Is it possible to create a Tenant object without Add-in Only authentication?

Brass Contributor

I am creating a timer job to provision sites asynchronously, similar to PnP Provisioning.OnPrem.Async project sample here.  This is for on-premises SharePoint 2016, and I am having trouble getting AppOnly (add-in only) authentication working.


All of these examples create a token using AppOnly (add-in only) authentication as below.   Can a token created using another means (e.g. a service account) still be used to create a context that can be used to create a Tenant object (as in last line of code below)?  If so, how?


            var tenantAdminUri = new Uri(rootSiteUrl);
            string realm = TokenHelper.GetRealmFromTargetUrl(tenantAdminUri);
            var token = TokenHelper.GetAppOnlyAccessToken(TokenHelper.SharePointPrincipal, tenantAdminUri.Authority, realm).AccessToken;

            using (var actx = TokenHelper.GetClientContextWithAccessToken(tenantAdminUri.ToString(), token))

var tenant = new Tenant(actx);



3 Replies



Definetly possible. You don't need to create a access token if you don't want to use add-in authentication. You can use Windows authentication instead and authenticate with current Windows account or stored credentials. Just create an instance of ClientContext and set Credentials like this:

using (var actx = new ClientContext(tenantAdminUri.ToString()))
//use current user
actx.Credentials = CredentialCache.DefaultNetworkCredentials;

//use stored credentials
actx.Credentials = OfficeDevPnP.Core.Utilities.CredentialManager.GetCredential("MyCredentials")


The AuthenticationManager class also provides you with a method for user authentication


 You pass the site collection (admin tenant in your case) and your user name ( and your password. Just ensure that you have the permissions to execute the needed methods.