Authenticate SharePoint Using PnP Authentication Manager

Authentication Manager is one of the key capabilities from PnP core component and it provides the methods to authenticate different SharePoint environments (SharePoint Online, SharePoint 2013, SharePoint 2016) irrespective of any authentication methods configured to the SharePoint sites.

The methods used for authentication are available under OfficeDevPnP.Core.AuthenticationManager class from OfficeDevPnP.Core assembly. I have listed those methods based on the environment type.

SharePoint Online

  • GetSharePointOnlineAuthenticatedContextTenant

    Returns ClientContext object to be used by CSOM code:
    1. GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, string tenantUserPassword)  
    2.   
    3. GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, SecureString tenantUserPassword),  
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    tenantUser User to be used to instantiate the ClientContext object
    tenantUserPassword Password (SecureString) of the user used to instantiate the ClientContext object

  • The below example code returns the ClientContext object from SharePoint Online site using explicit credentials,
    1. //SharePoint Online - Credentials  
    2. string siteUrl = "https://mycompany.sharepoint.com";  
    3. string userName = "[email protected]";  
    4. SecureString password = GetSecureString("password");  
    5. AuthenticationManager authManager = new AuthenticationManager();  
    6. ClientContext context = authManager.GetSharePointOnlineAuthenticatedContextTenant(siteUrl,userName, password);  
  • GetAppOnlyAuthenticatedContext

    Returns an app only ClientContext object,
    1. GetAppOnlyAuthenticatedContext(string siteUrl, string appId, string appSecret)  
    2.   
    3. GetAppOnlyAuthenticatedContext(string siteUrl, string realm, string appId, string appSecret, string acsHostUrl = "accesscontrol.windows.net"string globalEndPointPrefix = "accounts")  
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    appId Application ID which is requesting the ClientContext object
    appSecret Application secret of the Application which is requesting the ClientContext object
    realm Realm of the environment (tenant) that requests the ClientContext object
    appSecret Application secret of the Application which is requesting the ClientContext object
    acsHostUrl Azure ACS host, defaults to accesscontrol.windows.net but internal pre-production environments use other hosts
    globalEndPointPrefix Azure ACS endpoint prefix, defaults to accounts but internal pre-production environments use other prefixes

    The below example returns the ClientContext object from SharePoint Online site by authenticating from Office 365 site. Authenticating happens by based on given App secret information.

    1. //SharePoint Online - App Only  
    2. string siteUrl = "https://mycompany.sharepoint.com";  
    3. string acsAppId = "70DA500D-6000-48D4-AA1F-22793A5FE814";  
    4. string acsSupport = GetString("ACS App Secret");  
    5. AuthenticationManager authManager = new AuthenticationManager();  
    6. ClientContext context = authManager.GetAppOnlyAuthenticatedContext(siteUrl, acsAppId, acsSupport);   
  • GetAzureADNativeApplicationAuthenticatedContext

    Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication.
    1. GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, string redirectUrl, TokenCache tokenCache = null)  
    2.   
    3. GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, Uri redirectUri, TokenCache tokenCache = null)  
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    clientId The Azure AD Native Application Client ID
    redirectUri The Azure AD Native Application Redirect Uri
    tokenCache Optional token cache. If not specified an in-memory token cache will be used. Microsoft.IdentityModel.Clients.ActiveDirectory should be added as assembly reference for TokenCache parameter

    The below example code returns the ClientContext object by authenticating the user from Azure AD. Authenticating happens by redirecting the user to Azure AD Logon page.

    1. //SharePoint Online - Interactive via Azure AD  
    2. string siteUrl = "https://mycompany.sharepoint.com";  
    3. string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";   
    4. AuthenticationManager authManager = new AuthenticationManager();  
    5. ClientContext context = authManager.GetAzureADNativeApplicationAuthenticatedContext(siteUrl, aadAppId, "<redirect url>");   
  • GetAzureADAppOnlyAuthenticatedContext

    Returns a SharePoint ClientContext using Azure Active Directory App Only Authentication. This requires that you have a certificated created, and updated the key credentials key in the application manifest in the Azure AD accordingly.
    1. GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, StoreName storeName, StoreLocation storeLocation, string thumbPrint)  
    2.   
    3. GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, string certificatePath, string certificatePassword)  
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    clientId The Azure AD Application Client ID
    Tenant The Azure AD Tenant, e.g. mycompany.onmicrosoft.com
    storeName The name of the store for the certificate
    storeLocation The location of the store for the certificate
    thumbprint The thumbprint of the certificate to locate in the store
    certificatePath The path to the certificate (*.pfx) file on the file system
    certificatePassword Password to the certificate

    The below example code returns the ClientContext object by authenticating the user based on provided APP’s certification information.

