/// <summary>
/// Resolves the type of the Authentication Provider to create
/// </summary>
/// <param name="option">The configuration options for the target Authentication Provider</param>
/// <returns>The type of the target Authentication Provider</returns>
private static Type ResolveAuthenticationProviderType(PnPCoreAuthenticationCredentialConfigurationOptions option)
{
// Determine the Authentication Provider type to create
Type providerType = null;
if (option.X509Certificate != null)
{
providerType = typeof(X509CertificateAuthenticationProvider);
}
else if (option.CredentialManager != null)
{
providerType = typeof(CredentialManagerAuthenticationProvider);
}
else if (option.OnBehalfOf != null)
{
providerType = typeof(OnBehalfOfAuthenticationProvider);
}
else if (option.UsernamePassword != null)
{
providerType = typeof(UsernamePasswordAuthenticationProvider);
}
else if (option.DeviceCode != null)
{
providerType = typeof(DeviceCodeAuthenticationProvider);
}
else
{
providerType = typeof(InteractiveAuthenticationProvider);
}
return(providerType);
}
/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// We need the DeviceCode options
if (options.DeviceCode == null)
{
throw new ConfigurationErrorsException(
PnPCoreAuthResources.DeviceCodeAuthenticationProvider_InvalidConfiguration);
}
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
RedirectUri = options.DeviceCode.RedirectUri ?? AuthGlobals.DefaultRedirectUri;
// Build the MSAL client
publicClientApplication = PublicClientApplicationBuilder
.Create(ClientId)
.WithPnPAdditionalAuthenticationSettings(
options.DeviceCode.AuthorityUri,
RedirectUri,
TenantId,
options.Environment)
.WithHttpClientFactory(msalHttpClientFactory)
.Build();
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.DeviceCodeAuthenticationProvider_LogInit);
}
/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// We need the OnBehalfOf options
if (options.OnBehalfOf == null)
{
throw new ConfigurationErrorsException(
PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidConfiguration);
}
// We need the certificate thumbprint
if (string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret) && string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint))
{
throw new ConfigurationErrorsException(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidClientSecretOrCertificate);
}
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
if (!string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint))
{
// We prioritize the X.509 certificate, if any
Certificate = X509CertificateUtility.LoadCertificate(
options.OnBehalfOf.StoreName,
options.OnBehalfOf.StoreLocation,
options.OnBehalfOf.Thumbprint);
}
else if (!string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret))
{
// Otherwise we fallback to the client secret
ClientSecret = options.OnBehalfOf.ClientSecret.ToSecureString();
}
if (Certificate != null)
{
confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ClientId)
.WithCertificate(Certificate)
.WithPnPAdditionalAuthenticationSettings(
options.OnBehalfOf.AuthorityUri,
options.OnBehalfOf.RedirectUri,
TenantId)
.Build();
}
else
{
confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ClientId)
.WithClientSecret(ClientSecret.ToInsecureString())
.WithPnPAdditionalAuthenticationSettings(
options.OnBehalfOf.AuthorityUri,
options.OnBehalfOf.RedirectUri,
TenantId)
.Build();
}
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_LogInit);
}
/// <summary>
/// Initializes the configuration options for the target Authentication Provider
/// </summary>
/// <param name="provider">The target Authentication Provider</param>
/// <param name="option">The configuration options for the target Authentication Provider</param>
private static void InitProviderOptions(IAuthenticationProvider provider, PnPCoreAuthenticationCredentialConfigurationOptions option)
{
switch (provider)
{
case X509CertificateAuthenticationProvider x509Certificate:
x509Certificate.ClientId = option.ClientId;
x509Certificate.TenantId = option.TenantId;
x509Certificate.Certificate = X509CertificateUtility.LoadCertificate(
option.X509Certificate.StoreName,
option.X509Certificate.StoreLocation,
option.X509Certificate.Thumbprint);
break;
case ExternalAuthenticationProvider aspNetCore:
aspNetCore.ClientId = option.ClientId;
aspNetCore.TenantId = option.TenantId;
break;
case CredentialManagerAuthenticationProvider credentialManager:
credentialManager.ClientId = option.ClientId;
credentialManager.TenantId = option.TenantId;
credentialManager.CredentialManagerName = option.CredentialManager.CredentialManagerName;
break;
