Shantha Kumar T
Authenticate SharePoint using PnP Authentication Manager
Authentication Manager is one of the key capability from PnP core component and it provides the methods to authenticate different SharePoint environments (SharePoint Online, SharePoint 2013, SharePoint 2016) irrespective of any authentication methods configured to the SharePoint sites.
The methods used for authentication are available under OfficeDevPnP.Core.AuthenticationManager class from OfficeDevPnP.Core assembly. I have listed those methods based on the environment type.
SharePoint Online
- GetSharePointOnlineAuthenticatedContextTenant
Returns ClientContext object to be used by CSOM code[code lang=”csharp”]
GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, string tenantUserPassword)
[/code]
[code lang=”csharp”]
GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, SecureString tenantUserPassword)[/code]Parameters Description siteUrl Site for which the ClientContext object will be instantiated tenantUser User to be used to instantiate the ClientContext object tenantUserPassword Password (SecureString) of the user used to instantiate the ClientContext object The below example code returns the ClientContext object from SharePoint Online site using explicit credentials,
[code lang=”csharp”]
//SharePoint Online – Credentials
string siteUrl = "https://mycompany.sharepoint.com";
string userName = "administrator@mycompany.onmicrosoft.com";
SecureString password = GetSecureString("password");
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetSharePointOnlineAuthenticatedContextTenant(siteUrl,userName, password);
[/code] - GetAppOnlyAuthenticatedContext
Returns an app only ClientContext object[code lang=”csharp”]GetAppOnlyAuthenticatedContext(string siteUrl, string appId, string appSecret)[/code]
[code lang=”csharp”]GetAppOnlyAuthenticatedContext(string siteUrl, string realm, string appId, string appSecret, string acsHostUrl = "accesscontrol.windows.net", string globalEndPointPrefix = "accounts")[/code]Parameters Description siteUrl Site for which the ClientContext object will be instantiated appId Application ID which is requesting the ClientContext object appSecret Application secret of the Application which is requesting the ClientContext object realm Realm of the environment (tenant) that requests the ClientContext object appSecret Application secret of the Application which is requesting the ClientContext object acsHostUrl Azure ACS host, defaults to accesscontrol.windows.net but internal pre-production environments use other hosts globalEndPointPrefix Azure ACS endpoint prefix, defaults to accounts but internal pre-production environments use other prefixes The below example returns the ClientContext object from SharePoint Online site by authenticating from Office 365 site. Authenticating happens by based on given App secret information.
[code lang=”csharp”]
//SharePoint Online – App Only
string siteUrl = "https://mycompany.sharepoint.com";
string acsAppId = "70DA500D-6000-48D4-AA1F-22793A5FE814";
string acsSupport = GetString("ACS App Secret");
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetAppOnlyAuthenticatedContext(siteUrl, acsAppId, acsSupport);
[/code] - GetAzureADNativeApplicationAuthenticatedContext
Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication.[code lang=”csharp”]
GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, string redirectUrl, TokenCache tokenCache = null)
[/code]
[code lang=”csharp”]
GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, Uri redirectUri, TokenCache tokenCache = null)
[/code]Parameters Description siteUrl Site for which the ClientContext object will be instantiated clientId The Azure AD Native Application Client ID redirectUri The Azure AD Native Application Redirect Uri tokenCache Optional token cache. If not specified an in-memory token cache will be used. Microsoft.IdentityModel.Clients.ActiveDirectory should be added as assembly reference for TokenCache parameter The below example code returns the ClientContext object by authenticating the user from Azure AD. Authenticating happens by redirecting the user to Azure AD Logon page.
[code lang=”csharp”]
//SharePoint Online – Interactive via Azure AD
string siteUrl = "https://mycompany.sharepoint.com";
string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetAzureADNativeApplicationAuthenticatedContext(siteUrl, aadAppId, "<redirect url>");
[/code] - GetAzureADAppOnlyAuthenticatedContext
Returns a SharePoint ClientContext using Azure Active Directory App Only Authentication. This requires that you have a certificated created, and updated the key credentials key in the application manifest in the azure AD accordingly.
[code lang=”csharp”]
GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, StoreName storeName, StoreLocation storeLocation, string thumbPrint)[/code]
[code lang=”csharp”]
GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, string certificatePath, string certificatePassword)[/code]Parameters Description siteUrl Site for which the ClientContext object will be instantiated clientId The Azure AD Application Client ID tenant The Azure AD Tenant, e.g. mycompany.onmicrosoft.com storeName The name of the store for the certificate storeLocation The location of the store for the certificate thumbPrint The thumbprint of the certificate to locate in the store certificatePath The path to the certificate (*.pfx) file on the file system certificatePassword Password to the certificate The below example code returns the ClientContext object by authenticating the user based on provided APP’s certification information.
