How to create modern sites with code via app-only or any other mechanism.

%3CLINGO-SUB%20id%3D%22lingo-sub-466268%22%20slang%3D%22en-US%22%3EHow%20to%20create%20modern%20sites%20with%20code%20via%20app-only%20or%20any%20other%20mechanism.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-466268%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20developing%20a%20solution%20which%20is%20multi%20tenant%2C%20basically%20in%20the%20application%20I%20can%20register%20tenants%2C%20with%20a%20username%20and%20password%2C%20I%20save%20the%20password%20in%20Azure%20Key%20vault%20securely%20and%20from%20my%20point%20of%20view%20its%20secure%20enough%20as%20I%20am%20not%20storing%20passwords%20anywhere%20else%20and%20only%20the%20app%20itself%20can%20read%20passwords%20to%20execute%20tenant%20operations%2C%20like%20creation%20of%20communication%20sites%2C%20modern%20sites%2C%20etc.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20analyzed%20a%20bit%20the%20code%20of%20the%20PnP-Powershell%20and%20the%20credentials%20are%20actually%20saved%20into%20the%20windows%20credential%20manager.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlmost%20a%20year%20ago%20I%20wanted%20to%20do%20this%20solution%20with%20App-Only%2C%20but%20then%20there%20is%20no%20API%20for%20creating%20modern%20sites%20with%20App-Only%20thats%20why%20I%20choosed%20to%20do%20it%20as%20explained%20above%2C%20there%20is%20a%20uservoice%20for%20this%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsharepoint.uservoice.com%2Fforums%2F329220-sharepoint-dev-platform%2Fsuggestions%2F34236700-ability-to-use-app-only-calls-to-create-modern-sit%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsharepoint.uservoice.com%2Fforums%2F329220-sharepoint-dev-platform%2Fsuggestions%2F34236700-ability-to-use-app-only-calls-to-create-modern-sit%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnalyzing%20the%20AuthenticationManager%2C%20I%20see%20there%20are%20some%20methods%20that%20dont%20use%20username%20and%20password%20but%20instead%20use%20certificates%20and%20return%20a%20ClientContext.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESpeficially%20this%3A%26nbsp%3B%3CSPAN%3EGetHighTrustCertificateAppOnlyAuthenticatedContext%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EOn%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-Sites-Core%2Fblob%2Fmaster%2FCore%2FOfficeDevPnP.Core%2FAuthenticationManager.cs%23L481%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-Sites-Core%2Fblob%2Fmaster%2FCore%2FOfficeDevPnP.Core%2FAuthenticationManager.cs%23L481%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWill%20this%20method%20allow%20creation%20of%20modern%20sites%20or%20it%20has%20also%20the%20same%20restriction%20as%20App-Only%3F%26nbsp%3B%20Is%20there%20anyother%20way%20that%20I%20can%20access%20other%20tenant%20via%20CODE%20without%20actually%20having%20their%20username%20and%20password%20stored%20in%20my%20design%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EApp-Only%20would%20be%20ideal%20but%20its%20still%20not%20implemented.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-468999%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20create%20modern%20sites%20with%20code%20via%20app-only%20or%20any%20other%20mechanism.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-468999%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119133%22%20target%3D%22_blank%22%3E%40Luis%20Valencia%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eyou%20can%20use%20Graph%20API%20and%20create%20an%20O365%20Group%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fgroup-post-groups%3Fview%3Dgraph-rest-1.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fgroup-post-groups%3Fview%3Dgraph-rest-1.0%3C%2FA%3E%26nbsp%3BApplication%20is%20supported%2C%20with%26nbsp%3BGroup.ReadWrite.All%20permission%20on%20your%20Azure%20Active%20Directory%20Application%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20you%20can%20find%20the%20reference%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fsolution-guidance%2Fmodern-experience-customizations-provisioning-sites%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fsolution-guidance%2Fmodern-experience-customizations-provisioning-sites%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20suggest%20to%20you%20to%20use%20graph%20directly%2C%20because%20of%26nbsp%3B%3CSPAN%3ETeamSiteCollectionCreationInformation%20and%26nbsp%3BPnP%20CSOM%20Core%20component%20in%20my%20experience%20has%20some%20bugs%2C%20but%20feel%20free%20to%20use%2C%20maybe%20in%20your%20case%20it%20works%20good%20%3A)%3C%2Fimg%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ECheers%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EFederico%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-469839%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20create%20modern%20sites%20with%20code%20via%20app-only%20or%20any%20other%20mechanism.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-469839%22%20slang%3D%22en-US%22%3EThanks%20Federico%2C%20but%20I%20dont%20want%20to%20create%20groups%2C%20I%20want%20to%20create%20modern%20sites%20without%20groups.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-511411%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20create%20modern%20sites%20with%20code%20via%20app-only%20or%20any%20other%20mechanism.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-511411%22%20slang%3D%22en-US%22%3E%3CP%3EWould%20love%20that%20somebody%20from%20Microsoft%20can%20tell%20us%20something%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1366057%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20create%20modern%20sites%20with%20code%20via%20app-only%20or%20any%20other%20mechanism.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1366057%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119133%22%20target%3D%22_blank%22%3E%40Luis%20Valencia%3C%2FA%3E%26nbsp%3B%3A%20You%20can%20create%20team%20sites%20without%20group%20using%20app-only%20context%2C%20please%20find%20below%20links%2C%20that%20may%20be%20useful%20for%20you%20%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsharepoint.uservoice.com%2Fforums%2F329220-sharepoint-dev-platform%2Fsuggestions%2F34236700-ability-to-use-app-only-calls-to-create-modern-sit%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsharepoint.uservoice.com%2Fforums%2F329220-sharepoint-dev-platform%2Fsuggestions%2F34236700-ability-to-use-app-only-calls-to-create-modern-sit%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fapis%2Fsite-creation-rest%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fapis%2Fsite-creation-rest%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I am developing a solution which is multi tenant, basically in the application I can register tenants, with a username and password, I save the password in Azure Key vault securely and from my point of view its secure enough as I am not storing passwords anywhere else and only the app itself can read passwords to execute tenant operations, like creation of communication sites, modern sites, etc.

