Microsoft Modern Authentication - SSO

-

 In some company, getting application level permissions might be hard to do due to security reason.  Within those environment, setting up a job that runs periodically could be difficult.  One of the way to do it is to make sure your job running account has enough permissions and you have a SPN with enough delegated permissions.

The below code show how to use the logged in account to get access token for SharePoint scope.

public async Task<string> GetSSOUserAccessToken(Uri spSiteUrl) {

var _clientId = "";

var _tenantId = "";

var _scheme = siteUrl.Scheme;

var _hostUrl = siteUrl.host;

var _scope = "AllSites.FullControl";

string[] _scopes = new string[] {string.Format("{0}://{1}/{2}", _schem, _hostUrl, _scope);

var authority = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/", "https://login.microsoftonline.com", _tenantId);

try {

    IPublicClientApplication app = PublicClientApplicationBuilder.Create(_clientId).WithAurhority(new     Uri(authority)).Build();

    var accounts = await app.GetAccountsAsync();

    if (accounts.Any()){

        AuthResult = await app.AcquireTokenSilent(_scopes, accounts.FirstOrDefault()).ExecuteAsync();

    }

    else{

        AuthResult = await app.AcquireTokenByIntegratedWindowsAuth(_scope).ExecuteAsync(CancellationToken.None);

    }

    return AuthResult.AccessToken;

    }

    catch (Exception ex){

        Log.Log(ex.ToString());

    }

}


And then below code would be how to create SharePoint ClientContext from the access token

public async Task<ClientContext> GetSSOUserContext(string spUrl, string userAgent, string clientTag = ""){

    var context = new ClientContext(spUrl);

    string token = await GetSSOUserAccessToken(new Uri(spUrl));

    context.ExecutingWebRequest += (s, e) => {

        e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + token;

        e.WebRequestExecutor.WebRequest.UserAgent = userAgent;

    };

    if (!String.InNullOrEmpty(clientTag)){

        context.CliengTag = clientTag;

    }

    return   context; 

}

Comments

Post a Comment

Popular posts from this blog

SharePoint 2013 - Working with Display Template for Content Search Web Part

-
Image
To create a custom display template, the best approach is to copy an existing one from Out-Of-Box display templates.  You can try each one and find the one that is closest to what you want to do. All the display templates are in the master page gallery.  To access it, Site Settings -> Master pages and page layouts -> Display Templates The Content Web Parts folder contains the display templates for content search web part and Search folder contains the display templates for the search results web parts. The easiest way to take a look at the display templates is to open the list in windows explorer.  On the ribbon, click on Open with Explorer option. You'll see a lot of html and js files in Content Web Parts folder.  The HTML files are the ones that you'll need to take a look.  The .js files are auto-generated when you add a new HTML file or update an existing one. For every content search web part, you usually have to specify two display tem...
Read more

How to Customize MOSS Site Manager (Site Content and Structure Page)

-
MOSS Site Manager page (Site Content and Structure page, _layouts/sitemanager.aspx) in my opinion one of the most important page for Web Content Management in MOSS. However, it is not so easy to custom. As you might be aware that the custom ECM menu (that shows on normal library page) won't be showing up in this page. This post hopefully will provide a starting point for you. To customize it, I did the following things: copy the original siteManager.aspx in C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS and create a new file, call CustomSiteManager.aspx. Change the SiteAction.xml in C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\EditingMenu if you want to customize for all sites on MOSS environment. Or you can change the customSiteAction.xml at Master Page Gallery -> Editing Menu folder if you only want one site collection to be customized. Basically, you want to point the "Manage Cont...
Read more

Add spell check dictionary in SharePoint 2010, SharePoint 2013, and Office 365

-
I was looking for how to add custom spell check dictionary in SharePoint 2013 and I found this blog that describes it, http://softlanding.ca/blog/adding-words-to-the-sharepoint-spell-checker-dictionary-(sharepoint-2013-2010). Here is the summary steps in case the above link doesn't work any more. At the root level of your site create a document library called " Spelling " (make sure to name the document library exactly as listed here) On your desktop create a new text file called " Custom Dictionary ", so that the file name looks like " Custom Dictionary.txt " (make sure to spell the file name exactly as listed here) Open the " Custom Dictionary " text file and in this file type in the words you would like NOT to be considered misspelled words (please note that the words are case sensitive so I would have a separate entry for Softlanding and softlanding, and also please make sure each word is listed on a new line) Upload the " C...
Read more