/// <summary>
/// Get SP Client Context based on user name and password stored in AppSettings
/// </summary>
public ClientContext GetClientContextWithUserNamePassword(string webUrl)
{
string userName = KeyVaultUtility.GetSecret(ConfigurationManager.AppSettings["kv:ServicePrincipalNameSecretName"], this.TraceWriter).Result;
string password = KeyVaultUtility.GetSecret(ConfigurationManager.AppSettings["kv:ServicePrincipalPasswordSecretName"], this.TraceWriter).Result;
return(GetClientContextWithUserNamePassword(webUrl, userName, password));
}
private ClientContext GetClientContextWithSharePointAppIdentity(string webUrl)
{
string appId = KeyVaultUtility.GetSecret(ConfigurationManager.AppSettings["sps:spGroupRequestAppIdKeyVaultSecretName"], this.TraceWriter).Result;
string appSecret = KeyVaultUtility.GetSecret(ConfigurationManager.AppSettings["sps:spGroupRequestAppSecretKeyVaultSecretName"], this.TraceWriter).Result;
this.TraceWriter.Info($"Creating SP Client Context with SharePoint App Identity to {webUrl} with appId { appId }");
ClientContext clientContext = new OfficeDevPnP.Core.AuthenticationManager().GetAppOnlyAuthenticatedContext(webUrl, appId, appSecret);
return(clientContext);
}
/// <summary>
/// Get Delegated access token to AAD with credentials stored in AppSettings
/// </summary>
/// <returns></returns>
public static async Task <string> GetAzureDelegatedAuthenticationToken(string resource, TraceWriter log)
{
log.Info($"Getting delegated app access token");
string authority = $"https://login.microsoftonline.com/{ ConfigurationManager.AppSettings["o365:SpoTenantName"] }";
string tenantId = ConfigurationManager.AppSettings["aad:TenantId"];
string clientId = ConfigurationManager.AppSettings["aad:NativeAppId"];
UserCredential userCredential = new UserCredential(
KeyVaultUtility.GetSecret(ConfigurationManager.AppSettings["kv:ServicePrincipalNameSecretName"], log).Result,
KeyVaultUtility.GetSecret(ConfigurationManager.AppSettings["kv:ServicePrincipalPasswordSecretName"], log).Result);
AuthenticationContext context = new AuthenticationContext(authority);
var result = await context.AcquireTokenAsync(resource, clientId, userCredential);
log.Info($"auth result for { userCredential.UserName } is { result.UserInfo } { result.AccessTokenType }");
return(result.AccessToken);
}
/// <summary>
/// Get client context with Azure AD App and authenticate with certificate
/// </summary>
/// <param name="notification"></param>
/// <param name="log"></param>
/// <param name="exeuctionContext"></param>
/// <returns></returns>
public ClientContext GetClientContextWithAzureAppIdentity(string webUrl, ExecutionContext exeuctionContext)
{
//string url = String.Format("https://{0}{1}", ConfigurationManager.AppSettings["o365:SpoTenantUrl"], notification.SiteUrl);
string spoTenantName = ConfigurationManager.AppSettings["o365:SpoTenantName"];
string clientId = ConfigurationManager.AppSettings["aad:ApplicationId"];
string clientSecret = ConfigurationManager.AppSettings["aad:ApplicationSecret"];
string certName = ConfigurationManager.AppSettings["aad:ApplicationCertificatePrivateKeyFileName"];
string certPassword = KeyVaultUtility.GetSecret(ConfigurationManager.AppSettings["kv:ApplicationCertificatePasswordSecretName"], this.TraceWriter).Result;
this.TraceWriter.Info($"Tenant Name is { spoTenantName } Client ID is {clientId } client Secret is { clientSecret } Cert name is { certName } Cert password is { certPassword }");
//Cert is at the root of the function
//string certPath = Path.Combine(Directory.GetParent(exeuctionContext.FunctionDirectory).FullName, certName);
string certPath = Path.Combine(exeuctionContext.FunctionDirectory, certName);
this.TraceWriter.Info($"Getting X509Certificate from { certPath }");
this.TraceWriter.Info($"Parent path is {Path.Combine(Directory.GetParent(exeuctionContext.FunctionDirectory).FullName, certName)}");
X509Certificate2 cert = new X509Certificate2(certPath, certPassword);
this.TraceWriter.Info($"Creating SP Client Context with Azure App Identity to {webUrl}");
return(new OfficeDevPnP.Core.AuthenticationManager().GetAzureADAppOnlyAuthenticatedContext(webUrl, clientId, spoTenantName, cert));
}