Forum Discussion
PnP Sample Core.CloudService problem
I'm trying to follow the instructions on https://github.com/OfficeDev/PnP/tree/master/Samples/Core.CloudServices in order to set up a web service than can talk to an Office 365 tenant. I'm trying...
VesaJuvonen
Microsoft
MicrosoftYou can for example follow the guidance from PnP Partner Pack (starter kit for partners) at https://github.com/OfficeDev/PnP-Partner-Pack/blob/master/Documentation/Manual-Setup-Guide.md for enabling app-only with Azure. You'll need to do few steps, but the PnP Partner Pack documentation is great step-by-step process on doing required steps.
Vesa,
Thank you. I followed the Partner Pack instructions at https://github.com/OfficeDev/PnP-Partner-Pack/blob/master/Documentation/Manual-Setup-Guide.md. There were a few things I ran into:
- The documentation uses screen shots and instructions for the old azure portal. I had to use manage.windowsazure.com to upload the certificate and set the app setting. I couldn't figure out where to do that in portal.azure.com. It would be great if the docs could be updated to reflect using the current Azure Portal.
- When I needed to add the Key Credentials to the manifest json file, I got an error, as described here: https://social.msdn.microsoft.com/Forums/azure/en-US/7c8bc608-7e9e-4075-9a18-1982ad4679c4/unable-to-upload-application-manifest-file?forum=WindowsAzureAD#8fa9e6cb-84c6-454a-9f4f-d825738e0a1f . As you can see, my fix was to upload a version of the manifest where I had the keyCredentials cleared out, then upload one where it was set.
- Also, the instructions in the Partner Pack contain the sentence:"There, you will have to configure a setting called WEBSITE_LOAD_CERTIFICATES with a value of ***. " Given the associated picture, I believe the sentence should end with quote-star-quote ("*") instead of star-star-star (***).
Hope that helps other people.
Now I still have to write the code that gets the token and uses it to talks to the O365 APIs that I am interested in.
VesaJuvonen wrote:You can for example follow the guidance from PnP Partner Pack (starter kit for partners) at https://github.com/OfficeDev/PnP-Partner-Pack/blob/master/Documentation/Manual-Setup-Guide.md for enabling app-only with Azure. You'll need to do few steps, but the PnP Partner Pack documentation is great step-by-step process on doing required steps.
- BertJansen
Hi Michael,
If your main interest is understanding how to authenticate using "app-only" with Azure AD then I would recommend checking this web cast: https://channel9.msdn.com/blogs/OfficeDevPnP/PnP-Web-Cast-Introduction-to-Authentication-Manager-in-PnP-Core-Library.
The PnP core library has classes that make it easy to do what you want.
I've got another question about using App-only authentication with Azure AD. Using GetAzureADAppOnlyAuthenticatedContext() is great for getting a ClientContext, but a ClientContext only helps me with using SharePoint CSOM. In the particular web service I am writing, it recieves the messageID of an email that is in Exchange Online. I want to get the subject and attachment from that email message (and then store it in SharePoint). I believe I can get the email details and content using the Graph REST API, but I need to send a bearer token in the Authorization header in the HTTP request when I do that. Can the AuthenticationManager help me with that? If not, what's the right way to get that? Is lines 43-48 of https://github.com/richdizz/MyO365BackgroundProcess/blob/master/MyO365BackgroundProcess/Program.cs a good example to follow?
Thanks,
Michael
- BertJansen
Hi Michael,
Once you've a clientcontext object you can always grab the bearer token using the ExecutingWebRequest handler on the ClientContext object
private void Cc_ExecutingWebRequest(object sender, WebRequestEventArgs e) { // Capture the OAuth access token since we want to reuse that one in our REST requests this.accessToken = e.WebRequestExecutor.RequestHeaders.Get("Authorization").Replace("Bearer ", ""); }
Bert,
Thank you! That video helped a lot. After watching that, I figured out that once I added the SharePointPnPCoreOnline nuget package to my web service, I could use AuthenticationManager.GetAzureADAppOnlyAuthenticatedContext(...) to get a ClientContext.
A question about that method. I uploaded the certificate to the web service by adding it to the SSL section of its configuration web page in Azure (in the new portal). To reference that certificate, since I don't know what the file path is, I can reference it from the certificate store, right? So my call looks like GetAzureADAppOnlyAuthenticatedContext(
urlToTeamSite, ClientID,
"mytenant.onmicrosoft.com", StoreName.My, StoreLocation.LocalMachine, PfxThumb);. Is the Certificate store name and location the correct enum values?Also, is the siteURL, the URL of a specific team site, or the site collection's root site? In other words, is it https://tenant.sharepoint.com/sites/sitecollectionrootsite, or can it be https://tenant.sharepoint.com/sites/sitecollectionrootsite/subsiteX/subsiteY?
Thanks,
Michael
- BertJansen
Hi Michael,
You create a clientcontext for the site you need, if that's a sub site you want to work against then you should create the clientcontext using the sub site url.
Regarding the certificate: it's up your implementation to handle this, storing it in the local machine certificate store is definitely a valid option.
