Authenticate to SharePoint Online wit integrated security

Question

Hi all

I have written some code that will run as a service under a specific service account.

The code must access SharePoint Online and retrieve values from a list.

I can get it to work using credentials like this:
context.Credentials = new Microsoft.SharePoint.Client.SharePointOnlineCredentials(userName, securePassword);

and I can get it to work using clientID/secret like this:
var clientContext = new OfficeDevPnP.Core.AuthenticationManager().GetAppOnlyAuthenticatedContext(urlProd, clientId, clientSecret)

But I am not really happy with that, because both solutions require me to either hard code username/password or clientID/secret - or to have them in some configuration file and read them at runtime.

I would much rather be able to simply access SharePoint using integrated security and ust use the account under which the code is running. Is this at all possible?

Thanks.

Answer 1

Since SPO is using OAuth and not WIA, no.

However, you should be securing your secrets with something like Azure KeyVault. Publish your application (i.e. using Azure Automation or an Azure App Service). The Automation/App Service uses a Managed Identity to retrieve secrets from the KeyVault. This way you're not hardcoding anything but the KeyVault URL.

Answer 2

No, SharePoint Online authenticate users this way through your own Identity Provider (IdP) or the default Azure Active Directory (Azure AD) IdP.
Documents for your reference:
SharePoint authentication
Authentication options for custom application when accessing data from O365

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.