Is it possible to create a Tenant object without Add-in Only authentication?

Brass Contributor

I am creating a timer job to provision sites asynchronously, similar to PnP Provisioning.OnPrem.Async project sample here.  This is for on-premises SharePoint 2016, and I am having trouble getting AppOnly (add-in only) authentication working.

 

All of these examples create a token using AppOnly (add-in only) authentication as below.   Can a token created using another means (e.g. a service account) still be used to create a context that can be used to create a Tenant object (as in last line of code below)?  If so, how?

 

            var tenantAdminUri = new Uri(rootSiteUrl);
            string realm = TokenHelper.GetRealmFromTargetUrl(tenantAdminUri);
            var token = TokenHelper.GetAppOnlyAccessToken(TokenHelper.SharePointPrincipal, tenantAdminUri.Authority, realm).AccessToken;

            using (var actx = TokenHelper.GetClientContextWithAccessToken(tenantAdminUri.ToString(), token))
            {...

var tenant = new Tenant(actx);

 

 

3 Replies

Hi,

 

Definetly possible. You don't need to create a access token if you don't want to use add-in authentication. You can use Windows authentication instead and authenticate with current Windows account or stored credentials. Just create an instance of ClientContext and set Credentials like this:

using (var actx = new ClientContext(tenantAdminUri.ToString()))
{
//use current user
actx.Credentials = CredentialCache.DefaultNetworkCredentials;

//use stored credentials
actx.Credentials = OfficeDevPnP.Core.Utilities.CredentialManager.GetCredential("MyCredentials")
}

 

The AuthenticationManager class also provides you with a method for user authentication

GetSharePointOnlineAuthenticatedContextTenant

 You pass the site collection (admin tenant in your case) and your user name (yourname@tenant.com) and your password. Just ensure that you have the permissions to execute the needed methods.