Connect To SSL Enabled SharePoint Environment Using CSOM

In this blog, I will demonstrate how to connect to SSL enabled SharePoint on-premise environment using CSOM.

Introduction

When we want to connect to SharePoint using client context, first, we need to import our SharePoint site certificate in our code to be able to connect to the SharePoint site. And, if we try to connect to the SharePoint site without a certificate, it will throw a 401 Unauthorized error.

Import and Export SharePoint Site Certificate

To download the SharePoint site certificate, please follow the below steps.

  • Open the site in IE browser and click on the lock icon which is next to the address bar.
  • Click on View Certificates - > Install Certificate.
  • Open Certificate Import Wizard - > Next.
  • Select "Certificate Store" option as “Place all certificates in the following folder” -> Browse the path and select Personal -> Finish. This will import the certificate.
  • Open and Run command prompt -> Type “MMC”.
  • Go to File -> Add/Remove Snap in -> Add “Certificates”.
  • Expand Personal>Certificate folder.
  • Right-click on the certificate that we imported in the previous step.
  • Select All Tasks > Export > Give the certificate a name and save it to the local folder.

Create a clientcontext using certificate (C#)

 
Copy/paste the below three methods in your code and also add a reference to client DLLs.

Main Method

  1. static void Main(string[] args) {  
  2.     var ctx = new ClientContext("https://SharePointSiteUrl");  
  3.     ServicePointManager.ServerCertificateValidationCallback = delegate(object sender1, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) {  
  4.         bool validationResult = true;  
  5.         return validationResult;  
  6.     };  
  7.     ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;  
  8.     ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(customXertificateValidation);  
  9.     ctx.ExecutingWebRequest += new EventHandler < WebRequestEventArgs > (context_ExecutingWebRequest);  
  10.     ctx.Credentials = CredentialCache.DefaultNetworkCredentials;  
  11. }   
context_ExecutingWebRequest Method
  1. public static void context_ExecutingWebRequest(object sender, WebRequestEventArgs e)   
  2. {  
  3.     HttpWebRequest webReq = e.WebRequestExecutor.WebRequest;  
  4.     //webReq.Proxy = new WebProxy("http://[ProxyAddress]"); //Specify a proxy address if you need to    
  5.     X509Certificate cert = X509Certificate.CreateFromCertFile(@ "C:\folderpath\CertificateName.cer"); //Replace the certificate path to where you have exported the certificate.    
  6.     webReq.ClientCertificates.Add(cert);  
  7. }  

customXertificateValidation Method

  1. private static bool customXertificateValidation(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error) {  
  2.     return true;  
  3. }  

In the above code, pass your SharePoint site URL in the clientcontext object inside the main function. In context_ExecutingWebRequest method, provide the SSL certificate path where you have exported the certificate in the previous step.

Create clientcontext using certificate (powershell)

  1. $siteUrl = ”SiteUrl”  
  2. $context = New - Object Microsoft.SharePoint.Client.ClientContext($siteUrl);  
  3. [Net.ServicePointManager]::SecurityProtocol = "Ssl3""Tls""Tls11""Tls12";  
  4. [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {  
  5.     $true  
  6. };  
  7. $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::CreateFromCertFile("c:\folderpath\certificatename.cer")  
  8. $web = [System.Net.WebRequest]::Create($siteUrl)  
  9. $web.ClientCertificates.Add($Cert)  
  10. $credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials  
  11. $context.Credentials = $credentials  

In the above script, pass your siteurl to $siteUrl object and provide exported certificate path to $cert object.