[code lang=”csharp”]
//SharePoint Online – App Only via Azure AD
string siteUrl = "https://mycompany.sharepoint.com";
string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";
string pfxPassword = GetString("Get PFX file password");
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetAzureADAppOnlyAuthenticatedContext(siteUrl, aadAppId, "mycompany.onmicrosoft.com", @"<certificate Path>", pfxPassword);
[/code] - GetAzureADAccessTokenAuthenticatedContext
Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Web Application registered. The user will not be prompted for authentication, the current user’s authentication context will be used by leveraging an explicit OAuth 2.0 Access Token value.
[code lang=”csharp”]
GetAzureADAccessTokenAuthenticatedContext(String siteUrl, String accessToken)
[/code]Parameters Description siteUrl Site for which the ClientContext object will be instantiated accessToken An explicit value for the AccessToken The below example returns the ClientContext object from SharePoint online site based on provided access token information.
[code lang=”csharp”]
//SharePoint Online – AccesToken from Azure AD
string siteUrl = "https://mycompany.sharepoint.com";
string accessToken = "<Access Token>";
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetAzureADAccessTokenAuthenticatedContext(siteUrl, accessToken);
[/code] - GetAzureADWebApplicationAuthenticatedContext
Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Web Application registered. The user will not be prompted for authentication, the current user’s authentication context will be used by leveraging ADAL.
[code lang=”csharp”]
GetAzureADWebApplicationAuthenticatedContext(String siteUrl, Func<String, String> accessTokenGetter)
[/code]Parameters Description siteUrl Site for which the ClientContext object will be instantiated accessToken The AccessToken getter method to use The below example returns the ClientContext object from SharePoint online site based on generated access token information.
[code lang=”csharp”]
//SharePoint Online – Generated AccesToken from Azure AD
string siteUrl = "https://mycompany.sharepoint.com";
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetAzureADWebApplicationAuthenticatedContext(siteUrl, accessTokenGenerator());
[/code]
SharePoint On-Premises
- GetADFSUserNameMixedAuthenticatedContext
Returns a SharePoint on-premises ClientContext for sites secured via ADFS
[code lang=”csharp”]
GetADFSUserNameMixedAuthenticatedContext(string siteUrl, string user, string password, string domain, string sts, string idpId, int logonTokenCacheExpirationWindow = 10)
[/code]Parameters Description siteUrl Url of the SharePoint site that’s secured via ADFS user Name of the user (e.g. administrator) password Password of the user domain Windows domain of the user The below example returns the ClientContext object from SharePoint on-premises site based on provided credential information.
[code lang=”csharp”]
//SharePoint On-Premises – ADFS
string siteUrl = "https://mycompany.com";
string userName = "UserName";
string password = GetSecureString("password");
string domain = "Domain";
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetADFSUserNameMixedAuthenticatedContext(siteUrl, userName, password, "<sts>", "<IDPID>", "10");
[/code]
SharePoint Online & On-Premises
- GetWebLoginClientContext
Returns a SharePoint on-premises / SharePoint Online ClientContext object. Requires claims based authentication with FedAuth cookie.
[code lang=”csharp”]
GetWebLoginClientContext(string siteUrl)
[/code]Parameters Description siteUrl Site for which the ClientContext object will be instantiated The below example returns the ClientContext object from SharePoint online site by interacting with user for logon information.
[code lang=”csharp”]
//SharePoint Online – Interactive
string siteUrl = "https://mycompany.sharepoint.com";
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetWebLoginClientContext(siteUrl);
[/code] - GetNetworkCredentialAuthenticatedContext
Returns a SharePoint on-premises / SharePoint Online Dedicated ClientContext object
[code lang=”csharp”]
GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, SecureString password, string domain)
[/code]
[code lang=”csharp”]
GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, string password, string domain)
[/code]Parameters Description siteUrl Site for which the ClientContext object will be instantiated user User to be used to instantiate the ClientContext object password Password (SecureString) of the user used to instantiate the ClientContext object domain Domain of the user used to instantiate the ClientContext object The below example returns the ClientContext object SharePoint On-premises site based on the provided credential information.
[code lang=”csharp”]
//SharePoint On-Premises – Credentials
string siteUrl = "https://mycompany.com";
string userName = "UserName";
SecureString password = GetSecureString("password");
string domain = "Domain";
AuthenticationManager authManager = new AuthenticationManager();
ClientContext context = authManager.GetNetworkCredentialAuthenticatedContext(siteUrl, userName, password, domain);
[/code]
Happy learning :) Stay tuned for more information…
Hi Shantha Kumar,
I am trying to use, OfficeDevPnP.Core.AuthenticationManager in .net core and getting 400 request. The same work in .net framework.
I also see the warning message : It was restored using ‘..NETFramework, Version=v4.6.1’ instead of the project target framework ‘.NetCoreApp,Version=v2.0’. And this may not be fully compatible.
Any thoughts?
Thank you,
Ramya
The last one works for me. Finding this since 2 days now.
@Ramya can you please try using the last approach in the article ?