使用 CSOM 对 Sharepoint Online 进行身份验证 [英] Authentication to Sharepoint Online with CSOM
问题描述
我觉得我在这里遗漏了一些东西.我正在尝试通过 C# 控制台应用程序登录到 SPO 租户,但出现错误:
I feel like I'm missing something here. I'm trying to login to a SPO tenant via a C# Console app, but I'm getting the error:
无法联系网站https://xxx.sharepoint.com/"或该网站不支持 SharePoint Online 凭据.响应状态代码为未授权".
Cannot contact web site 'https://xxx.sharepoint.com/' or the web site does not support SharePoint Online credentials. The response status code is 'Unauthorized'.
我知道该帐户有效,因为我可以直接从浏览器登录该帐户.最后,我喜欢使用 CSOM 对 SP 列表、术语库和文档库进行 CRUD 操作,但 CSOM 不是硬性要求(我承认我不知道 RESTAPI 可以完成整个工作).
I know the account works, as I'm able to login with the account directly from browsers. In the end, I'd like to use the CSOM to do CRUD operations on SP Lists, Term Stores and Document Libraries, but CSOM is not a hard requirement (and I admittedly don't know if REST APIs can do the whole job).
我已经看到将 LegacyAuthProtocolsEnabled 值更改为 True 可以帮助解决此问题,但我们的安全人员不允许我启用该功能.
I've seen that changing the LegacyAuthProtocolsEnabled value to True can help with this, but our security folks won't allow me to enable that feature.
代码非常简单:
SecureString passWord = getPassword();
using (var context = new ClientContext(URI))
{
context.Credentials = new SharePointOnlineCredentials(userName, passWord);//new NetworkCredential(userName, passWord);//
context.Load(context.Web, web => web.Title);
context.ExecuteQuery(); //Error happens here
Console.WriteLine("Your site title is: " + context.Web.Title);
}
如您所见,我也尝试过传递 NetworkCredentials 对象,这也不起作用(我也收到了 401 响应).
As you can see, I've also tried passing the NetworkCredentials object, which also doesn't work (I also get a 401 response).
进一步说明,我已经研究了仅限应用程序的身份,但我不相信我可以使用这些身份,因为它们对管理分类法(即术语库中的托管元数据)和管理文件(尽管这可能只是对使用 CSOM 的限制,我不清楚 本页)
As a further note, I've looked into App-only identities, but I don't believe I can use those due to their restrictions on managing taxonomy (ie. managed metadata within Term Stores) and managing files (though this may be a restriction only on using CSOM, it's not clear to me from this page)
基于此,你能看出我在这里做错了什么吗?或者,如果有不同/更好的方法来做到这一点,我也愿意!
Based on this, can you see what I'm doing wrong here? Or if there's a different/better way to do this, I'm open to that as well!
EDIT:看起来当 LegacyAuthProtocolsEnabled 设置为 False 时,我根本无法使用 SharePointOnlineCredentials 类,基于 此页面.鉴于此,看来我需要一种不同的方法来获得此访问权限!
EDIT: Looks like when LegacyAuthProtocolsEnabled is set to False I explicitly cannot use the SharePointOnlineCredentials class at all, based on this page. Given that, looks like I need a different approach to get this access!
推荐答案
您所描述的守护程序方案可以使用 Azure 应用程序来实现,以通过 JWT 令牌进行身份验证和获取权限.有关演练,请参阅使用用户名和非交互方式向 Azure AD 进行身份验证密码或 Windows 集成身份验证
the daemon scenario you are describing can be achieved using an Azure App for authenticating and getting permissions via a JWT token. For a walkthrough see Authenticating to Azure AD non-interactively using a username & password or Windows Integrated Authentication
如果您之前没有使用过 azure 应用程序,我建议您花点时间熟悉一下.他们基本上是您创建和批准的受信任主体,以便您的应用使用他们的权限来执行 SharePoint 操作.
If you have not worked with azure apps before I recommend you take some time to get acquainted. They are basically trusted principals you create and approve so that your apps use their permissions to perform SharePoint operations.
我也不再推荐 CSOM 用于任何新的开发,尤其是对于 SP Online,因为我相信 Microsoft 正在(或多或少公开地)停用此 API.使用 Gautam 也推荐的 PnP 库,它会保持最新状态,并且是 REST API 和 Managed Metadate 等的一个很好的包装器.
I am also no longer recommending CSOM for any new developments, especially for SP Online as I believe Microsoft is (more or less openly) retiring this API. Use the PnP library as Gautam also recommended, this is being kept up to date and is a great wrapper for the REST API and also Managed Metadate etc.
这篇关于使用 CSOM 对 Sharepoint Online 进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
