How to do ACS setup for SharePoint app only authentication for SharePoint server (On-Premise)?

Yichen Name 86 Reputation points
2023-01-27T14:29:45.48+00:00

Hi Team,

I wanted to implement app only authentication for SharePoint server. Do you have any document mentioning all the steps for the same?

Microsoft 365 and Office | SharePoint Server | For business
Microsoft 365 and Office | SharePoint Server | Development
{count} votes

2 answers

Sort by: Most helpful
  1. Yichen Name 86 Reputation points
    2023-02-13T09:09:13.8633333+00:00

    This process works for online but does not work for on prem versions

    1 person found this answer helpful.
    0 comments No comments

  2. Yanli Jiang - MSFT 31,606 Reputation points Microsoft External Staff
    2023-01-30T09:20:01.1133333+00:00

    Hi @Yichen Name ,

    SharePoint App-Only is the older, but still very relevant, model of setting up app-principals. This model works for both SharePoint Online and SharePoint 2013/2016/2019 on-premises and is ideal to prepare your applications for migration from SharePoint on-premises to SharePoint Online. Below steps show how to setup an app principal with tenant full control permissions, but obviously you could also grant just read permissions using this approach.

    Navigate to a site in your tenant (e.g. https://contoso.sharepoint.com) and then call the appregnew.aspx page (e.g. https://contoso.sharepoint.com/_layouts/15/appregnew.aspx). In this page click on the Generate button to generate a client id and client secret and fill the remaining information like shown in the screen-shot below.

    02011

    Next step is granting permissions to the newly created principal. Since we're granting tenant scoped permissions this granting can only be done via the appinv.aspx page on the tenant administration site. You can reach this site via https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx. Once the page is loaded add your client id and look up the created principal:

    02012

    To grant permissions, you'll need to provide the permission XML that describes the needed permissions. Since this application needs to be able to access all sites + also uses search with app-only it needs below permissions:

    <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
    </AppPermissionRequests>
    

    When you click on Create you'll be presented with a permission consent dialog. Press Trust It to grant the permissions.

    If you want to utilize the generated app-only registration with PnP PowerShell, you can do so by connecting to your SharePoint On-Premises or Online environment using:

    Connect-PnPOnline -Url https://contoso.sharepoint.com/sites/demo -ClientId [Your Client ID] -ClientSecret "[Your Client Secret]"

    For more information, please refer to:

    https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly

    https://www.wictorwilen.se/blog/sharepoint-2013-using-the-app-only-policy-and-app-principals-instead-of-username-and-password-combos/

    https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/plan-for-app-authentication-in-sharepoint-server

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.