I am trying to login to a SharePoint website that uses Windows Integrated (NTLM) authentication. There are 2 ways to enter credentials for the SharePoint website, Windows Authentication and form authentication.
However, Form authentication is disable on this specific website and I can only use windows authentication. Is there a way for me to login to this site with different credential than what I used to login to my windows machine?
See error here: Form authentication denied
String site = "http://sharepoint/";
ClientContext context = new ClientContext(site);
context.AuthenticationMode = ClientAuthenticationMode.FormsAuthentication;
FormsAuthenticationLoginInfo formsAuthInfo = new FormsAuthenticationLoginInfo("MyUser", "MyPassword");
context.FormsAuthenticationLoginInfo = formsAuthInfo;
// The SharePoint web at the URL.
Web web = context.Web;
// We want to retrieve the web's properties.
context.Load(web);
// Execute the query to the server.
context.ExecuteQuery();
InitializeComponent();
I also tried to use:
context.Credentials = new NetworkCredential("user", "pass", site);
ClientContext context = new ClientContext(site);
context.Credentials = new NetworkCredential("user", "pass", site);
// The SharePoint web at the URL.
Web web = context.Web;
// We want to retrieve the web's properties.
context.Load(web);
// Execute the query to the server.
context.ExecuteQuery();
InitializeComponent();
I get the following 401 (unauthorized) error
Instead of changing the ClientContext object's AuthenticationMode property to FormsAuthentication, try setting the object's Credentials property to a valid Network Credential object.
ClientContext context = new ClientContext("http://sharepointsite/");
context.Credentials = new NetworkCredential("username","password","domain");
Don't know if it is late but, by default, the managed client object models authenticate users by using their Windows credentials (DefaultCredentials).
So you don't need to explicitly set the Credentials. Just Set following -
context.AuthenticationMode = ClientAuthenticationMode.Default;
Related
I wrote C# based Console Application (with SharePoint Managed Client object model) and configured the credentials in app.config (hard-coded but in encrypted form) to run the application, the application is working fine.
However, now client is having the requirement to run the console application with logged-in user(windows user) credentials and this user will be given admin rights in SharePoint site.
Scenario - If I logged in server where Console application is hosted, then it should run with my credentials without specifying anything in app.config. If another user logged in server, where Console application is hosted, then it should run from his credentials and so on.
Any suggestions ?
I think in the described scenario the behavior should be as fallows:
using (ClientContext context = new ClientContext("[URL]"))
{
Web web = context.Web;
User user = web.CurrentUser; // current logged in user to the server
context.Load(user);
context.ExecuteQuery();
Console.WriteLine(user.LoginName);
}
using (ClientContext context = new ClientContext("[URL]"))
{
context.Credentials = new NetworkCredential("Login", "Password", "domain");
Web web = context.Web;
User user = web.CurrentUser; // user from network credentials
context.Load(user);
context.ExecuteQuery();
Console.WriteLine(user.LoginName);
}
I have an Azure AD B2C. Since Azure Active Directory has been migrated to new portal, I have a problem to read and write tenant users data with the Azure Graph API. Before, I had an application which was created from the old portal and which doesn't work now.
So, I created a new application from the new portal, as following :
Open "Azure Active Directory" tab
Open "App registrations"
Click "New application registration"
"Properties" tab with :
Name : GraphApi
App ID URI : https://myTenant.onmicrosoft.com/graphapi
Home page URL : https://graph.windows.net/winbizdev.onmicrosoft.com
"Reply URLs" tab with :
https:// graph.windows.net/winbizdev.onmicrosoft.com
"Required permissions" tab with :
Windows Azure Active Directory -> Check 3 elements which don't require admin
"Keys" tab with :
CLIENT_SECRET which never expires
Here is now my C# code to access user data from Azure Graph API :
_authContext = new AuthenticationContext("https://login.microsoftonline.com/myTenant.onmicrosoft.com");
_credential = new ClientCredential("<Application Client Guid>", "<Client secret which I created in "Keys" tab");
var result = await _authContext.AcquireTokenAsync("https://graph.windows.net/", _credential);
var http = new HttpClient();
var graphUrl = "https://graph.windows.net/myTenant.onmicrosoft.com/users/<My User Guid>?api-version=1.6";
var request = new HttpRequestMessage(new HttpMethod("GET"), graphUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
var response = await http.SendAsync(request);
return response;
And I always obtain a 403 error Forbidden. The version of the assembly "Microsoft.IdentityModel.Clients.ActiveDirectory" is 3.13.8.99.
So, what is wrong in my configuration? What I have to do to read and write user tenant users data again with Azure Graph API?
Thanks for your help!
Alex
You are acquiring acess token using client credential flow . That means you need add related Application Permissions in Required permissions blade .
All application permissions of azure ad graph api need admin consent . Please click Grant Permissions button(login with admin's account) after adding application permissions .
I am writing a small desktop app that hooks into our company phone system and on a incoming call searches the DDI against the Contact entity and then if it finds a match offers to open the record for the user.
For security reasons we do not want to specify username and password in config files but rather use the default credentials for the logged on user. My issue is that my code works on our development server that does not use ADFS STS but it fails on our live server which does use ADFS STS. My code is below. If I use the username and password from the App Settings it works with the STS but commenting them out and using the CredentialCache causes the following error.
