Drawbacks and disadvantageous of setting "DisableCustomAppAuthentication to false" inside our tenant

john john 946 Reputation points
2022-05-26T22:10:45.707+00:00

We have a lot of .net console applications which runs inside on-premises servers, which connect to SharePoint online using ClientID & ClientSecret and perform some background tasks, as follow:-

static void Main(string[] args)
        {
         string siteUrl = "https://*****.sharepoint.com/sites/HR/";
         string clientId = "1***";
         string clientSecret = ""******";

         using (ClientContext context = new OfficeDevPnP.Core.AuthenticationManager().GetAppOnlyAuthenticatedContext(siteUrl, clientId, clientSecret))
             try { 
                   {
                    context.Load(context.Web);
                    context.Load(context.Site.RootWeb.ContentTypes);
                    context.ExecuteQuery();

Now this code will not work on any tenant unless we set DisableCustomAppAuthentication to false as follow:-

Set-SPOTenant -DisableCustomAppAuthentication $false

So what are the implication and security issues we will face in-case we set the CustomAppAuthentication to false?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,674 questions
SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,575 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,809 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RaytheonXie_MSFT 31,526 Reputation points Microsoft Vendor
    2022-05-27T02:58:16.727+00:00

    Hi @john john ,
    DisableCustomAppAuthentication prevents apps using an Azure Access Control (ACS) app-only access token to access SharePoint. ACS, a service of Azure Active Directory (Azure AD), has been retired on November 7, 2018. This retirement does not impact the SharePoint add-in model, which uses the https://accounts.accesscontrol.windows.net hostname (which is not impacted by this retirement). For new tenants, apps using an ACS app-only access token are disabled by default. We recommend using the Azure AD app-only model which is modern and more secure. By default this feature is set to true.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.