How to automate the connection to a SharePoint site with multi factor automation for Azure Development Pipiline

Mikhail 41 Reputation points
2019-12-09T16:49:06.797+00:00

We are trying to organize an Azure Development Pipeline where the deployment and some development process would be automated.

The SharePoint sites we are currently working with require a multi-factor authentication, which mean the site access requires confirmation from either the phone up or the security code

Previously in the code the following connection logic used to work 

 context.Credentials = new SharePointOnlineCredentials(  
 ConfigSettings.AdminUserName,  
 ConfigSettings.AdminPassword);

This code no longer works as this code cannot connect to the multi factor authentication sites and a different code is used to connect 

var authManager = new OfficeDevPnP.Core.AuthenticationManager();  
context = authManager.GetWebLoginClientContext(ConfigSettings.SiteUrl)

This code works well when the code is run manually. When this code is reached, the connection interface opens and the credentials are handled and confirmed.

But are the ways to automate the authentication process? Can the multi-factor authentication be fully automated using some sort of secure token?

Thank you in advance for your answers

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,872 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,462 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. FrankHu-MSFT 976 Reputation points
    2019-12-11T02:32:41.903+00:00

    Hello,

    The multi factor authentication cannot be automated, as a large point of the multi factor is to provide secure authentication from a human that is logging in with multiple points of security from said human to prove their identity.

    Perhaps you could utilize a different authentication protocol, such as providing the sharepoint server a service principal that has exclusive access to your azure development pipeline.
    If your azure dev pipeline is utilizing AAD OAuth2 you would be able to utilize the AAD Client Credential flow. https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow

    Note per the post below, for further help on this azure devops pipeline authentication question please open a developer community item with the tag [AltCreds] in the title. For faster service, please search for [AltCreds] in the developer community forum first, as your question might already be answered. You can reach out to us on Twitter at @Azure Dev Ops too.
    https://devblogs.microsoft.com/devops/azure-devops-will-no-longer-support-alternate-credentials-authentication/

    Reference Links : https://developercommunity.visualstudio.com/spaces/8/index.html
    https://twitter.com/AzureDevOps

    Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.

    0 comments
  2. ocean specialists 1 Reputation point
    2020-02-11T11:58:44.297+00:00

    Thanks for such a precious Knowledge.

    Please Visit: https://www.oceanspecialists.com

    2822-2.jpg

    0 comments