Custom integration between Dynamics 365/CDS and SharePoint using C# and SharePoint REST API ? Learn how to create a SharePoint Add-in and generate authentication token–Part 3

Follow my blog for more interesting topics on Dynamics 365, Portals and Power Platform. For training and consulting, write to us at info@xrmforyou.com

If you are directly on this blog post, I suggest you start from the first blog post of this series to get the context.

So I am on the final blog of this series. And here I am going to generate the authentication token to finally connect to SharePoint. Here we will deal with two most important properties of the Add-in, Add-In ID and Add-In Secret. Using these two properties now we will construct the access token.

Let us achieve this in the following steps

  • Open your VS and create a Console Application. ( I am using VS 2017 and created a console application with .Net framework 4.6.2)

  • After your project is created we need to add the SharePoint Dependencies. To do this right click on References and Manage NuGet packages and look for a package named AppForSharePointOnlineWebToolkit and install the package.

While trying to add the reference you may face an issue saying Microsoft.IdentityModel.dll was not found so package could not be installed.

If that’s the case, add Microsoft.IdentityModel.dll using NuGet package.

  • Post doing step 3 as well you will not be able to reference SharePoint Dependencies since it again looks for another dll named Microsoft.IdentityModel.Extensions dll.
  • Include the reference for Microsoft.IdentityModel.Extensions.dll

  • Now let us try to install the package named AppForSharePointOnlineWebToolkit. Not only this package will add the SharePoint Dependencies but also includes the class files TokenHelper.cs and SharePointContext.cs
  • Now we have included all the dependencies required for the operation. Make sure to include the below configuration in App.config file
  • Use the Client ID and Client Secret of the Add-In and replace its values in App.Config file. This is because TokenHelper.cs class will grab the id and secret from the application’s configuration file. Add the following piece of code in your application to generate the token.
string siteUrl = "https://xrm20208.sharepoint.com";

//Get the realm for the URL

string realm = TokenHelper.GetRealmFromTargetUrl(new Uri(siteUrl));

//Get the access token for the URL.  

string accessToken = TokenHelper.GetAppOnlyAccessToken(TokenHelper.SharePointPrincipal, new Uri(siteUrl).Authority, realm).AccessToken;

  • As you can see in the below screenshot my token is generated successfully.

Yahoo! Now that is some relief right? The token is now generated and you can passing it as a bearer token while making any calls to SharePoint REST API. I am not going to show you how you are now going to consume the REST API. We have innumerable good SharePoint blogs for the same. So I leave the remaining part for you to explore.

Hope this helps!

Debajit Dutta

(Microsoft MVP)

Custom integration between Dynamics 365/CDS and SharePoint using C# and SharePoint REST API ? Learn how to create a SharePoint Add-in and generate authentication token–Part 2

Follow my blog for more interesting topics on Dynamics 365, Portals and Power Platform. For training and consulting, write to us at info@xrmforyou.com

If you are directly on this blog, I suggest you go through the first blog of this series.

In our previous blog, we created the SharePoint Add-in. In this blog we shall be providing this APP permissions on sitecollection.

To apply permissions to the generated Add-In either you can visit SharePoint Tenant Administration Site or via AppInv.aspx page

Visit SharePoint Admin center to do this. Go to <admin_site_url>/_layouts/15/appinv.aspx

image

Use the App Id that you created as per directions in previous blog and click on Lookup button to retrieve the APP Details.

image

The important thing is the App’s permission.

If you want to provide full control at the tenant level use the following permission XML

<AppPermissionRequests AllowAppOnlyPolicy="true">

<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />

</AppPermissionRequests>

image

Once you click Create you will be presented with permission dialog. Click Trust It to grant permissions

clip_image002

Now your Add-In is ready for use. As we granted tenant-level permissions you might be wondering if I need do the same for specific site collection. No worries this can he handled as well. Create Add-In app in your Site Collection using Blog Post 1 and follow the similar approach but modify the permissions XML as below:

<AppPermissionRequests AllowAppOnlyPolicy="true">

<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl"/>

<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/>

</AppPermissionRequests>

In this way we create Add-Ins and grant permissions to Add-In. In Part-3 of my blog I will show you how to generate token from Add-in.

Hope this helps!

Debajit Dutta

(Microsoft MVP)

Custom integration between Dynamics 365/CDS and SharePoint using C# and SharePoint REST API ? Learn how to create a SharePoint Add-in and generate authentication token–Part 1

Follow my blog for more interesting topics on Dynamics 365, Portals and Power Platform. For training and consulting, write to us at info@xrmforyou.com

Before I go ahead, while this blog depicts on how you can generate the Authentication token to integrate between Dynamics 365 and SharePoint, this can be applied to any application trying to authenticate with SharePoint online to consume SP REST API’s. The methodology presented here can be applied for all applications.

Your day as a consultant can throw a lot of surprises and this was one of them. We had a custom integration between Dynamics 365 online and SharePoint. online And the connection was being completed using username and password authentication by consuming Sharepoint REST API services.

And one fine day this stopped working. There were some access policy changes on Azure and now the code was not able to generate a request digest using username-password credentials. It was always coming as null and authentication was failing. Moreover client was also not okay to use a service or end-user account for authentication.

If you are on the same boat, don’t be worried. This blog is explicitly on how you can handle this scenario. And that is using SharePoint add-in.

There are multiple ways to register SharePoint add-in such as using Visual Studio, the Seller Dashboard, or an AppRegNew.aspx page. In this blog post we will register add-in using AppRegNew.aspx in tenant which is one of the recommended approaches.

To do this we need global administrator privileges which is SharePoint Administrator role in SharePoint site. Let us now try to register your add-in in the following steps:

Step 1: Go to <site-colleciton-url>/_layouts/15/AppRegNew.aspx using browser.

clip_image002

Step 2: Fill up the details to create add-in

 

· Client Id – Add in ID basically a Guid that can be generated (Generated button is used to generate Guid) or paste Guid into AppRegNew.aspx

· Client Secret – Add in Secret basically a string that can be generated using Generated button. Usually the secret expires in one year.

· Title – Name of the add in

· App Domain – The host name of the remote component of the SharePoint Add-in. he add-in domain must match the URL bindings you use for your web application. Do not include protocol (“https:”) or “/” characters in this value. If your web application host is using a DNS CNAME alias, use the alias. Examples: www.localhost.com, www.contoso.com:3333 and www.scholarship.com

· Redirect Uri –The endpoint in remote application. The value must be a complete endpoint URL including the protocol, which must be HTTPS. For example: https://www.localhost.com, https://www.contoso.com/Default.aspx

Step 3: Provide all the details and click Create.

clip_image004
clip_image005

Now that we have created the add-in, it’s now time for providing the app the required permissions to your sitecollection. In the next blog will shall be doing the same. Make a copy of your application details that you just created. We shall need it in the next blog.

Hope this helps!

Debajit Dutta

(Microsoft MVP)