SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,630 questions
Is it safe to integrate with SharePoint online API through a console application which is hosted on local VM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 15%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
john john Pter
110
Reputation points
I have the below console application which is hosted on a local VM, which integrates with SharePoint Online. the console application authenticates with SharePoint using ClientId, TenantID & Certificate, as follow:-
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using PnP.Core.Auth;
using PnP.Core.Model.SharePoint;
using PnP.Core.Model.Teams;
using PnP.Core.QueryModel;
using PnP.Core.Services;
using PnP.Core.Services.Builder.Configuration;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Globalization;
using System.Runtime.CompilerServices;
using System.Security.Cryptography.X509Certificates;
using static Microsoft.ApplicationInsights.MetricDimensionNames.TelemetryContext;
using static System.Net.Mime.MediaTypeNames;
namespace ConsoleApp4
{
internal class Program
{
static async Task Main(string[] args)
{
var tenantId = "b***c";
var clientId = "7*****9";
var certificatePath = @"c:\CERT\SPDashBoardIntegration.pfx";
var certificatePassword = "***";
// Initialize a new service collection
var serviceCollection = new ServiceCollection();
// Load the certificate
var certificate = new X509Certificate2(certificatePath, certificatePassword, X509KeyStorageFlags.Exportable);
// Configure logging
serviceCollection.AddLogging(builder =>
{
builder.AddConsole();
});
// Add and configure PnP Core SDK
serviceCollection.AddPnPCore(options =>
{
options.PnPContext.GraphFirst = true; // Set true if you prefer to use Graph over CSOM when possible
// options.HttpRequests.UserAgent = "ISV|Contoso|ProductX";
options.Sites.Add("SiteToWorkWith", new PnPCoreSiteOptions
{
SiteUrl = "https://********.sharepoint.com/sites/********-******",
AuthenticationProvider = new X509CertificateAuthenticationProvider(clientId, tenantId, certificate)
});
});
int i = 0;
// Build the service provider
var serviceProvider = serviceCollection.BuildServiceProvider();
// Use the service provider to get the IPnPContextFactory instance
var pnpContextFactory = serviceProvider.GetRequiredService<IPnPContextFactory>();
// Now you can use the IPnPContextFactory to get a PnPContext and perform operations
var context = await pnpContextFactory.CreateAsync("SiteToWorkWith");
// Assume the fields where not yet loaded, so loading them with the list
var workOrderList = context.Web.Lists.GetByTitle("Work Orders", p => p.Title,
p => p.Fields.QueryProperties(p => p.InternalName,
p => p.FieldTypeKind,
p => p.TypeAsString,
p => p.Title));
Now my question is if this is a secure approach? I mean when the VM sends the ClientID, Client Secret & Certificate to SharePoint Online, will that info be secure on the network? i mean will the console application communicate with SharePoint in a secure way when it sends the credentials (ClientID, Client Secret & Certificate)? If not, then how we can secure this ?
Thanks