Authenticate SharePoint Using PnP Authentication Manager

Authentication Manager is one of the key capabilities from PnP core component and it provides the methods to authenticate different SharePoint environments (SharePoint Online, SharePoint 2013, SharePoint 2016) irrespective of any authentication methods configured to the SharePoint sites.

The methods used for authentication are available under OfficeDevPnP.Core.AuthenticationManager class from OfficeDevPnP.Core assembly. I have listed those methods based on the environment type.

SharePoint Online

• GetSharePointOnlineAuthenticatedContextTenant
  
  Returns ClientContext object to be used by CSOM code:
  
  1. GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, string tenantUserPassword)  
  2.   
  3. GetSharePointOnlineAuthenticatedContextTenant(string siteUrl, string tenantUser, SecureString tenantUserPassword),  

  Parameters	Description
  siteUrl	Site for which the ClientContext object will be instantiated
  tenantUser	User to be used to instantiate the ClientContext object
  tenantUserPassword	Password (SecureString) of the user used to instantiate the ClientContext object

• The below example code returns the ClientContext object from SharePoint Online site using explicit credentials,
  
  1. //SharePoint Online - Credentials  
  2. string siteUrl = "https://mycompany.sharepoint.com";  
  3. string userName = "administrator@mycompany.onmicrosoft.com";  
  4. SecureString password = GetSecureString("password");  
  5. AuthenticationManager authManager = new AuthenticationManager();  
  6. ClientContext context = authManager.GetSharePointOnlineAuthenticatedContextTenant(siteUrl,userName, password);  
• GetAppOnlyAuthenticatedContext
  
  Returns an app only ClientContext object,
  
  1. GetAppOnlyAuthenticatedContext(string siteUrl, string appId, string appSecret)  
  2.   
  3. GetAppOnlyAuthenticatedContext(string siteUrl, string realm, string appId, string appSecret, string acsHostUrl = "accesscontrol.windows.net", string globalEndPointPrefix = "accounts")  

  Parameters	Description
  siteUrl	Site for which the ClientContext object will be instantiated
  appId	Application ID which is requesting the ClientContext object
  appSecret	Application secret of the Application which is requesting the ClientContext object
  realm	Realm of the environment (tenant) that requests the ClientContext object
  appSecret	Application secret of the Application which is requesting the ClientContext object
  acsHostUrl	Azure ACS host, defaults to accesscontrol.windows.net but internal pre-production environments use other hosts
  globalEndPointPrefix	Azure ACS endpoint prefix, defaults to accounts but internal pre-production environments use other prefixes

  The below example returns the ClientContext object from SharePoint Online site by authenticating from Office 365 site. Authenticating happens by based on given App secret information.
  1. //SharePoint Online - App Only  
  2. string siteUrl = "https://mycompany.sharepoint.com";  
  3. string acsAppId = "70DA500D-6000-48D4-AA1F-22793A5FE814";  
  4. string acsSupport = GetString("ACS App Secret");  
  5. AuthenticationManager authManager = new AuthenticationManager();  
  6. ClientContext context = authManager.GetAppOnlyAuthenticatedContext(siteUrl, acsAppId, acsSupport);   
• GetAzureADNativeApplicationAuthenticatedContext
  
  Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication.
  
  1. GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, string redirectUrl, TokenCache tokenCache = null)  
  2.   
  3. GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, Uri redirectUri, TokenCache tokenCache = null)  

  Parameters	Description
  siteUrl	Site for which the ClientContext object will be instantiated
  clientId	The Azure AD Native Application Client ID
  redirectUri	The Azure AD Native Application Redirect Uri
  tokenCache	Optional token cache. If not specified an in-memory token cache will be used. Microsoft.IdentityModel.Clients.ActiveDirectory should be added as assembly reference for TokenCache parameter

  The below example code returns the ClientContext object by authenticating the user from Azure AD. Authenticating happens by redirecting the user to Azure AD Logon page.
  1. //SharePoint Online - Interactive via Azure AD  
  2. string siteUrl = "https://mycompany.sharepoint.com";  
  3. string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";   
  4. AuthenticationManager authManager = new AuthenticationManager();  
  5. ClientContext context = authManager.GetAzureADNativeApplicationAuthenticatedContext(siteUrl, aadAppId, "<redirect url>");   
• GetAzureADAppOnlyAuthenticatedContext
  
  Returns a SharePoint ClientContext using Azure Active Directory App Only Authentication. This requires that you have a certificated created, and updated the key credentials key in the application manifest in the Azure AD accordingly.
  
