "https://mycompany.sharepoint.com";
    string userName = "administrator@mycompany.onmicrosoft.com";
    SecureString password = GetSecureString("password");
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetSharePointOnlineAuthenticatedContextTenant(siteUrl,userName, password);
    

     

  • GetAppOnlyAuthenticatedContext
    Returns an app only ClientContext object

    GetAppOnlyAuthenticatedContext(string siteUrl, string appId, string appSecret)
    GetAppOnlyAuthenticatedContext(string siteUrl, string realm, string appId, string appSecret, string acsHostUrl = "accesscontrol.windows.net", string globalEndPointPrefix = "accounts")
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    appId Application ID which is requesting the ClientContext object
    appSecret Application secret of the Application which is requesting the ClientContext object
    realm Realm of the environment (tenant) that requests the ClientContext object
    appSecret Application secret of the Application which is requesting the ClientContext object
    acsHostUrl Azure ACS host, defaults to accesscontrol.windows.net but internal pre-production environments use other hosts
    globalEndPointPrefix Azure ACS endpoint prefix, defaults to accounts but internal pre-production environments use other prefixes

    The below example returns the ClientContext object from SharePoint Online site by authenticating from Office 365 site. Authenticating happens by based on given App secret information.

    //SharePoint Online - App Only
    string siteUrl = "https://mycompany.sharepoint.com";
    string acsAppId = "70DA500D-6000-48D4-AA1F-22793A5FE814";
    string acsSupport = GetString("ACS App Secret");
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetAppOnlyAuthenticatedContext(siteUrl, acsAppId, acsSupport);
    
  • GetAzureADNativeApplicationAuthenticatedContext
    Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication.

    GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, string redirectUrl, TokenCache tokenCache = null)
    
    GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, Uri redirectUri, TokenCache tokenCache = null)
    
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    clientId The Azure AD Native Application Client ID
    redirectUri The Azure AD Native Application Redirect Uri
    tokenCache Optional token cache. If not specified an in-memory token cache will be used. Microsoft.IdentityModel.Clients.ActiveDirectory should be added as assembly reference for TokenCache parameter

    The below example code returns the ClientContext object by authenticating the user from Azure AD. Authenticating happens by redirecting the user to Azure AD Logon page.

    //SharePoint Online - Interactive via Azure AD
    string siteUrl = "https://mycompany.sharepoint.com";
    string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetAzureADNativeApplicationAuthenticatedContext(siteUrl, aadAppId, "<redirect url>");
    
  • GetAzureADAppOnlyAuthenticatedContext
    Returns a SharePoint ClientContext using Azure Active Directory App Only Authentication. This requires that you have a certificated created, and updated the key credentials key in the application manifest in the azure AD accordingly.

    GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, StoreName storeName, StoreLocation storeLocation, string thumbPrint)
    GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, string certificatePath, string certificatePassword)
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    clientId The Azure AD Application Client ID
    tenant The Azure AD Tenant, e.g. mycompany.onmicrosoft.com
    storeName The name of the store for the certificate
    storeLocation The location of the store for the certificate
    thumbPrint The thumbprint of the certificate to locate in the store
    certificatePath The path to the certificate (*.pfx) file on the file system
    certificatePassword Password to the certificate

    The below example code returns the ClientContext object by authenticating the user based on provided APP’s certification information.

    //SharePoint Online - App Only via Azure AD
    string siteUrl = "https://mycompany.sharepoint.com";
    string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";
    string pfxPassword = GetString("Get PFX file password");
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetAzureADAppOnlyAuthenticatedContext(siteUrl, aadAppId, "mycompany.onmicrosoft.com", @"<certificate Path>", pfxPassword);
    
  • GetAzureADAccessTokenAuthenticatedContext
    Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Web Application registered. The user will not be prompted for authentication, the current user’s authentication context will be used by leveraging an explicit OAuth 2.0 Access Token value.

    GetAzureADAccessTokenAuthenticatedContext(String siteUrl, String accessToken)
    
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    accessToken An explicit value for the AccessToken

    The below example returns the ClientContext object from SharePoint online site based on provided access token information.

