I'm trying to connect to sharepoint from a service. I already registered the app in Entra and succesfully made a connection to sharepoint when using a certificate. But the customer has provides us a clientsecret instead of a certificate. (still made in Entra, so this is not ACS if I understand correctly)

But I can't seem to find a method to provide a client secret for authentication in PnpCore. In Pnp.Framework there is a PnP.Framework.AuthenticationManager method that accepts a clientsecret, but then you must pass a user assertion token.

.ConfigureServices((hostContext, services) =>
{
    var configuration = hostContext.Configuration;

    services.AddPnPCoreAuthentication(
        options =>
        {
            var authOptions = new PnPCoreAuthenticationCredentialConfigurationOptions
            {
                ClientId = configuration.GetValue<string>("SharepointConnection:clientId"),
                TenantId = configuration.GetValue<string>("SharepointConnection:tenantId"),
                X509Certificate = new PnPCoreAuthenticationX509CertificateOptions
                {
                    StoreName = StoreName.My,
                    StoreLocation = StoreLocation.LocalMachine,
                    Thumbprint = configuration.GetValue<string>("SharepointConnection:thumbPrint")
                }
            };

            options.Credentials.Configurations.Add("SharepointAuth", authOptions);
            options.Credentials.DefaultConfiguration = "SharepointAuth";

            options.Sites.Add("SiteToWorkWith",
                new PnPCoreAuthenticationSiteOptions
                {
                    AuthenticationProviderName = "SharepointAuth"
                });
        });

})

I'm trying to connect to sharepoint from a service. I already registered the app in Entra and succesfully made a connection to sharepoint when using a certificate. But the customer has provides us a clientsecret instead of a certificate. (still made in Entra, so this is not ACS if I understand correctly)

But I can't seem to find a method to provide a client secret for authentication in PnpCore. In Pnp.Framework there is a PnP.Framework.AuthenticationManager method that accepts a clientsecret, but then you must pass a user assertion token.

.ConfigureServices((hostContext, services) =>
{
    var configuration = hostContext.Configuration;

    services.AddPnPCoreAuthentication(
        options =>
        {
            var authOptions = new PnPCoreAuthenticationCredentialConfigurationOptions
            {
                ClientId = configuration.GetValue<string>("SharepointConnection:clientId"),
                TenantId = configuration.GetValue<string>("SharepointConnection:tenantId"),
                X509Certificate = new PnPCoreAuthenticationX509CertificateOptions
                {
                    StoreName = StoreName.My,
                    StoreLocation = StoreLocation.LocalMachine,
                    Thumbprint = configuration.GetValue<string>("SharepointConnection:thumbPrint")
                }
            };

            options.Credentials.Configurations.Add("SharepointAuth", authOptions);
            options.Credentials.DefaultConfiguration = "SharepointAuth";

            options.Sites.Add("SiteToWorkWith",
                new PnPCoreAuthenticationSiteOptions
                {
                    AuthenticationProviderName = "SharepointAuth"
                });
        });

})

• sharepoint
• connection
• credentials
• pnp-core-sdk
• pnp-framework

1 Answer 1

Client Secrets are not supported for app-only authentication. You MUST use a certificate. Note that this can be ANY certificate, i.e. including self-signed ones you (or your customer) created yourself, it does not need to be issued by authority.

The method that works with client secret is for delegated authentication.