How to implement folder level authentication in Sharepoint

Avinash Pathak 0 Reputation points
2024-05-13T09:40:13.21+00:00

Hello Team,

Currently, our code uses UserName and Password for authentication. Since it’s a deprecated method. We need to change it and use ClientId and ClientSecret instead.

Approach 1

We tried registering an app in SharePoint, ref. https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs

Observation and Conclusion: When using the above approach we weren't able to access SharePoint and always got the 403 error System.UnauthorizedAccessException although we were able to get the access token but when making any request with that token we were getting this error. References: How To Perform A SharePoint App-Only Authentication In Power Automate
here is the Postman request for my token generation which works fine and I can generate a token

User's image

but when I use this access token I get the following error

User's image

For app permission while registering we have used the following XML

<AppPermissionRequests AllowAppOnlyPolicy="true">

<AppPermissionRequest

    Scope="[http://myDomainName.sharepoint.com/content/tenant"]

    Right="FullControl"

  />

    <AppPermissionRequest

    Scope="`` `https://myDomainName.sharepoint.com/sites/GCI_ConnectPOC"` ``

    Right="FullControl"

  />

  <AppPermissionRequest Scope="https://``myDomainName``.sharepoint.com" Right="FullControl" />

</AppPermissionRequests>

Approach 2

We tried registering the app using Azure portal and generated the same clientID and client secret and using that, ref- Quickstart: Register an app in the Microsoft identity platform - Microsoft identity platform

Observation and Conclusion: It worked fine and we were able to access the SharePoint files without any issues. But Another issue is, it is not at the folder level access. When we add the permission on the app we add it for all site (i.e. Sites.All) there is no option for setting it on folder level. That means all the folders are accessible with the clientID and clientSecret.

So I want to ask is there any way we can implement folder-level authentication In share point?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,966 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 36,821 Reputation points Microsoft Vendor
    2024-05-14T02:32:39.4533333+00:00

    Hi @Avinash Pathak,

    For Azure AD App-Only for SharePoint, you could get the access token like this:

    Grant Type :         Authorization Code   
    Callback Url :       this should be the AAD App redirect Url   
    Auth URL :           https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2F<tenant_name>.sharepoint.com    
    Access Token URL :   https://login.microsoftonline.com/common/oauth2/token    
    Client ID :          <client_ID>    
    Client Secret :      <Client-secret>
    
    
    

    88489-image.png

    When you click Get Access Token, it would request you to sign in. After signing in, you would access it successfully.

    Reference: https://www.ludovicmedard.com/use-postman-and-azure-ad-to-send-rest-request-to-sharepoint-online/

    For SharePoint app only. The XML should be like following

    <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
    </AppPermissionRequests>
    

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.