Forum Discussion
PnP Sample Core.CloudService problem
MicrosoftYou can for example follow the guidance from PnP Partner Pack (starter kit for partners) at https://github.com/OfficeDev/PnP-Partner-Pack/blob/master/Documentation/Manual-Setup-Guide.md for enabling app-only with Azure. You'll need to do few steps, but the PnP Partner Pack documentation is great step-by-step process on doing required steps.
Vesa,
Thank you. I followed the Partner Pack instructions at https://github.com/OfficeDev/PnP-Partner-Pack/blob/master/Documentation/Manual-Setup-Guide.md. There were a few things I ran into:
- The documentation uses screen shots and instructions for the old azure portal. I had to use manage.windowsazure.com to upload the certificate and set the app setting. I couldn't figure out where to do that in portal.azure.com. It would be great if the docs could be updated to reflect using the current Azure Portal.
- When I needed to add the Key Credentials to the manifest json file, I got an error, as described here: https://social.msdn.microsoft.com/Forums/azure/en-US/7c8bc608-7e9e-4075-9a18-1982ad4679c4/unable-to-upload-application-manifest-file?forum=WindowsAzureAD#8fa9e6cb-84c6-454a-9f4f-d825738e0a1f . As you can see, my fix was to upload a version of the manifest where I had the keyCredentials cleared out, then upload one where it was set.
- Also, the instructions in the Partner Pack contain the sentence:"There, you will have to configure a setting called WEBSITE_LOAD_CERTIFICATES with a value of ***. " Given the associated picture, I believe the sentence should end with quote-star-quote ("*") instead of star-star-star (***).
Hope that helps other people.
Now I still have to write the code that gets the token and uses it to talks to the O365 APIs that I am interested in.
VesaJuvonen wrote:You can for example follow the guidance from PnP Partner Pack (starter kit for partners) at https://github.com/OfficeDev/PnP-Partner-Pack/blob/master/Documentation/Manual-Setup-Guide.md for enabling app-only with Azure. You'll need to do few steps, but the PnP Partner Pack documentation is great step-by-step process on doing required steps.
- BertJansen
Hi Michael,
If your main interest is understanding how to authenticate using "app-only" with Azure AD then I would recommend checking this web cast: https://channel9.msdn.com/blogs/OfficeDevPnP/PnP-Web-Cast-Introduction-to-Authentication-Manager-in-PnP-Core-Library.
The PnP core library has classes that make it easy to do what you want.
I've got another question about using App-only authentication with Azure AD. Using GetAzureADAppOnlyAuthenticatedContext() is great for getting a ClientContext, but a ClientContext only helps me with using SharePoint CSOM. In the particular web service I am writing, it recieves the messageID of an email that is in Exchange Online. I want to get the subject and attachment from that email message (and then store it in SharePoint). I believe I can get the email details and content using the Graph REST API, but I need to send a bearer token in the Authorization header in the HTTP request when I do that. Can the AuthenticationManager help me with that? If not, what's the right way to get that? Is lines 43-48 of https://github.com/richdizz/MyO365BackgroundProcess/blob/master/MyO365BackgroundProcess/Program.cs a good example to follow?
Thanks,
Michael
- BertJansen
Hi Michael,
Once you've a clientcontext object you can always grab the bearer token using the ExecutingWebRequest handler on the ClientContext object
private void Cc_ExecutingWebRequest(object sender, WebRequestEventArgs e) { // Capture the OAuth access token since we want to reuse that one in our REST requests this.accessToken = e.WebRequestExecutor.RequestHeaders.Get("Authorization").Replace("Bearer ", ""); }
Bert,
Thank you! That video helped a lot. After watching that, I figured out that once I added the SharePointPnPCoreOnline nuget package to my web service, I could use AuthenticationManager.GetAzureADAppOnlyAuthenticatedContext(...) to get a ClientContext.
A question about that method. I uploaded the certificate to the web service by adding it to the SSL section of its configuration web page in Azure (in the new portal). To reference that certificate, since I don't know what the file path is, I can reference it from the certificate store, right? So my call looks like GetAzureADAppOnlyAuthenticatedContext(
urlToTeamSite, ClientID,
"mytenant.onmicrosoft.com", StoreName.My, StoreLocation.LocalMachine, PfxThumb);. Is the Certificate store name and location the correct enum values?Also, is the siteURL, the URL of a specific team site, or the site collection's root site? In other words, is it https://tenant.sharepoint.com/sites/sitecollectionrootsite, or can it be https://tenant.sharepoint.com/sites/sitecollectionrootsite/subsiteX/subsiteY?
Thanks,
Michael
- BertJansen
Hi Michael,
You create a clientcontext for the site you need, if that's a sub site you want to work against then you should create the clientcontext using the sub site url.
Regarding the certificate: it's up your implementation to handle this, storing it in the local machine certificate store is definitely a valid option.