    1. //SharePoint Online - App Only via Azure AD  
    2. string siteUrl = "https://mycompany.sharepoint.com";  
    3. string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";  
    4. string pfxPassword = GetString("Get PFX file password");  
    5. AuthenticationManager authManager = new AuthenticationManager();  
    6. ClientContext context = authManager.GetAzureADAppOnlyAuthenticatedContext(siteUrl, aadAppId, "mycompany.onmicrosoft.com", @"<certificate Path>", pfxPassword);   
  • GetAzureADAccessTokenAuthenticatedContext

    Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires you have an Azure AD Web Application registered. The user will not be prompted for authentication, the current user's authentication context will be used by leveraging an explicit OAuth 2.0 Access Token value.
    1. GetAzureADAccessTokenAuthenticatedContext(String siteUrl, String accessToken)  
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    accessToken An explicit value for the AccessToken

    The below example returns the ClientContext object from SharePoint online site based on provided access token information.

    1. //SharePoint Online - AccesToken from Azure AD  
    2. string siteUrl = "https://mycompany.sharepoint.com";  
    3. string accessToken = "<Access Token>";   
    4. AuthenticationManager authManager = new AuthenticationManager();  
    5. ClientContext context = authManager.GetAzureADAccessTokenAuthenticatedContext(siteUrl, accessToken);   
  • GetAzureADWebApplicationAuthenticatedContext

    Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Web Application registered. The user will not be prompted for authentication, the current user's authentication context will be used by leveraging ADAL.
    1. GetAzureADWebApplicationAuthenticatedContext(String siteUrl, Func<String, String> accessTokenGetter)  
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    accessToken The AccessToken getter method to use

    The below example returns the ClientContext object from SharePoint online site based on generated access token information.

    1. //SharePoint Online - Generated AccesToken from Azure AD  
    2. string siteUrl = "https://mycompany.sharepoint.com";   
    3. AuthenticationManager authManager = new AuthenticationManager();  
    4. ClientContext context = authManager.GetAzureADWebApplicationAuthenticatedContext(siteUrl, accessTokenGenerator());   

SharePoint On-Premises

  • GetADFSUserNameMixedAuthenticatedContext

    Returns a SharePoint on-premises ClientContext for sites secured via ADFS,
    1. GetADFSUserNameMixedAuthenticatedContext(string siteUrl, string user, string password, string domain, string sts, string idpId, int logonTokenCacheExpirationWindow = 10)  
    Parameters Description
    siteUrl Url of the SharePoint site that's secured via ADFS
    user Name of the user (e.g. administrator)
    password Password of the user
    domain Windows domain of the user

    The below example returns the ClientContext object from SharePoint on-premises site based on provided credential information.

    1. //SharePoint On-Premises - ADFS  
    2. string siteUrl = "https://mycompany.com";  
    3. string userName = "UserName";  
    4. string password = GetSecureString("password");  
    5. string domain = "Domain";  
    6. AuthenticationManager authManager = new AuthenticationManager();  
    7. ClientContext context = authManager.GetADFSUserNameMixedAuthenticatedContext(siteUrl, userName, password, "<sts>""<IDPID>""10");   

SharePoint Online & On-Premises

  • GetWebLoginClientContext

    Returns a SharePoint on-premises/ SharePoint Online ClientContext object. Requires claims based authentication with FedAuth cookie.
    1. GetWebLoginClientContext(string siteUrl)  
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated

    The below example returns the ClientContext object from SharePoint online site by interacting with user for logon information.

    1. //SharePoint Online - Interactive  
    2. string siteUrl = "https://mycompany.sharepoint.com";  
    3. AuthenticationManager authManager = new AuthenticationManager();  
    4. ClientContext context = authManager.GetWebLoginClientContext(siteUrl);   
  • GetNetworkCredentialAuthenticatedContext

    Returns a SharePoint on-premises/ SharePoint Online Dedicated ClientContext object.

    GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, SecureString password, string domain)
    1. GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, string password, string domain)  
    Parameters Description
    siteUrl Site for which the ClientContext object will be instantiated
    user User to be used to instantiate the ClientContext object
    password Password (SecureString) of the user used to instantiate the ClientContext object
    domain Domain of the user used to instantiate the ClientContext object

    The below example returns the ClientContext object SharePoint On-premises site based on the provided credential information.

    1. //SharePoint On-Premises - Credentials  
    2. string siteUrl = "https://mycompany.com";  
    3. string userName = "UserName";  
    4. SecureString password = GetSecureString("password");  
    5. string domain = "Domain";  
    6. AuthenticationManager authManager = new AuthenticationManager();  
    7. ClientContext context = authManager.GetNetworkCredentialAuthenticatedContext(siteUrl, userName, password, domain);