 

I analyzed a bit the code of the PnP-Powershell and the credentials are actually saved into the windows credential manager.

 

Almost a year ago I wanted to do this solution with App-Only, but then there is no API for creating modern sites with App-Only thats why I choosed to do it as explained above, there is a uservoice for this:

https://sharepoint.uservoice.com/forums/329220-sharepoint-dev-platform/suggestions/34236700-ability-...

 

Analyzing the AuthenticationManager, I see there are some methods that dont use username and password but instead use certificates and return a ClientContext.

 

Speficially this: GetHighTrustCertificateAppOnlyAuthenticatedContext

On: https://github.com/SharePoint/PnP-Sites-Core/blob/master/Core/OfficeDevPnP.Core/AuthenticationManage...

 

 

Will this method allow creation of modern sites or it has also the same restriction as App-Only?  Is there anyother way that I can access other tenant via CODE without actually having their username and password stored in my design

 

App-Only would be ideal but its still not implemented.

 

 

4 Replies

Hi @Luis Valencia 

you can use Graph API and create an O365 Group

https://docs.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0 Application is supported, with Group.ReadWrite.All permission on your Azure Active Directory Application

 

Here you can find the reference https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/modern-experience-customizations-p... 

I suggest to you to use graph directly, because of TeamSiteCollectionCreationInformation and PnP CSOM Core component in my experience has some bugs, but feel free to use, maybe in your case it works good :) 

 

Cheers,

Federico

Thanks Federico, but I dont want to create groups, I want to create modern sites without groups.

Would love that somebody from Microsoft can tell us something here.