CSOM backend with Modern Authentication

Thomas Hellström 11

Hi,

I've been developing some backend code which connects to Sharepoint Online using CSOM (16.1) and .Net Framework (4.6.1)

_context = new ClientContext(_sharepointDocumentRootUrl);                
SecureString securePassword = new SecureString();
foreach (char c in _sharepointPassword)
{
    securePassword.AppendChar(c);
}
_context.Credentials = new SharePointOnlineCredentials(_sharepointUserName, securePassword);

This worked well until the auth method was changed in SharepointOnline from Legacy Auth to Modern Auth. Now we get a "The sign-in name or password does not match one in the Microsoft account system"

Of course, we've double/tripple-checked the username/password.

The system account has MFA turned off. The IT department wont let us use the SharePoint App-Only auth method. And they are very sceptical to allow legacy auth for or system account.

I've been googling around without any success. Any ideas?

RaytheonXie_MSFT 31,606 Reputation points Microsoft Vendor

2022-04-13T09:41:35.86+00:00

Hi @Thomas Hellström ,
I am currently doing some research on this issue, will let you know as soon as possible

Kevin Morgan 6

We can use the OfficeDevPnP.Core assembly from SharePointPnPPowerShellOnline module to connect CSOM with modern authentication.

Install the SharePointPnPPowerShellOnline module by running the command “Install-Module -Name SharePointPnPPowerShellOnline -Force” which installs the OfficeDevPnP.Core assembly. Refer this post : 53244.sharepoint-connect-to-site-with-mfa-enabled-using-csom-and-pnp-powershell.aspx

static void Main(string[] args) 
{ 
   string siteUrl = "https://< Jump tenant-name>.sharepoint.com/sites/contosoteam"; 
   var authManager = new OfficeDevPnP.Core.AuthenticationManager(); 
   // This method calls a pop up window with the login page and it also prompts 
   // for the multi factor authentication code. 
   ClientContext ctx = authManager.GetWebLoginClientContext(siteUrl); 
   // The obtained ClientContext object can be used to connect to the SharePoint site. 
   Web web = ctx.Web; 
   ctx.Load(web, w => w.Title); 
   ctx.ExecuteQuery(); 
   Console.WriteLine("You have connected to {0} site, with Multi Factor Authentication enabled!!", web.Title); 
}

dman 0 Reputation points

2023-03-10T09:25:57.6566667+00:00

When I try this, I can log in fine, but after I log in a kind of a web browser control pops up and display the site but I never get the control/context back into the program, so I can’t do anything with the context. If I close the browser window, the program ends.

2 answers

Bruce (SqlWork.com) 56,846 Reputation points

2022-04-13T16:00:34.147+00:00

you would use access tokens, rather than logging in. see thread:

https://learn.microsoft.com/en-us/answers/questions/607425/how-do-i-get-access-token-for-sharepoint-online-re.html
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
RaytheonXie_MSFT 31,606 Reputation points Microsoft Vendor

2022-04-14T09:13:11.357+00:00

Hi @Thomas Hellström ,
Sharepoint Online credentials - is equivalent of having the users himself logging in with his password without him being present(by hardcoding the username and password). If Legacy Authentication method is blocked ( for security reasons ) - then an interaction from the user is required for going through the authentication and obtain the token for subsequent action.
Retrieving the token necessary to access the Sharepoint with interaction is not possible. So if you want to connect sharepoint with Modern Authentication. Sharepoint App Only is necessary.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.
RaytheonXie_MSFT 31,606 Reputation points Microsoft Vendor

2022-04-18T08:15:39.8+00:00

Hi @Thomas Hellström ,
Have you tried the solution I proposed?

If you have any questions or progress, you can contact me in time.

Looking forward to your reply

Have a lucky day!

Thanks,
Raytheon Xie

Thomas Hellström 1 Reputation point

2022-04-25T07:50:43.657+00:00

Hi,

And thanks for your answer!

With app-only, do you mean the app-only-function including appregnew.aspx/appinv.aspx? Or an app registration in azure?

We've had a dialog with the customer we're developing for and they can accept a solution including user interaction. The system we're developing is based on Asp.Net MVC, .Net Framework 4.6.1. I was thinking somehow getting an access token by letting the user do a SP login from the web client (if possible). Then use the access token to make SP stuff via CSOM. Not sure how to accomplish that and if it's possible.

Thomas

RaytheonXie_MSFT 31,606 Reputation points Microsoft Vendor

2022-04-25T08:04:37.417+00:00

Hi @Thomas Hellström ,
SharePoint App-Only is the older, but still very relevant, model of setting up app-principals. You can refer to following document
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs

RaytheonXie_MSFT 31,606 Reputation points Microsoft Vendor

2022-05-10T09:44:05.577+00:00

Hi @Thomas Hellström ,
Does the answer help you? If you have any question about the issue, please feel free to reply.
Sign in to comment