ADAL deprecation and SharePoint Online

Ted Wagner 1 Reputation point
2021-06-29T21:02:12.57+00:00

I am seeing posts about ADAL being deprecated, but nothing on migrating SharePoint Client Object Model / SharePoint REST APIs / or JSOM to support to support MSAL tokens.

There are several items Graph does not support and we need to continue to use these tools. Is there any information on using the CSOM with an MSAL token?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,566 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,396 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. MichaelHan-MSFT 18,016 Reputation points
    2021-06-30T07:26:41.89+00:00

    Hi @Ted Wagner ,

    Below is my sample for you to get the MSAL access token

        private static async Task<string> GetToken()  
        {  
            string applicationId = "client-id";  
            string tenantId = "tenant.onmicrosoft.com";  
            X509Certificate2 certificate = new X509Certificate2(@"C:\cer.pfx", "password");  
    
            IConfidentialClientApplication confApp = ConfidentialClientApplicationBuilder.Create(applicationId)  
            .WithAuthority($"https://login.microsoftonline.com/{tenantId}")  
            .WithCertificate(certificate)   
            .Build();  
    
            var scopes = new[] { "https://tenant.sharepoint.com/.default" };  
            var authenticationResult = await confApp.AcquireTokenForClient(scopes).ExecuteAsync();  
            return authenticationResult.AccessToken;  
        }  
        static async Task Main(string[] args)  
        {  
    
    
            string site = "https://tenant.sharepoint.com/sites/test";  
            string token = await GetToken();  
            Console.WriteLine(token);  
    
            ClientContext ctx = new ClientContext(site);  
            ctx.ExecutingWebRequest += (s, e) =>  
            {  
                e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + token;  
            };  
            Web web = ctx.Web;  
            ctx.Load(web);  
            ctx.ExecuteQuery();  
            Console.WriteLine(web.Title);  
    
        }  
    

    Here is a nice blog to use CSOM with an MSAL toke for your reference: https://www.vrdmn.com/2020/06/using-net-standard-csom-and-msalnet-for.html

    And I would suggest use PnP Framework library directly for SharePoint CSOM. This is much easier. For example, you just need to get the clientcontext like below.

    var context = new PnP.Framework.AuthenticationManager(clientId, certificatePath, password, "tenant.onmicrosoft.com").GetContext(site);  
    

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. MichaelHan-MSFT 18,016 Reputation points
    2021-07-01T07:23:42.033+00:00

    Hi @Ted Wagner ,

    If you want to use username and password for authentication, the AuthenticationManager class in PnP Framework library also supports it. Below is my sample for you:

            String name = "michael@tenant.onmicrosoft.com";  
            String password = "xxxx";  
            SecureString securePassword = new SecureString();  
            foreach (char c in password.ToCharArray())  
            {  
                securePassword.AppendChar(c);  
            }  
    
            string site = "https://tenant.sharepoint.com/sites/test";  
            var authenticationManager = new AuthenticationManager(name, securePassword);  
            var ctx = authenticationManager.GetContext(site);  
            Web web = ctx.Web;  
            ctx.Load(web);  
            ctx.ExecuteQuery();