Forum Discussion
Aug 24, 2016
PnP Sample Core.CloudService problem
I'm trying to follow the instructions on https://github.com/OfficeDev/PnP/tree/master/Samples/Core.CloudServices in order to set up a web service than can talk to an Office 365 tenant. I'm trying...
BertJansen
Microsoft
Sep 02, 2016Hi Michael,
If your main interest is understanding how to authenticate using "app-only" with Azure AD then I would recommend checking this web cast: https://channel9.msdn.com/blogs/OfficeDevPnP/PnP-Web-Cast-Introduction-to-Authentication-Manager-in-PnP-Core-Library.
The PnP core library has classes that make it easy to do what you want.
Sep 03, 2016
Bert,
Thank you! That video helped a lot. After watching that, I figured out that once I added the SharePointPnPCoreOnline nuget package to my web service, I could use AuthenticationManager.GetAzureADAppOnlyAuthenticatedContext(...) to get a ClientContext.
A question about that method. I uploaded the certificate to the web service by adding it to the SSL section of its configuration web page in Azure (in the new portal). To reference that certificate, since I don't know what the file path is, I can reference it from the certificate store, right? So my call looks like GetAzureADAppOnlyAuthenticatedContext(
urlToTeamSite, ClientID,
"mytenant.onmicrosoft.com", StoreName.My, StoreLocation.LocalMachine, PfxThumb);. Is the Certificate store name and location the correct enum values?
Also, is the siteURL, the URL of a specific team site, or the site collection's root site? In other words, is it https://tenant.sharepoint.com/sites/sitecollectionrootsite, or can it be https://tenant.sharepoint.com/sites/sitecollectionrootsite/subsiteX/subsiteY?
Thanks,
Michael
- BertJansenSep 05, 2016
Microsoft
Hi Michael,
You create a clientcontext for the site you need, if that's a sub site you want to work against then you should create the clientcontext using the sub site url.
Regarding the certificate: it's up your implementation to handle this, storing it in the local machine certificate store is definitely a valid option.
- Sep 06, 2016
Here's my code to create the ClientContext:
ClientContext cc = AM.GetAzureADAppOnlyAuthenticatedContext( "http://psclistens1.sharepoint.com/sites/something/n2s/MailTest", ClientID, "psclistens1.onmicrosoft.com", StoreName.My, StoreLocation.LocalMachine, PfxThumb);
When it runs, I get the error:
"Could not load type 'Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate' from assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory, Version=3.13.4.878, Culture=neutral, PublicKeyToken=31bf3856ad364e35'."
Any suggestions on troubleshooting this? I know my team site url is correct. The Client ID matches what is registered in AAD. Should the tenant ID be something.onmicrosoft.com or something.sharepoint.com or a GUID? The thumbprint matches what is listed under SSL in the App Service in Azure.
Thanks,
Michael
- Sep 06, 2016
Correction to my source code above - the site URL should start with HTTPS.
Realizing that I am running this locally initially, I did try the the other method signature:
ClientContext cc = AM.GetAzureADAppOnlyAuthenticatedContext(spWebUrl, ClientID, O365Tenant, @"C:\Users\mblumenthal\patha\pathb\etc...\Certificate\PSCGroupLLC.pfx", certPassword);
I get the same error.