Connect to SharePoint online from Azure Function and ASP.NET core web application using REST API

Question

Connect to SharePoint online from Azure Function and ASP.NET core web application using REST API

john john 1,021

We are developing those 2 components inside our project:-

1) Azure Function which run on daily basis and which read/write to SharePoint Online lists and libraries.

2) ASP.NET core web application which integrate with SharePoint using REST API.

now we are stuck on the following 2 points:-

Question-1) how we can authenticate those 2 components?

Question-2) In the Azure Function we want to pass the credentials of an admin account, while for the ASP.NET core web application we want to pass the login user credentials when connecting to SharePoint (so if the user tried to create a new SP item from ASP.NET core application, then the user should have the needed permission on the SP list) .

now we found those links which uses 2 different approaches for authentication (one using AZURE AD APP while the other uses username and password)

https://sharepointstew.wordpress.com/2021/07/07/app-only-authentication-in-sharepoint-online-using-latest-azure-sdk/

https://www.c-sharpcorner.com/article/authenticate-sharepoint-using-pnp-framework-in-an-azure-functions/

so what are the differences between those 2 approaches? and which one best suites our needs as per the above 2 questions?

Thanks

1 answer

Your answer

Answer 1

RaytheonXie_MSFT 40,471 Microsoft External Staff

Hi @john john
When you have applications, hosted services, or automated tools that need to access or modify resources, you can create an identity for the app. This identity is known as a service principal. Access to resources is restricted by the roles assigned to the service principal, giving you control over which resources can be accessed and at which level. For security reasons, it's always recommended to use service principals with automated tools rather than allowing them to log in with a user identity.
So I will recomend you to use Azure AD app only to approach for authentication. For more details, Please refer to the document
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

john john 1,021 Reputation points

2022-12-08T09:31:00.887+00:00

@RaytheonXie_MSFT Thanks for the detailed reply. so you mean for both the ASP.NET Core web application + the backgrounf function, it is preferred to use Azure AD app only?

Second question, how we can interact with SharePoint using the login user identity from our asp.net core, which authenticate the users using their office 365 accounts?

RaytheonXie_MSFT 40,471 Microsoft External Staff

Hi @john john
You can use PnP Framework to login user by following code

using PnP.Framework;  
using System;  
  
namespace AzureADCertAuth  
{  
    class Program  
    {  
        static void Main(string[] args)  
        {  
            var authManager = new AuthenticationManager("<application id>", "c:\\temp\\mycert.pfx", "<password>", "contoso.onmicrosoft.com");  
            using (var cc = authManager.GetAzureADAppOnlyAuthenticatedContext("https://contoso.sharepoint.com/sites/demo"))  
            {  
                cc.Load(cc.Web, p => p.Title);  
                cc.ExecuteQuery();  
                Console.WriteLine(cc.Web.Title);  
            };  
        }  
    }  
}

Tong Zhang_MSFT 9,251 Reputation points

2022-12-30T07:32:34.803+00:00

Hi @john john ,

Do you have any further questions about this thread? If you have any questions or progress, you can contact me in time.

Share via

Connect to SharePoint online from Azure Function and ASP.NET core web application using REST API

1 answer

Your answer