I were reading this link @ https://www.koskila.net/literally-breaking-changes-to-app-authentication-on-sharepoint-%F0%9F%98%B5/.. and that Microsoft is deprecating authenticating our Apps using ClientID & ClientSecret .. For example inside our Remote event receiver we get the sharepoint context using this CSOM code:-
using (ClientContext context = Helpers.GetAppOnlyContext(properties.ItemEventProperties.WebUrl))
and the GetAppOnlyContext:-
public class Helpers
{
public static ClientContext GetAppOnlyContext(string siteUrl)
{
try
{
Uri siteUri = new Uri(siteUrl);
string realm = TokenHelper.GetRealmFromTargetUrl(siteUri);
string accessToken = TokenHelper.GetAppOnlyAccessToken(TokenHelper.SharePointPrincipal, siteUri.Authority, realm).AccessToken;
return TokenHelper.GetClientContextWithAccessToken(siteUri.ToString(), accessToken);
}
catch (Exception ex)
{
Trace.TraceInformation("GetAppOnlyContext failed. {0}", ex.Message);
}
return null;
}
public static ClientContext GetAuthenticatedContext(string siteUrl)
{
string userName = WebConfigurationManager.AppSettings.Get("AuthenticatedUserName");
string password = WebConfigurationManager.AppSettings.Get("AuthenticatedUserPassword");
return GetAuthenticatedContext(siteUrl, userName, password);
}
public static ClientContext GetAuthenticatedContext(string siteUrl, string userName, SecureString password)
{
ClientContext ctx = new ClientContext(siteUrl);
ctx.Credentials = new SharePointOnlineCredentials(userName, password);
return ctx;
}
public static ClientContext GetAuthenticatedContext(string siteUrl, string userName, string password)
{
SecureString securePassword = GetPassword(password);
return GetAuthenticatedContext(siteUrl, userName, securePassword);
}
private static SecureString GetPassword(string passwd)
{
var secure = new SecureString();
foreach (char c in passwd)
{
secure.AppendChar(c);
}
return secure;
}
public static string EmptyIfNull(object obj)
{
return obj == null ? "" : obj.ToString();
}
}
and inside web.config we define the ClientId & ClientSecret :-
<appSettings file="custom.config">
<add key="ClientId" value="**" />
<add key="ClientSecret" value="***" />
</appSettings>
so my question is what we need to do to prevent using the ClientID and ClientSecret? and use a future proof approach?
Thanks
