SharePointOnline.CSOM AAD App Registration - Delegated Permissions

Evan.Bonnett 21 Reputation points
2021-09-20T13:11:22.863+00:00

Hi all, I'm trying to use Microsoft.SharePointOnline.CSOM for .NET Standard. In reading the documentation here:
https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/using-csom-for-dotnet-standard#using-modern-authentication-with-csom-for-net-standard
I see that I need an app registration in AAD with delegated permissions. In the documentation, uses allsites.Manage as the permission to assign. There is no way that the platform group is going to assign my little app permissions to manage all sites within the organization. Is there another way? Certainly there must be a least-rights approach. Anything you can tell me to help me get the bearer token would be appreciated.

Thanks,

E

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
7,045 questions
0 comments
Accepted answer
  1. Michael 17,921 Reputation points
    2021-09-21T01:38:02.867+00:00

    Hi @Evan.Bonnett ,

    For delegated permissions, the effective permissions of your app are the intersection of the delegated permissions the app has been granted and the privileges of the currently signed-in user. Your app can never have more privileges than the signed-in user.

    Besides, AllSites.Manage permission doesn't require admin consent. So you could register an app as a normal user and give it allsite.manage permission. As the below:

    133775-image.png

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael 17,921 Reputation points
    2021-09-28T01:56:05.93+00:00

    @Evan.Bonnett ,

    Is there anything update? Have you solved this issue?