question

LakshmanBana-7513 avatar image
0 Votes"
LakshmanBana-7513 asked LakshmanBana-7513 commented

How to perform SharePoint Online authentication in console APP using CSOM

Hello,

I'm trying to connect to myfuturenet.sharepoint.com in .Net console application to add/remove elements to the list item. In this process, I'm using ClientContext but most of the examples are using Userid and Password in SharePointOnlineCredentials(). My objective is not to ask User ID and Password in the application but to use existing authentication credentials that were generated with SSO.

Any pointers on this would be a great help. Thanks in advance.

lb

office-sharepoint-online
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jerryzy avatar image
1 Vote"
Jerryzy answered LakshmanBana-7513 commented

Hi @LakshmanBana-7513 ,

PnP.Framework Library supported to use App Id and App Secret to get the ClientContext and this library supported both .NET Framework and .NET Standard:

Please first install PnP.Core as this is the dependent package for PnP.Framework:

 Install-Package PnP.Core -Version 1.1.0
 Install-Package PnP.Framework -Version 1.4.0

Then authentication with App Id and AppSecret ( register in https://siteurl/_layouts/15/AppRegNew.aspx) like this:

 using Microsoft.SharePoint.Client;
 using PnP.Framework;
    
 ClientContext ctx = new AuthenticationManager().GetACSAppOnlyContext("SiteUrl", "AppId", "AppSecret");
 ctx.Load(ctx.Web);
 ctx.ExecuteQuery();

Here is a detailed blog for your reference:

M365 – SharePoint Online – CSOM – Getting SharePoint client context using PnP.Framework in .NET Core application

Thanks
Best Regards



If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you please confirm if the above code snippet works now? Has there been any changes in Azure ACS lately, I cannot authenticate against the generated client id and client secret with the above C# code, Postman, PowerShell. Previously the same code worked for me with no issues.

0 Votes 0 ·

Hello,
I currently use BrowserHelper.cs snippet from powershell utilities. The changed settings working well for the users and the purpose we wanted to solve.
I would've to change the code to test this original scenario.

0 Votes 0 ·
trevorseward avatar image
0 Votes"
trevorseward answered

The cookies aren't shared between your browser and your application, thus you will need to either authenticate interactively or use Client ID + Secret/Certificate for unattended authentication.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gsaunders-2123 avatar image
0 Votes"
gsaunders-2123 answered

lb,

This may not be what you want, but here are some things I have found while researching recently for ways to authenticate. Thought it may be of some use, but didn't see any thing specific to SSO

This uses a client certificate:
https://www.vrdmn.com/2020/06/using-net-standard-csom-and-msalnet-for.html

This uses .NET Standard based on OAuth access token and shows how to do it:
https://dips365.com/2020/06/24/csom-net-standard-version-apis/

This talks about application permissions:
https://www.vrdmn.com/2019/01/working-with-application-permissions.html

Microsoft using csom for donet standard
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/using-csom-for-dotnet-standard

I will say I have been able to get token, but still getting errors trying to executequery so I will be posting my own question shortly.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gsaunders-2123 avatar image
0 Votes"
gsaunders-2123 answered

Here is link to where I had issue getting .NET Standard (5.0) working with app permissions using client / secret and ended up getting things working with client / certificate.

Again... not SSO, but may help someone dealing with app based permission.

webexception-in-microsoft-sharepoint-client-runtime-dll.6756


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LakshmanBana-7513 avatar image
0 Votes"
LakshmanBana-7513 answered Jerryzy commented

Thanks for all the pointers. I think they look promising and I'm going to try it out today. I'll post the results once I make some progress.
Thanks once again for the pointers.
lb

· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @LakshmanBana-7513 ,

Is there any update share with us ? If the code sample in the above answer is helpful to the answer, I suggest you could accept as answer so that it could also help others in the forum.

Thanks
Best Regards

0 Votes 0 ·

I still don't know if the authentication is successful, and also don;t know how to confirm it (wireshark/fiddler).

It appears @Jerryzy-MSFT suggestion is closer to the solution. Let me iterate the steps I performed:

  1. Requested production site admin to create Client ID and Secrete for the app page, and he provided along with those two a redirect URL with localhost.

  2. Ran application with params client id and secret and I was getting response 401 unauthorized

  3. Two or 3 hrs later ran the same code and today I'm getting JSON exception "< is an invalid start of a value. Path: $

Couple of questions in debugging ClientContext object.
1. What state should it be in. most of attributes are in red.
2. After load what state should web object should be in and here also most of the attributes are in red.

thanks
lb








0 Votes 0 ·
Jerryzy avatar image Jerryzy LakshmanBana-7513 ·

,Make sure the app has been granted the enough permission, otherwise it will throw 401 unauthorized:

84898-sharepointapponly2.png


Check out the step in official document:
Granting access using SharePoint App-Only


0 Votes 0 ·
Jerryzy avatar image Jerryzy LakshmanBana-7513 ·

For authentication validate, you could performance request in Postman to get access token with Client Id and Secret:

Accessing SharePoint Data using Postman (SharePoint REST API)



Or just get the Web Title in the CSOM ClientContext code above

0 Votes 0 ·
Show more comments
LakshmanBana-7513 avatar image
0 Votes"
LakshmanBana-7513 answered LakshmanBana-7513 commented

After enabling few debug options I see the below (lot better than Json exception):
The exception details as below:
"The remote server returned an error: (404) Not Found."

at System.Net.HttpWebRequest.GetResponse() in /_/src/System.Net.Requests/src/System/Net/HttpWebRequest.cs:line 1004

at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute()

at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb)

at Microsoft.SharePoint.Client.ClientRequest.ExecuteQuery()

at Microsoft.SharePoint.Client.ClientRuntimeContext.ExecuteQuery()

at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()

at ConsoleApp3.Program.Main(String[] args)

A relative path "/_vti_bin/client.svc/ProcessQuery" gets appended to my original uri that I passed to the ClientContext. And the HTTP method seems to be the POST.

thanks
lb

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

In the code snippet site url, there should be no "relative path "/_vti_bin/client.svc/ProcessQuery" append .
Can you perform a check to the App Permission ? If the permission is set correctly, then the code will work as expected like in the answer above.

0 Votes 0 ·

It was my bad that I didn't understand fully the SPO URL. SPO expert pointed my mistake with the URL that I've been passing to GetACSAppOnlyContext(). In the URL he spotted that I've included library path and suggested that I need to pass only the site url.

With that fix, the original three lines proposed by @Jerryzy-MSFT works.
Thanks for all your help.
lb

0 Votes 0 ·