case OnBehalfOfAuthenticationProvider onBehalfOf:
onBehalfOf.ClientId = option.ClientId;
onBehalfOf.TenantId = option.TenantId;
onBehalfOf.ClientSecret = option.OnBehalfOf.ClientSecret.ToSecureString();
break;
case UsernamePasswordAuthenticationProvider usernamePassword:
usernamePassword.ClientId = option.ClientId;
usernamePassword.TenantId = option.TenantId;
usernamePassword.Username = option.UsernamePassword.Username;
usernamePassword.Password = option.UsernamePassword.Password.ToSecureString();
break;
case InteractiveAuthenticationProvider interactive:
interactive.ClientId = option.ClientId;
interactive.TenantId = option.TenantId;
interactive.RedirectUri = option.Interactive.RedirectUri;
break;
case DeviceCodeAuthenticationProvider deviceCode:
deviceCode.ClientId = option.ClientId;
deviceCode.TenantId = option.TenantId;
deviceCode.RedirectUri = option.Interactive.RedirectUri;
break;
}
}
/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
public PersistentInteractiveAuthenticationProvider(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
ClientId = options.ClientId;
TenantId = options.TenantId;
RedirectUri = options.Interactive?.RedirectUri;
// Build the MSAL client
publicClientApplication = PublicClientApplicationBuilder
.Create(ClientId)
.WithPnPAdditionalAuthenticationSettings(
options.Interactive?.AuthorityUri,
RedirectUri,
TenantId)
.Build();
}
/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// We need the CredentialManager options
if (options.CredentialManager == null)
{
throw new ArgumentException(
PnPCoreAuthResources.CredentialManagerAuthenticationProvider_InvalidConfiguration,
nameof(options));
}
if (string.IsNullOrEmpty(options.CredentialManager.CredentialManagerName))
{
throw new ConfigurationErrorsException(PnPCoreAuthResources.CredentialManagerAuthenticationProvider_InvalidCredentialManagerName);
}
// Retrieve credentials from the Credential Manager
CredentialManagerName = options.CredentialManager.CredentialManagerName;
var credentials = CredentialManager.GetCredential(CredentialManagerName);
if (credentials == null)
{
throw new ConfigurationErrorsException(string.Format(System.Globalization.CultureInfo.InvariantCulture,
PnPCoreAuthResources.CredentialManagerAuthenticationProvider_CredentialManagerEntryDoesNotExist,
CredentialManagerName));
}
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
var usernamePasswordOptions = new PnPCoreAuthenticationCredentialConfigurationOptions
{
ClientId = ClientId,
TenantId = TenantId,
Environment = options.Environment,
UsernamePassword = new PnPCoreAuthenticationUsernamePasswordOptions
{
Username = credentials.UserName,
Password = credentials.Password,
}
};
// Configure the inner instance of UsernamePasswordAuthenticationProvider
usernamePasswordProvider.Init(usernamePasswordOptions);
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.CredentialManagerAuthenticationProvider_LogInit,
options.CredentialManager.CredentialManagerName);
}
/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
RedirectUri = options.Interactive?.RedirectUri ?? AuthGlobals.DefaultRedirectUri;
// Build the MSAL client
publicClientApplication = PublicClientApplicationBuilder
.Create(ClientId)
.WithPnPAdditionalAuthenticationSettings(
options.Interactive?.AuthorityUri,
RedirectUri,
TenantId)
.Build();
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.InteractiveAuthenticationProvider_LogInit);
}
/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// We need the UsernamePassword options
if (options.UsernamePassword == null)
{
throw new ConfigurationErrorsException(
PnPCoreAuthResources.UsernamePasswordAuthenticationProvider_InvalidConfiguration);
}
// We need the Username
if (string.IsNullOrEmpty(options.UsernamePassword.Username))
{
throw new ConfigurationErrorsException(PnPCoreAuthResources.UsernamePasswordAuthenticationProvider_InvalidUsername);
}
// We need the Password
if (string.IsNullOrEmpty(options.UsernamePassword.Password))
{
throw new ConfigurationErrorsException(PnPCoreAuthResources.UsernamePasswordAuthenticationProvider_InvalidPassword);
}
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
Username = options.UsernamePassword.Username;
Password = options.UsernamePassword.Password.ToSecureString();
// Build the MSAL client
publicClientApplication = PublicClientApplicationBuilder
.Create(ClientId)
.WithPnPAdditionalAuthenticationSettings(
options.UsernamePassword.AuthorityUri,
options.UsernamePassword.RedirectUri,
TenantId,
options.Environment)
.WithHttpClientFactory(msalHttpClientFactory)
.Build();
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.UsernamePasswordAuthenticationProvider_LogInit,
