Authentication Manager is one of the key capabilities from PnP core component and it provides the methods to authenticate different SharePoint environments (SharePoint Online, SharePoint 2013, SharePoint 2016) irrespective of any authentication methods configured to the SharePoint sites.
The methods used for authentication are available under OfficeDevPnP.Core.AuthenticationManager class from OfficeDevPnP.Core assembly. I have listed those methods based on the environment type.
SharePoint Online
- GetSharePointOnlineAuthenticatedContextTenant
Returns ClientContext object to be used by CSOM code:
- GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, string tenantUserPassword)
-
- GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, SecureString tenantUserPassword),
Parameters |
Description |
siteUrl |
Site for which the ClientContext object will be instantiated |
tenantUser |
User to be used to instantiate the ClientContext object |
tenantUserPassword |
Password (SecureString) of the user used to instantiate the ClientContext object |
- The below example code returns the ClientContext object from SharePoint Online site using explicit credentials,
-
- string siteUrl = "https://mycompany.sharepoint.com";
- string userName = "[email protected]";
- SecureString password = GetSecureString("password");
- AuthenticationManager authManager = new AuthenticationManager();
- ClientContext context = authManager.GetSharePointOnlineAuthenticatedContextTenant(siteUrl,userName, password);
- GetAppOnlyAuthenticatedContext
Returns an app only ClientContext object,
- GetAppOnlyAuthenticatedContext(string siteUrl, string appId, string appSecret)
-
- GetAppOnlyAuthenticatedContext(string siteUrl, string realm, string appId, string appSecret, string acsHostUrl = "accesscontrol.windows.net", string globalEndPointPrefix = "accounts")
Parameters |
Description |
siteUrl |
Site for which the ClientContext object will be instantiated |
appId |
Application ID which is requesting the ClientContext object |
appSecret |
Application secret of the Application which is requesting the ClientContext object |
realm |
Realm of the environment (tenant) that requests the ClientContext object |
appSecret |
Application secret of the Application which is requesting the ClientContext object |
acsHostUrl |
Azure ACS host, defaults to accesscontrol.windows.net but internal pre-production environments use other hosts |
globalEndPointPrefix |
Azure ACS endpoint prefix, defaults to accounts but internal pre-production environments use other prefixes |
The below example returns the ClientContext object from SharePoint Online site by authenticating from Office 365 site. Authenticating happens by based on given App secret information.
-
- string siteUrl = "https://mycompany.sharepoint.com";
- string acsAppId = "70DA500D-6000-48D4-AA1F-22793A5FE814";
- string acsSupport = GetString("ACS App Secret");
- AuthenticationManager authManager = new AuthenticationManager();
- ClientContext context = authManager.GetAppOnlyAuthenticatedContext(siteUrl, acsAppId, acsSupport);
- GetAzureADNativeApplicationAuthenticatedContext
Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication.
- GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, string redirectUrl, TokenCache tokenCache = null)
-
- GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, Uri redirectUri, TokenCache tokenCache = null)
Parameters |
Description |
siteUrl |
Site for which the ClientContext object will be instantiated |
clientId |
The Azure AD Native Application Client ID |
redirectUri |
The Azure AD Native Application Redirect Uri |
tokenCache |
Optional token cache. If not specified an in-memory token cache will be used. Microsoft.IdentityModel.Clients.ActiveDirectory should be added as assembly reference for TokenCache parameter |
The below example code returns the ClientContext object by authenticating the user from Azure AD. Authenticating happens by redirecting the user to Azure AD Logon page.
-
- string siteUrl = "https://mycompany.sharepoint.com";
- string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";
- AuthenticationManager authManager = new AuthenticationManager();
- ClientContext context = authManager.GetAzureADNativeApplicationAuthenticatedContext(siteUrl, aadAppId, "<redirect url>");
- GetAzureADAppOnlyAuthenticatedContext
Returns a SharePoint ClientContext using Azure Active Directory App Only Authentication. This requires that you have a certificated created, and updated the key credentials key in the application manifest in the Azure AD accordingly.
- GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, StoreName storeName, StoreLocation storeLocation, string thumbPrint)
-
- GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, string certificatePath, string certificatePassword)
Parameters |
Description |
siteUrl |
Site for which the ClientContext object will be instantiated |
clientId |
The Azure AD Application Client ID |
Tenant |
The Azure AD Tenant, e.g. mycompany.onmicrosoft.com |
storeName |
The name of the store for the certificate |
storeLocation |
The location of the store for the certificate |
thumbprint |
The thumbprint of the certificate to locate in the store |
certificatePath |
The path to the certificate (*.pfx) file on the file system |
certificatePassword |
Password to the certificate |
The below example code returns the ClientContext object by authenticating the user based on provided APP’s certification information.
-
- string siteUrl = "https://mycompany.sharepoint.com";
- string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";
- string pfxPassword = GetString("Get PFX file password");
- AuthenticationManager authManager = new AuthenticationManager();
- ClientContext context = authManager.GetAzureADAppOnlyAuthenticatedContext(siteUrl, aadAppId, "mycompany.onmicrosoft.com", @"<certificate Path>", pfxPassword);
- GetAzureADAccessTokenAuthenticatedContext
Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires you have an Azure AD Web Application registered. The user will not be prompted for authentication, the current user's authentication context will be used by leveraging an explicit OAuth 2.0 Access Token value.
- GetAzureADAccessTokenAuthenticatedContext(String siteUrl, String accessToken)
Parameters |
Description |
siteUrl |
Site for which the ClientContext object will be instantiated |
accessToken |
An explicit value for the AccessToken |
The below example returns the ClientContext object from SharePoint online site based on provided access token information.
-
- string siteUrl = "https://mycompany.sharepoint.com";
- string accessToken = "<Access Token>";
- AuthenticationManager authManager = new AuthenticationManager();
- ClientContext context = authManager.GetAzureADAccessTokenAuthenticatedContext(siteUrl, accessToken);
- GetAzureADWebApplicationAuthenticatedContext
Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Web Application registered. The user will not be prompted for authentication, the current user's authentication context will be used by leveraging ADAL.
- GetAzureADWebApplicationAuthenticatedContext(String siteUrl, Func<String, String> accessTokenGetter)
Parameters |
Description |
siteUrl |
Site for which the ClientContext object will be instantiated |
accessToken |
The AccessToken getter method to use |
The below example returns the ClientContext object from SharePoint online site based on generated access token information.
-
- string siteUrl = "https://mycompany.sharepoint.com";
- AuthenticationManager authManager = new AuthenticationManager();
- ClientContext context = authManager.GetAzureADWebApplicationAuthenticatedContext(siteUrl, accessTokenGenerator());
SharePoint On-Premises
SharePoint Online & On-Premises
- GetWebLoginClientContext
Returns a SharePoint on-premises/ SharePoint Online ClientContext object. Requires claims based authentication with FedAuth cookie.
- GetWebLoginClientContext(string siteUrl)
Parameters |
Description |
siteUrl |
Site for which the ClientContext object will be instantiated |
The below example returns the ClientContext object from SharePoint online site by interacting with user for logon information.
-
- string siteUrl = "https://mycompany.sharepoint.com";
- AuthenticationManager authManager = new AuthenticationManager();
- ClientContext context = authManager.GetWebLoginClientContext(siteUrl);
- GetNetworkCredentialAuthenticatedContext
Returns a SharePoint on-premises/ SharePoint Online Dedicated ClientContext object.
GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, SecureString password, string domain)
- GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, string password, string domain)
Parameters |
Description |
siteUrl |
Site for which the ClientContext object will be instantiated |
user |
User to be used to instantiate the ClientContext object |
password |
Password (SecureString) of the user used to instantiate the ClientContext object |
domain |
Domain of the user used to instantiate the ClientContext object |
The below example returns the ClientContext object SharePoint On-premises site based on the provided credential information.
-
- string siteUrl = "https://mycompany.com";
- string userName = "UserName";
- SecureString password = GetSecureString("password");
- string domain = "Domain";
- AuthenticationManager authManager = new AuthenticationManager();
- ClientContext context = authManager.GetNetworkCredentialAuthenticatedContext(siteUrl, userName, password, domain);