question

johnjohn-0472 avatar image
0 Votes"
johnjohn-0472 asked Jerryzy commented

What we need to do inside our Apps to authnticate them instead of using ClientID and ClientSecret

I were reading this link @ https://www.koskila.net/literally-breaking-changes-to-app-authentication-on-sharepoint-%F0%9F%98%B5/.. and that Microsoft is deprecating authenticating our Apps using ClientID & ClientSecret .. For example inside our Remote event receiver we get the sharepoint context using this CSOM code:-

 using (ClientContext context = Helpers.GetAppOnlyContext(properties.ItemEventProperties.WebUrl))

and the GetAppOnlyContext:-

 public class Helpers
     {
         public static ClientContext GetAppOnlyContext(string siteUrl)
         {
             try
             {
                 Uri siteUri = new Uri(siteUrl);
                 string realm = TokenHelper.GetRealmFromTargetUrl(siteUri);
                 string accessToken = TokenHelper.GetAppOnlyAccessToken(TokenHelper.SharePointPrincipal, siteUri.Authority, realm).AccessToken;
    
                 return TokenHelper.GetClientContextWithAccessToken(siteUri.ToString(), accessToken);
             }
    
             catch (Exception ex)
             {
                 Trace.TraceInformation("GetAppOnlyContext failed. {0}", ex.Message);
             }
             return null;
         }
    
         public static ClientContext GetAuthenticatedContext(string siteUrl)
         {
             string userName = WebConfigurationManager.AppSettings.Get("AuthenticatedUserName");
             string password = WebConfigurationManager.AppSettings.Get("AuthenticatedUserPassword");
             return GetAuthenticatedContext(siteUrl, userName, password);
         }
    
         public static ClientContext GetAuthenticatedContext(string siteUrl, string userName, SecureString password)
         {
             ClientContext ctx = new ClientContext(siteUrl);
             ctx.Credentials = new SharePointOnlineCredentials(userName, password);
             return ctx;
         }
    
         public static ClientContext GetAuthenticatedContext(string siteUrl, string userName, string password)
         {
             SecureString securePassword = GetPassword(password);
             return GetAuthenticatedContext(siteUrl, userName, securePassword);
         }
    
         private static SecureString GetPassword(string passwd)
         {
             var secure = new SecureString();
             foreach (char c in passwd)
             {
                 secure.AppendChar(c);
             }
             return secure;
         }
    
         public static string EmptyIfNull(object obj)
         {
             return obj == null ? "" : obj.ToString();
         }
     }

and inside web.config we define the ClientId & ClientSecret :-

 <appSettings file="custom.config">
     <add key="ClientId" value="**" />
     <add key="ClientSecret" value="***" />
   </appSettings>

so my question is what we need to do to prevent using the ClientID and ClientSecret? and use a future proof approach?

Thanks


office-sharepoint-online
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is there any update ?

0 Votes 0 ·

1 Answer

Jerryzy avatar image
0 Votes"
Jerryzy answered

Hi @johnjohn-0472 ,

There is no affect by ACS Retirement for the SharePoint Add-In:

87513-snipaste-2021-04-14-09-42-00.png

So you can still use Client Id/Secret inside the Provider Hosted Add In.

How to: Migrate from the Azure Access Control Service

What happens when ACS is retired this year?

Thanks
Best Regards



If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.