Integrate with SharePoint online API through console application which hosted on onprem windows VM

Iron Contributor

I have the below console application which is hosted on a local windows VM, which integrates with SharePoint Online. the console application authenticates with SharePoint using ClientId, TenantID & Certificate, as follow:-

using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using PnP.Core.Auth;
using PnP.Core.Model.SharePoint;
using PnP.Core.Model.Teams;
using PnP.Core.QueryModel;
using PnP.Core.Services;
using PnP.Core.Services.Builder.Configuration;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Globalization;
using System.Runtime.CompilerServices;
using System.Security.Cryptography.X509Certificates;
using static Microsoft.ApplicationInsights.MetricDimensionNames.TelemetryContext;
using static System.Net.Mime.MediaTypeNames;

namespace ConsoleApp4
    internal class Program
        static async Task Main(string[] args)
            var tenantId = "b***c";
            var clientId = "7*****9";
            var certificatePath = @"c:\CERT\SPDashBoardIntegration.pfx";
            var certificatePassword = "***";

            // Initialize a new service collection
            var serviceCollection = new ServiceCollection();

            // Load the certificate
            var certificate = new X509Certificate2(certificatePath, certificatePassword, X509KeyStorageFlags.Exportable);

            // Configure logging
            serviceCollection.AddLogging(builder =>

            // Add and configure PnP Core SDK
            serviceCollection.AddPnPCore(options =>
                options.PnPContext.GraphFirst = true; // Set true if you prefer to use Graph over CSOM when possible
                                                      // options.HttpRequests.UserAgent = "ISV|Contoso|ProductX";
                options.Sites.Add("SiteToWorkWith", new PnPCoreSiteOptions
                    SiteUrl = "https://****************-******",
                    AuthenticationProvider = new X509CertificateAuthenticationProvider(clientId, tenantId, certificate)

Now my question is if this is a secure approach? I mean when the VM sends the ClientID, Client Secret & Certificate to SharePoint Online, will that info be secure on the network? i mean will the console application communicate with SharePoint in a secure way when it sends the credentials (ClientID, Client Secret & Certificate)? If not, then how we can secure this?


0 Replies