question

johnjohn-0472 avatar image
0 Votes"
johnjohn-0472 asked MichaelHan-MSFT commented

What is the recommnded way to use CSOM code inside AWS Lambda function

We want to build a lambda function which contains c# code to run some CSOM code. now when i write CSOM code inside .NET console applications i use this approach to authenticate to SharePoint online:-

 static void Main(string[] args)
         {
               
             string siteUrl = "https://***.sharepoint.com/sites/CustomerServiceKB/";
             string clientId = "******";
             string clientSecret = "*****";
             using (ClientContext context = new OfficeDevPnP.Core.AuthenticationManager().GetAppOnlyAuthenticatedContext(siteUrl, clientId, clientSecret))
    
             {


so will this approach works inside AWS Lambda function?

Second question. per my knowledge newly created Office 365 tenants has SharePoint app-only permissions disabled.. so will my above code fail to work if the SharePoint app-only permissions is disabled?

Thanks


office-sharepoint-onlinesharepoint-dev
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered johnjohn-0472 commented

Hi @johnjohn-0472,

I'm not an expert in AWS Lambda. And per my research, AWS Lambda function should be built in .NET Core.

The package SharePointPnPCoreOnline is targeted for .net framework. To use CSOM in .net core, you should use the pnp.Framwork package: https://www.nuget.org/packages/PnP.Framework/

 var ctx = new PnP.Framework.AuthenticationManager().GetACSAppOnlyContext(siteUrl, clientId, clientSecret)

For your second question, yes, the code will fail if SharePoint app-only permissions is disabled. You could run the below powershell to enable it:

 set-spotenant -DisableCustomAppAuthentication $false

And use the Azure AD app-only is more recommended.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MichaelHan-MSFT ok thanks .. but in my case i do not want to modify the tenant's settings by running this command ``set-spotenant -DisableCustomAppAuthentication $false`.. so what are the other available approaches to authenticate our code then?

Thanks

0 Votes 0 ·

@johnjohn-0472,
Then you should use AAD APP for authentication in your code, like this:

          string site = "https://contoso.sharepoint.com/sites/test";
         var clientId = "******";
         var certificatePath = @"C:\mycert.pfx";
         var certificatePassword = "xxxxx";
         var tenantId = "contoso.onmicrosoft.com";
         var authManager = new PnP.Framework.AuthenticationManager(clientId, certificatePath, certificatePassword, tenantId);
         var ctx = authManager.GetContext(site);
0 Votes 0 ·

@MichaelHan-MSFT so when using AAD APP i still need to pass the clientId and certificate password.. so how come it is more secure comapred to passing the Client Id and Client secret? can you advice more on this please?
Thanks

0 Votes 0 ·

@MichaelHan-MSFT also when i tried to create a new app registration inside Azure i got this message:-

123967-adapp.png

so seems using AAD APP for authentication is also deprecated... is my point correct?


0 Votes 0 ·
Show more comments
MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered MichaelHan-MSFT commented

@johnjohn-0472,
Using AAD APP for authentication is not deprecated. It' s just Azure Active Directory Authentication Library (ADAL) and Azure AD Graph are deprecated.

The new PnP Framwork depends on MSAL(Microsoft.Identity.Client), so this change will not affect your project.

124135-image.png



image.png (129.1 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MichaelHan-MSFT from where i can get the latest PnP?

0 Votes 0 ·

@MichaelHan-MSFT the PnP.Framework.AuthenticationManager nuget package is already deprecated.. have you checked this link @ https://www.nuget.org/packages/SharePointPnPCoreOnline

0 Votes 0 ·

@johnjohn-0472,

The link is talking about SharePointPnPCoreOnline. The SharePointPnPCoreOnline package retired not PnP Framework. They are different.


I am saying using PnP Framework package not SharePointPnPCoreOnline: https://www.nuget.org/packages/PnP.Framework

The latest release version of PnP Framework is 1.6.0 : https://github.com/pnp/pnpframework

126964-image.png
,



0 Votes 0 ·
image.png (20.1 KiB)
Show more comments