How to perform SharePoint Online authentication in console APP using CSOM

Lakshman Bana 61

Hello,

I'm trying to connect to myfuturenet.sharepoint.com in .Net console application to add/remove elements to the list item. In this process, I'm using ClientContext but most of the examples are using Userid and Password in SharePointOnlineCredentials(). My objective is not to ask User ID and Password in the application but to use existing authentication credentials that were generated with SSO.

Any pointers on this would be a great help. Thanks in advance.

Accepted answer

Jerryzy 10,566 Reputation points

2021-04-02T01:55:54.977+00:00
Hi @Lakshman Bana ,

PnP.Framework Library supported to use App Id and App Secret to get the ClientContext and this library supported both .NET Framework and .NET Standard:

Please first install PnP.Core as this is the dependent package for PnP.Framework:

Install-Package PnP.Core -Version 1.1.0 Install-Package PnP.Framework -Version 1.4.0

Then authentication with App Id and AppSecret ( register in https://siteurl/_layouts/15/AppRegNew.aspx) like this:

using Microsoft.SharePoint.Client; using PnP.Framework; ClientContext ctx = new AuthenticationManager().GetACSAppOnlyContext("SiteUrl", "AppId", "AppSecret"); ctx.Load(ctx.Web); ctx.ExecuteQuery();

Here is a detailed blog for your reference:

M365 – SharePoint Online – CSOM – Getting SharePoint client context using PnP.Framework in .NET Core application

Thanks
Best Regards

If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.

4 people found this answer helpful.
Ali Zia 1 Reputation point

2021-07-24T23:17:27.697+00:00

Can you please confirm if the above code snippet works now? Has there been any changes in Azure ACS lately, I cannot authenticate against the generated client id and client secret with the above C# code, Postman, PowerShell. Previously the same code worked for me with no issues.

Lakshman Bana 61 Reputation points

2021-07-26T14:01:41.597+00:00

Hello,
I currently use BrowserHelper.cs snippet from powershell utilities. The changed settings working well for the users and the purpose we wanted to solve.
I would've to change the code to test this original scenario.
Sign in to comment

5 additional answers

Trevor Seward 11,681 Reputation points

2021-04-01T17:47:05.84+00:00

The cookies aren't shared between your browser and your application, thus you will need to either authenticate interactively or use Client ID + Secret/Certificate for unattended authentication.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment
Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more
gsaunders 96 Reputation points

2021-04-01T19:29:42.45+00:00

Here is link to where I had issue getting .NET Standard (5.0) working with app permissions using client / secret and ended up getting things working with client / certificate.

Again... not SSO, but may help someone dealing with app based permission.

webexception-in-microsoft-sharepoint-client-runtime-dll.6756
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Lakshman Bana 61 Reputation points

2021-04-02T11:49:39.81+00:00

Thanks for all the pointers. I think they look promising and I'm going to try it out today. I'll post the results once I make some progress.
Thanks once again for the pointers.
lb
Please sign in to rate this answer.
Jerryzy 10,566 Reputation points

2021-04-06T01:16:10.32+00:00

Hi @Lakshman Bana ,

Is there any update share with us ? If the code sample in the above answer is helpful to the answer, I suggest you could accept as answer so that it could also help others in the forum.

Thanks
Best Regards

Lakshman Bana 61 Reputation points

2021-04-06T12:48:13.26+00:00

I still don't know if the authentication is successful, and also don;t know how to confirm it (wireshark/fiddler).

It appears @Jerryzy-MSFT suggestion is closer to the solution. Let me iterate the steps I performed:

Requested production site admin to create Client ID and Secrete for the app page, and he provided along with those two a redirect URL with localhost.

Ran application with params client id and secret and I was getting response 401 unauthorized

Two or 3 hrs later ran the same code and today I'm getting JSON exception "< is an invalid start of a value. Path: $

Couple of questions in debugging ClientContext object.

What state should it be in. most of attributes are in red.

After load what state should web object should be in and here also most of the attributes are in red.

thanks
lb

Jerryzy 10,566 Reputation points

2021-04-06T13:40:34.46+00:00

,Make sure the app has been granted the enough permission, otherwise it will throw 401 unauthorized:

Check out the step in official document:
Granting access using SharePoint App-Only

Jerryzy 10,566 Reputation points

2021-04-06T13:48:04.437+00:00

For authentication validate, you could performance request in Postman to get access token with Client Id and Secret:

Accessing SharePoint Data using Postman (SharePoint REST API)

Or just get the Web Title in the CSOM ClientContext code above

Lakshman Bana 61 Reputation points

2021-04-06T16:58:00.94+00:00

It looks like Authentication credentials are working. After installing Postman, I requested a OAuth2.0 token and Postman popup window brings up my SharePoint online site. Also for the GET request I see 200 response with all cookies in place(at least look the same in browser debug and postman cookie attributes).

But ExecuteQuery() on client context still fails. How do I make sure getACSAppOnlyContext() is successful and similarly the other calls in those three lines?

Is there a way to add source references for PnP to the application for debug purposes?

Thank you very much for the pointers.
lb

Jerryzy 10,566 Reputation points

2021-04-07T00:49:44.433+00:00

getACSAppOnlyContext() will be successful once ExecuteQuery() complete:

You can add a break point like above for debug propose.

Lakshman Bana 61 Reputation points

2021-04-08T00:36:24.617+00:00

Is it the right assumption to make, in that case that GetACSAppOnlyConext() sets up async event calls and ExecuteQuery invokes where appropriate?
This seems to be a bit confusing (may be I'm missing quite a bit of understanding of these functions). The ExecuteQuery() should rely on the success of GetACSAppOnlyContext() and state of the object should be valid when execute is called.
I'm planning to carve out basics and integrate them into the application for easy debugging.

I also also tried as suggested, and the execute call fails with Json exception in System.Text.Json.dll with '<' is an invalid start of value. The call stack is not clear and where it is coming from.

thanks
lb

Jerryzy 10,566 Reputation points

2021-04-08T00:44:53.513+00:00

ExecuteQuery is necessary before accessing the value and properties in SharePoint CSOM:

Call Load and ExecuteQuery Before Accessing Value Properties)

GetACSAppOnlyContext is to get the ClientContext object, if it's valid then ExecuteQuery() won't have problem.

Double check if the app permission has been granted correctly, as it's working as expected in my side with the code snippet above.
Sign in to comment