SOLVED

Authenticating to SharePoint Online site using CSOM

%3CLINGO-SUB%20id%3D%22lingo-sub-92251%22%20slang%3D%22en-US%22%3EAuthenticating%20to%20SharePoint%20Online%20site%20using%20CSOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92251%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20federated%20authentiation%20in%20our%20org%20and%20i%20am%20trying%20to%20connect%20to%20SharePoint%20site%20using%20CSOM%20with%20SharePoint%20Online%20credentials%20but%20getting%20an%20error.%20Here%20is%20the%20error%20message%3B%3C%2FP%3E%3CP%3EMicrosoft.SharePoint.Client.IdcrlException%3A%20The%20partner%20returned%20a%20bad%20sign-in%20name%20or%20password%20error.%20For%20more%20information%2C%20see%20Federation%20Error-handling%20Scenarios.%20Anyone%20know%20a%20solution%20to%20this%20problem.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-290596%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticating%20to%20SharePoint%20Online%20site%20using%20CSOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-290596%22%20slang%3D%22en-US%22%3E%3CP%3EHere%20same%20problem.%20Federation%20with%20MFA%2C%20with%20digital%20key.%20So%20no%20more%20UN%20and%20PWD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Elogin%20with%20pnp-online%20works%20because%20I%20can%20user%20-weblogin.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20for%20some%20parts%20of%20my%20scripting%20I%20need%20CSOM.%20And%20the%20login%20for%20CSOM%20is%20with%20UN%20and%20PWD%20and%20I%20can't%20find%20a%20way%20to%20login%20with%20weblogin.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20code%20I%20used%20for%20CSOM-login%20which%20doesn't%20work%20anymore.%3C%2FP%3E%3CP%3Efunction%20Connect-CSOM(%24siteURL)%3CBR%20%2F%3E%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Add-Type%20-Path%20%22.%5CMicrosoft.SharePoint.Client.dll%22%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Add-Type%20-Path%20%22.%5CMicrosoft.SharePoint.Client.Runtime.dll%22%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24adminAccount%20%3D%20%22*******************%22%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24adminPassword%20%3D%20ConvertTo-SecureString%20%22***********%22%20-AsPlainText%20-Force%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24cred%20%3D%20New-Object%20-TypeName%20System.Management.Automation.PSCredential%20-argumentlist%20%24adminAccount%2C%20%24adminPassword%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%23%24cred%3D%20Get-Credential%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24credentials%20%3D%20New-Object%20Microsoft.SharePoint.Client.SharePointOnlineCredentials(%24cred.Username%2C%20%24cred.Password)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24script%3AcontextWeb%20%3D%20New-Object%20Microsoft.SharePoint.Client.ClientContext(%24siteURL)%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%24script%3AcontextWeb.Credentials%20%3D%20%24credentials%3C%2FP%3E%3CP%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-150312%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticating%20to%20SharePoint%20Online%20site%20using%20CSOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-150312%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20a%20lot%2C%20it%20works%20well%20for%20us.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-98165%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticating%20to%20SharePoint%20Online%20site%20using%20CSOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98165%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Chris%20and%20Paul%2C%20i%20finally%20able%20to%20connect%20to%20SP%20Online%20site%20using%20OfficeDevPnP%20(%3C%2FP%3E%3CP%3EGetWebLoginClientContext)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-92979%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticating%20to%20SharePoint%20Online%20site%20using%20CSOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92979%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22lia-quilt-row%20lia-quilt-row-header%22%3E%3CDIV%20class%3D%22lia-quilt-column%20lia-quilt-column-12%20lia-quilt-column-left%20lia-quilt-column-header-left%22%3E%3CDIV%20class%3D%22lia-quilt-column-alley%20lia-quilt-column-alley-left%22%3E%3CDIV%20class%3D%22user-login%22%3EPaul's%20solution%20on%20the%20other%20thread%20works%20for%20me!%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1803%22%20target%3D%22_blank%22%3E%3CBR%20%2F%3E%3CBR%20%2F%3EPaul%20Pascha%3C%2FA%3E%3C%2FDIV%3E%3CDIV%20class%3D%22post-author-login%22%3E%26nbsp%3Breplied%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F4944%22%20target%3D%22_blank%22%3EChris%20Stewart%3C%2FA%3E%3C%2FDIV%3E%3CP%20class%3D%22lia-message-dates%20lia-message-post-date%20lia-component-post-date-last-edited%22%3E%3CSPAN%20class%3D%22DateTime%20lia-message-posted-on%20lia-component-common-widget-date%22%3E%3CSPAN%20class%3D%22local-friendly-date%22%3Eyesterday%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E-%20last%20edited%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22DateTime%20lia-message-edited-on%20lia-component-common-widget-date%22%3E%3CSPAN%20class%3D%22local-friendly-date%22%3Eyesterday%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22lia-quilt-column%20lia-quilt-column-12%20lia-quilt-column-right%20lia-quilt-column-header-right%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22lia-quilt-row%20lia-quilt-row-main%22%3E%3CDIV%20class%3D%22lia-quilt-column%20lia-quilt-column-18%20lia-quilt-column-left%20lia-quilt-column-main-left%22%3E%3CDIV%20class%3D%22lia-quilt-column-alley%20lia-quilt-column-alley-left%22%3E%3CSPAN%20class%3D%22solution-text%20lia-component-solution-info%22%3ESolution%3C%2FSPAN%3E%3CDIV%20class%3D%22lia-message-body%20lia-component-body-signature-highlight-escalation%22%3E%3CDIV%20class%3D%22lia-message-body-content%22%3E%3CP%3EConnecting%20to%20SharePoint%20Online%20using%20PnP%20PowerShell%20Connect-PnPOnline%20allows%20you%20to%20specify%20a%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EUseWebLogin%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eparameter.%20This%20allows%20you%20to%20connect%20with%20MFA%20enabled.%20Once%20connected%20you'd%20have%20many%20more%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-PowerShell%2Fblob%2Fmaster%2FDocumentation%2Freadme.md%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecmdlets%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FA%3Eat%20your%20disposal%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-PowerShell%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-PowerShell%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps!%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-92968%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticating%20to%20SharePoint%20Online%20site%20using%20CSOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92968%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Chris%2C%20i%20am%20glad%20that%20i%20am%20not%20the%20only%20one%20with%20this%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-92756%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticating%20to%20SharePoint%20Online%20site%20using%20CSOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92756%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20looks%20like%20we%20are%20facing%20a%20similar%20issue%2C%20but%20have%20asked%20in%20different%20parts%20of%20the%20forum.%20%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FSharePoint%2FUsing-SharePoint-Client-Side-Object-Model-with-PowerShell-and%2Fm-p%2F92734%23M8667%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FSharePoint%2FUsing-SharePoint-Client-Side-Object-Model-with-PowerShell-and%2Fm-p%2F92734%23M8667%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI'll%20let%20know%20if%20I%20find%20anything.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-92436%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticating%20to%20SharePoint%20Online%20site%20using%20CSOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92436%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20seen%20this%20error%20more%20than%20once.%20In%20most%20cases%20I%20just%20typed%20username%20%2F%20password%20wrong.%26nbsp%3BFederated%20authentication%20should%20not%20be%20a%20problem%20but%26nbsp%3Bhave%20you%20considered%20using%20App%20Credentials%20also%3F%20Are%20you%20using%20Multi-factor%20authentication%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPnP's%20AuthenticationManager%20Class%20provides%20some%20usefull%20utility%20methods%20to%20obtain%20an%20authenticated%20context%20in%20different%20ways.%20Could%20you%26nbsp%3Btry%20using%26nbsp%3B%3CSPAN%3EGetWebLoginClientContext%3C%2FSPAN%3E%26nbsp%3B%20for%20getting%20an%20authenticated%20context%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-Sites-Core%2Fblob%2Fmaster%2FCore%2FOfficeDevPnP.Core%2FAuthenticationManager.cs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-Sites-Core%2Fblob%2Fmaster%2FCore%2FOfficeDevPnP.Core%2FAuthenticationManager.cs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello, 

