App-only auth to on-premise Sharepoint Server 2019

Mark 20 Reputation points
2023-04-28T03:45:39.51+00:00

Hi,

This is my first time doing something like this so I hope yall will forgive my newbie take on this!

I'm building a simple app to download files from an on-premise Sharepoint 2019 server. To test this, I want to acquire authentication without requiring user input (like a daemon app would) as a bearer token, which I will use to download my files. Is authentication using ACS the preferred auth method?

I have created an app on my Sharepoint test server with full privileges and acquired the client ID and secret, but I'm not sure where I should be querying using these credentials to acquire the token.

What other steps should I be performing to complete authentication with my on-premise Sharepoint server?

Thanks in advance!

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,388 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vahid Ghafarpour 22,060 Reputation points
    2023-04-28T04:58:06.2233333+00:00

    There are multiple authentication options available when it comes to SharePoint 2019. One of them is using Azure Active Directory (Azure AD) and Azure Access Control Service (ACS) as the trusted authentication provider.

    To acquire an authentication token, you can use the OAuth 2.0 protocol with the client credentials flow. You will need to make an HTTP request to the token endpoint with the client ID and secret as credentials. The token endpoint URL for SharePoint 2019 using ACS is usually in the format of:

    https://<your-tenant>.accesscontrol.windows.net/<your-relying-party>/tokens/OAuth/2

    You can replace <your-tenant> with the name of your Azure AD tenant and <your-relying-party> with the relying party identifier of your SharePoint farm.

    Here's an example of how to make the HTTP request in C# using the HttpClient class:

    using System;
    using System.Net.Http;
    using System.Threading.Tasks;
    
    namespace ConsoleApp1
    {
        class Program
        {
            static async Task Main(string[] args)
            {
                var httpClient = new HttpClient();
                var clientId = "<your-client-id>";
                var clientSecret = "<your-client-secret>";
                var tokenEndpoint = "https://<your-tenant>.accesscontrol.windows.net/<your-relying-party>/tokens/OAuth/2";
                var requestContent = new FormUrlEncodedContent(new[]
                {
                    new KeyValuePair<string, string>("grant_type", "client_credentials"),
                    new KeyValuePair<string, string>("client_id", clientId),
                    new KeyValuePair<string, string>("client_secret", clientSecret),
                    new KeyValuePair<string, string>("resource", "<your-sharepoint-site-url>")
                });
                var response = await httpClient.PostAsync(tokenEndpoint, requestContent);
                var responseContent = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseContent);
            }
        }
    }
    
    

    In the above example, replace <your-client-id> and <your-client-secret> with the client ID and secret of your SharePoint app registration, and replace <your-tenant>, <your-relying-party>, and <your-sharepoint-site-url> with the appropriate values for your environment.

    Once you have acquired the token, you can use it to make authenticated requests to SharePoint REST APIs to download files.


  2. RaytheonXie_MSFT 36,501 Reputation points Microsoft Vendor
    2023-05-02T09:15:45.7433333+00:00

    Hi @Mark,

    You can follow the steps to get accesstoken. Please refer to the following nice article.

    https://global-sharepoint.com/sharepoint-online/in-4-steps-access-sharepoint-online-data-using-postman-tool/

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.