    //SharePoint Online - AccesToken from Azure AD
    string siteUrl = "https://mycompany.sharepoint.com";
    string accessToken = "<Access Token>";
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetAzureADAccessTokenAuthenticatedContext(siteUrl, accessToken);
    
  • GetAzureADWebApplicationAuthenticatedContext
    Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Web Application registered. The user will not be prompted for authentication, the current user’s authentication context will be used by leveraging ADAL.

    GetAzureADWebApplicationAuthenticatedContext(String siteUrl, Func<String, String> accessTokenGetter)
    
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    accessToken The AccessToken getter method to use

    The below example returns the ClientContext object from SharePoint online site based on generated access token information.

    //SharePoint Online - Generated AccesToken from Azure AD
    string siteUrl = "https://mycompany.sharepoint.com";
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetAzureADWebApplicationAuthenticatedContext(siteUrl, accessTokenGenerator());
    

SharePoint On-Premises

  • GetADFSUserNameMixedAuthenticatedContext
    Returns a SharePoint on-premises ClientContext for sites secured via ADFS

    GetADFSUserNameMixedAuthenticatedContext(string siteUrl, string user, string password, string domain, string sts, string idpId, int logonTokenCacheExpirationWindow = 10)
    
    Parameters Description
    siteUrl Url of the SharePoint site that’s secured via ADFS
    user Name of the user (e.g. administrator)
    password Password of the user
    domain Windows domain of the user

    The below example returns the ClientContext object from SharePoint on-premises site based on provided credential information.

    //SharePoint On-Premises - ADFS
    string siteUrl = "https://mycompany.com";
    string userName = "UserName";
    string password = GetSecureString("password");
    string domain = "Domain";
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetADFSUserNameMixedAuthenticatedContext(siteUrl, userName, password, "<sts>", "<IDPID>", "10");
    

SharePoint Online & On-Premises

  • GetWebLoginClientContext
    Returns a SharePoint on-premises / SharePoint Online ClientContext object. Requires claims based authentication with FedAuth cookie.

    GetWebLoginClientContext(string siteUrl)
    
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated

    The below example returns the ClientContext object from SharePoint online site by interacting with user for logon information.

    //SharePoint Online - Interactive
    string siteUrl = "https://mycompany.sharepoint.com";
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetWebLoginClientContext(siteUrl);
    
  • GetNetworkCredentialAuthenticatedContext
    Returns a SharePoint on-premises / SharePoint Online Dedicated ClientContext object

    GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, SecureString password, string domain)
    
    GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, string password, string domain)
    
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    user User to be used to instantiate the ClientContext object
    password Password (SecureString) of the user used to instantiate the ClientContext object
    domain Domain of the user used to instantiate the ClientContext object

    The below example returns the ClientContext object SharePoint On-premises site based on the provided credential information.

    //SharePoint On-Premises - Credentials
    string siteUrl = "https://mycompany.com";
    string userName = "UserName";
    SecureString password = GetSecureString("password");
    string domain = "Domain";
    AuthenticationManager authManager = new AuthenticationManager();
    ClientContext context = authManager.GetNetworkCredentialAuthenticatedContext(siteUrl, userName, password, domain);
    

Happy learning :) Stay tuned for more information…
 


2 Comments

Ramya · October 18, 2018 at 11:41 PM

Hi Shantha Kumar,

I am trying to use, OfficeDevPnP.Core.AuthenticationManager in .net core and getting 400 request. The same work in .net framework.
I also see the warning message : It was restored using ‘..NETFramework, Version=v4.6.1’ instead of the project target framework ‘.NetCoreApp,Version=v2.0’. And this may not be fully compatible.

Any thoughts?

Thank you,
Ramya

Automating add-in/app installation using ALM APIs with CSOM and PowerShell in SharePoint Online – SP 365 learnings · November 24, 2017 at 11:03 PM

[…] Authenticate to SharePoint using PnP Authentication Manager […]

Leave a Reply

Your email address will not be published. Required fields are marked *