  1. GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, StoreName storeName, StoreLocation storeLocation, string thumbPrint)  
  2.   
  3. GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, string certificatePath, string certificatePassword)  

  Parameters	Description
  siteUrl	Site for which the ClientContext object will be instantiated
  clientId	The Azure AD Application Client ID
  Tenant	The Azure AD Tenant, e.g. mycompany.onmicrosoft.com
  storeName	The name of the store for the certificate
  storeLocation	The location of the store for the certificate
  thumbprint	The thumbprint of the certificate to locate in the store
  certificatePath	The path to the certificate (*.pfx) file on the file system
  certificatePassword	Password to the certificate

  The below example code returns the ClientContext object by authenticating the user based on provided APP’s certification information.
  1. //SharePoint Online - App Only via Azure AD  
  2. string siteUrl = "https://mycompany.sharepoint.com";  
  3. string aadAppId = "F64560FE-714D-485E-89C2-03E592F926FE";  
  4. string pfxPassword = GetString("Get PFX file password");  
  5. AuthenticationManager authManager = new AuthenticationManager();  
  6. ClientContext context = authManager.GetAzureADAppOnlyAuthenticatedContext(siteUrl, aadAppId, "mycompany.onmicrosoft.com", @"<certificate Path>", pfxPassword);   
• GetAzureADAccessTokenAuthenticatedContext
  
  Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires you have an Azure AD Web Application registered. The user will not be prompted for authentication, the current user's authentication context will be used by leveraging an explicit OAuth 2.0 Access Token value.
  
  1. GetAzureADAccessTokenAuthenticatedContext(String siteUrl, String accessToken)  

  Parameters	Description
  siteUrl	Site for which the ClientContext object will be instantiated
  accessToken	An explicit value for the AccessToken

  The below example returns the ClientContext object from SharePoint online site based on provided access token information.
  1. //SharePoint Online - AccesToken from Azure AD  
  2. string siteUrl = "https://mycompany.sharepoint.com";  
  3. string accessToken = "<Access Token>";   
  4. AuthenticationManager authManager = new AuthenticationManager();  
  5. ClientContext context = authManager.GetAzureADAccessTokenAuthenticatedContext(siteUrl, accessToken);   
• GetAzureADWebApplicationAuthenticatedContext
  
  Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Web Application registered. The user will not be prompted for authentication, the current user's authentication context will be used by leveraging ADAL.
  
  1. GetAzureADWebApplicationAuthenticatedContext(String siteUrl, Func<String, String> accessTokenGetter)  

  Parameters	Description
  siteUrl	Site for which the ClientContext object will be instantiated
  accessToken	The AccessToken getter method to use

  The below example returns the ClientContext object from SharePoint online site based on generated access token information.
  1. //SharePoint Online - Generated AccesToken from Azure AD  
  2. string siteUrl = "https://mycompany.sharepoint.com";   
  3. AuthenticationManager authManager = new AuthenticationManager();  
  4. ClientContext context = authManager.GetAzureADWebApplicationAuthenticatedContext(siteUrl, accessTokenGenerator());   

SharePoint On-Premises

• GetADFSUserNameMixedAuthenticatedContext
  
  Returns a SharePoint on-premises ClientContext for sites secured via ADFS,
  
  1. GetADFSUserNameMixedAuthenticatedContext(string siteUrl, string user, string password, string domain, string sts, string idpId, int logonTokenCacheExpirationWindow = 10)  

  Parameters	Description
  siteUrl	Url of the SharePoint site that's secured via ADFS
  user	Name of the user (e.g. administrator)
  password	Password of the user
  domain	Windows domain of the user

  The below example returns the ClientContext object from SharePoint on-premises site based on provided credential information.
  1. //SharePoint On-Premises - ADFS  
  2. string siteUrl = "https://mycompany.com";  
  3. string userName = "UserName";  
  4. string password = GetSecureString("password");  
  5. string domain = "Domain";  
  6. AuthenticationManager authManager = new AuthenticationManager();  
  7. ClientContext context = authManager.GetADFSUserNameMixedAuthenticatedContext(siteUrl, userName, password, "<sts>", "<IDPID>", "10");   

SharePoint Online & On-Premises

• GetWebLoginClientContext
  
  Returns a SharePoint on-premises/ SharePoint Online ClientContext object. Requires claims based authentication with FedAuth cookie.
  
  1. GetWebLoginClientContext(string siteUrl)  

  Parameters	Description
  siteUrl	Site for which the ClientContext object will be instantiated

  The below example returns the ClientContext object from SharePoint online site by interacting with user for logon information.
  1. //SharePoint Online - Interactive  
  2. string siteUrl = "https://mycompany.sharepoint.com";  
  3. AuthenticationManager authManager = new AuthenticationManager();  
  4. ClientContext context = authManager.GetWebLoginClientContext(siteUrl);   
• GetNetworkCredentialAuthenticatedContext
  
  Returns a SharePoint on-premises/ SharePoint Online Dedicated ClientContext object.
  
  GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, SecureString password, string domain)
  
  1. GetNetworkCredentialAuthenticatedContext(string siteUrl, string user, string password, string domain)  

  Parameters	Description
  siteUrl	Site for which the ClientContext object will be instantiated
  user	User to be used to instantiate the ClientContext object
  password	Password (SecureString) of the user used to instantiate the ClientContext object
  domain	Domain of the user used to instantiate the ClientContext object

  The below example returns the ClientContext object SharePoint On-premises site based on the provided credential information.
  1. //SharePoint On-Premises - Credentials  
  2. string siteUrl = "https://mycompany.com";  
  3. string userName = "UserName";  
  4. SecureString password = GetSecureString("password");  
  5. string domain = "Domain";  
  6. AuthenticationManager authManager = new AuthenticationManager();  
  7. ClientContext context = authManager.GetNetworkCredentialAuthenticatedContext(siteUrl, userName, password, domain);