IOrganizationService _service;
OrganizationServiceProxy _serviceProxy;
ClientCredentials clientCredentials = new ClientCredentials();
//clientCredentials.UserName.UserName = ConfigurationManager.AppSettings["username"];
//clientCredentials.UserName.Password = ConfigurationManager.AppSettings["password"];
clientCredentials.Windows.ClientCredential = (NetworkCredential)CredentialCache.DefaultCredentials;
Uri organisationUri = new Uri(String.Format(ConfigurationManager.AppSettings["organisationUri"] + "XRMServices/2011/Organization.svc"));
ServicePointManager.ServerCertificateValidationCallback = AcceptAllCertificatePolicy;
IServiceConfiguration<IOrganizationService> serviceConfiguration = ServiceConfigurationFactory.CreateConfiguration<IOrganizationService>(organisationUri);
serviceConfiguration.Authenticate(clientCredentials);
However using default credentials gives the error
{"An error occurred when processing the security tokens in the message."}
I have a client application which consumes SharePoint web service (list.asmx). Recently SharePoint is migrated to SharePoint Online. Now authentication is failing.
This might be because authentication mechanism is different in SharePoint Online. I referred the article http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx for doing the authentication. However for some reason I am getting Authentication error now.
Please note I do not want authentication window to pop-up, as my client is a service.
Can anybody please give me some pointer/sample working application on how to do authentication with SharePoint Online?
Atul Sureka
SharePoint Online (SPO) uses claims-based authentication mode. Microsoft released SharePoint Online Client Components SDK which contains
SharePointOnlineCredentials class that could be utilized for SharePoint Web Services authentication in SPO.
How to authenticate SharePoint Web Services in SharePoint Online (SPO)
The following example demonstrates how to retrieve authentication cookies:
private static CookieContainer GetAuthCookies(Uri webUri, string userName, string password)
{
var securePassword = new SecureString();
foreach (var c in password) { securePassword.AppendChar(c); }
var credentials = new SharePointOnlineCredentials(userName, securePassword);
var authCookie = credentials.GetAuthenticationCookie(webUri);
var cookieContainer = new CookieContainer();
cookieContainer.SetCookies(webUri, authCookie);
return cookieContainer;
}
Example
string sourceUrl = "https://contoso.sharepoint.com/Documents/SharePoint User Guide.docx";
string destinationUrl = "https://contoso.sharepoint.com/Documents/SharePoint User Guide 2013.docx";
FieldInformation[] fieldInfos;
CopyResult[] result;
byte[] fileContent;
using(var proxyCopy = new Copy())
{
proxyCopy.Url = webUri + "/_vti_bin/Copy.asmx";
proxyCopy.CookieContainer = GetAuthCookies(webUri, userName, password);
proxyCopy.GetItem(sourceUrl,out fieldInfos,out fileContent);
proxyCopy.CopyIntoItems(sourceUrl,new []{ destinationUrl}, fieldInfos, fileContent, out result);
}
References
Remote Authentication in SharePoint Online Using Claims-Based
Authentication
SharePoint Online Client Components SDK
You can use the SharePoint Client Object Model to login into SharePoint online. If you use the username and password for authentication, instead of OAuth method, there's no authentication window pops up.
As how to do it, please refer this article.
We're trying to authenticate to our hosted TFS service account in c# using TeamFoundationServer .net control, here is my code :
NetworkCredential tfsCredential = new NetworkCredential(username, password);
TeamFoundationServer tfsServer = new TeamFoundationServer(tfsAddress, tfsCredential);
tfsServer.Authenticate();
Note that this is not an on-premises TFS server, it is the hosted TFS service at tfspreview.com and we try to sign-in with windows live account and with alternate authentication credentials but every time we try to authenticate, internet explorer open in a new windows and ask for credentials.
If we use the IE prompt to connect it works but we want to store the credentials and connect to the server without asking for the credentials every time,
You can either configure basic authentication under your profile or you can use a service credential. It all depends on what sort of permission you need. The basic auth operates under a user account which tends to be bad practice while the service account had elevated permissions.
Configure basic authentication for TF Service
For basic user authentication you should connect to TF Service and open your profile as indicated. There is a "Credentials" tab on your profile which will let you configure those credentials. This is good for per/user access through the API but is not good if you want to run things through a server or service.
Retrieve TFS Service Credentials
I created an application called the TFS Service Credential Viewer that allows you to retrieve the service credentials for your TF Service instance. This is the same thing that the Build & Test servers do when you configure them locally to work against the cloud.
I hope this helps...
You can try with this code based on impersonation of server
var serverUrl = "";
ICredentials credentials = new NetworkCredential(username, password, domain);
ICredentialsProvider TFSProxyCredentials = new NetworkCredentialsProvider(credentials);
TfsTeamProjectCollection currentCollection = new TfsTeamProjectCollection(new Uri(serverUrl), credentials);
// Get the TFS Identity Management Service
IIdentityManagementService identityManagementService = currentCollection.GetService<IIdentityManagementService>();
// Look up the user that we want to impersonate
TeamFoundationIdentity identity = identityManagementService.ReadIdentity(IdentitySearchFactor.AccountName, username, MembershipQuery.None, ReadIdentityOptions.None);
// Open collection impersonated
TfsTeamProjectCollection tfs = new TfsTeamProjectCollection(new Uri(serverUrl), credentials, TFSProxyCredentials, identity.Descriptor);
//For example we can access to service WorkItemStore
var workItemStore = tfs.GetService<WorkItemStore>();
Tfspreview.com now supports basic authentication which would eliminate IE being displayed at all. See here for details on how to set this up for your tfspreview.com and then use the username and password you configured.