 

We have federated authentiation in our org and i am trying to connect to SharePoint site using CSOM with SharePoint Online credentials but getting an error. Here is the error message;

Microsoft.SharePoint.Client.IdcrlException: The partner returned a bad sign-in name or password error. For more information, see Federation Error-handling Scenarios. Anyone know a solution to this problem.

7 Replies
Highlighted
Solution

I've seen this error more than once. In most cases I just typed username / password wrong. Federated authentication should not be a problem but have you considered using App Credentials also? Are you using Multi-factor authentication? 

 

PnP's AuthenticationManager Class provides some usefull utility methods to obtain an authenticated context in different ways. Could you try using GetWebLoginClientContext  for getting an authenticated context? 

https://github.com/SharePoint/PnP-Sites-Core/blob/master/Core/OfficeDevPnP.Core/AuthenticationManage...

 

 

Highlighted

It looks like we are facing a similar issue, but have asked in different parts of the forum.  https://techcommunity.microsoft.com/t5/SharePoint/Using-SharePoint-Client-Side-Object-Model-with-Pow...

I'll let know if I find anything.

 

Highlighted

Thanks Chris, i am glad that i am not the only one with this issue.

Highlighted
 
Solution

Connecting to SharePoint Online using PnP PowerShell Connect-PnPOnline allows you to specify a UseWebLogin parameter. This allows you to connect with MFA enabled. Once connected you'd have many more cmdlets at your disposal

 

https://github.com/SharePoint/PnP-PowerShell

 

Hope this helps!

Highlighted

Thanks Chris and Paul, i finally able to connect to SP Online site using OfficeDevPnP (

GetWebLoginClientContext)

Highlighted

Thanks a lot, it works well for us. 

Highlighted

Here same problem. Federation with MFA, with digital key. So no more UN and PWD.

 

login with pnp-online works because I can user -weblogin.

 

But for some parts of my scripting I need CSOM. And the login for CSOM is with UN and PWD and I can't find a way to login with weblogin.

 

 

This is the code I used for CSOM-login which doesn't work anymore.

function Connect-CSOM($siteURL)
{
    Add-Type -Path ".\Microsoft.SharePoint.Client.dll"
    Add-Type -Path ".\Microsoft.SharePoint.Client.Runtime.dll"

    $adminAccount = "*******************"
    $adminPassword = ConvertTo-SecureString "***********" -AsPlainText -Force
    $cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $adminAccount, $adminPassword

    #$cred= Get-Credential
    $credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($cred.Username, $cred.Password)

    $script:contextWeb = New-Object Microsoft.SharePoint.Client.ClientContext($siteURL)
    $script:contextWeb.Credentials = $credentials

}