options.UsernamePassword.Username);
}
/// <summary>
/// Initializes the X509Certificate Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// We need the X509Certificate options
if (options.X509Certificate == null)
{
throw new ConfigurationErrorsException(
PnPCoreAuthResources.X509CertificateAuthenticationProvider_InvalidConfiguration);
}
// We need the certificate thumbprint
if (options.X509Certificate.Certificate == null && string.IsNullOrEmpty(options.X509Certificate.Thumbprint))
{
throw new ConfigurationErrorsException(PnPCoreAuthResources.X509CertificateAuthenticationProvider_InvalidCertificateOrThumbprint);
}
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
Certificate = options.X509Certificate.Certificate ?? X509CertificateUtility.LoadCertificate(
options.X509Certificate.StoreName,
options.X509Certificate.StoreLocation,
options.X509Certificate.Thumbprint);
confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ClientId)
.WithCertificate(Certificate)
.WithHttpClientFactory(msalHttpClientFactory)
.WithPnPAdditionalAuthenticationSettings(
options.X509Certificate.AuthorityUri,
options.X509Certificate.RedirectUri,
TenantId,
options.Environment)
.Build();
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.X509CertificateAuthenticationProvider_LogInit,
options.X509Certificate.Thumbprint,
options.X509Certificate.StoreName,
options.X509Certificate.StoreLocation);
}
/// <summary> /// Initializes the Authentication Provider /// </summary> internal abstract void Init(PnPCoreAuthenticationCredentialConfigurationOptions options);
/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.ExternalAuthenticationProvider_LogInit);
}
static async Task Main(string[] args)
{
var host = Host.CreateDefaultBuilder()
.ConfigureLogging((hostingContext, logging) =>
{
logging.AddEventSourceLogger();
logging.AddConsole();
})
.ConfigureServices((hostingContext, services) =>
{
// Add the PnP Core SDK services
services.AddPnPCore(options => {
// You can explicitly configure all the settings, or you can
// simply use the default values
options.PnPContext.GraphFirst = true;
});
})
// Let the builder know we're running in a console
.UseConsoleLifetime()
// Add services to the container
.Build();
await host.StartAsync();
using (var scope = host.Services.CreateScope())
{
var pnpContextFactory = scope.ServiceProvider.GetRequiredService <IPnPContextFactory>();
// Define the relevant Authentication options
var pnpOptions = new PnPCoreAuthenticationCredentialConfigurationOptions
{
TenantId = "{TenantId}", // Set to the target tenant id
ClientId = "{ClientId}", // Set to the ClientId obtained from the Azure app
Interactive = new PnPCoreAuthenticationInteractiveOptions
{
RedirectUri = new Uri("http://localhost") // return to localhost is fine for a console app
}
};
// Replace {cache_file_name} with a meaningful name
// Replace {cache_destination_directory} with a path to the folder you want to persist the cache
var storageProperties = new StorageCreationPropertiesBuilder("{cache_file_name}", "{cache_destination_directory}")
.Build();
var authenticationProvider = new PersistentInteractiveAuthenticationProvider(pnpOptions);
// Register Authenticator token cache with the Msal persistent one
await authenticationProvider.RegisterTokenStorageAsync(storageProperties);
#region Interactive GET's
// Replace {sharepoint_address} with your target SP url
using (var context = await pnpContextFactory.CreateAsync(new Uri("{sharepoint_address}"), authenticationProvider))
{
// ================================================================
// Getting data - everything is async!
// Same programming model, regardless of wether under the covers Microsoft Graph is used or SharePoint REST
// Interactive GET samples
// Retrieving web with lists and masterpageurl loaded ==> SharePoint REST query
var web = await context.Web.GetAsync(p => p.Title, p => p.Lists, p => p.MasterUrl);
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("===Web (REST)===");
Console.WriteLine($"Title: {web.Title}");
Console.WriteLine($"# Lists: {web.Lists.Length}");
Console.WriteLine($"Master page url: {web.MasterUrl}");
Console.ResetColor();
// Getting the team connected to this Modern Team site ==> Microsoft Graph query
var team = await context.Team.GetAsync();
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("===Team (Graph v1)===");
Console.WriteLine($"Name: {team.DisplayName}");
Console.WriteLine($"Visibility: {team.Visibility}");
Console.WriteLine($"Funsettings.AllowGiphy: {team.FunSettings.AllowGiphy}");
Console.ResetColor();
}
#endregion
}
host.Dispose();
}
