SharePoint REST API Azure certificate for authentication

-

Create public and private Certificate 

When using SharePoint Online you can define applications in Azure AD and these applications can be granted permissions to SharePoint, but also to all the other services in Office 365 (note: this will not work for SharePoint On-Premise.) 

 

1- Create an empty text file on your computer. 
2- Copy the PowerShell script from the Granting access via Azure AD App-Only page and paste it into the empty text file created. 

 

 

3- Rename the text file Create-SelfSignedCertificate and save it as a ps1 file (Create-SelfSignedCertificate.ps1). 
4- Open Windows PowerShell as Administrator inside the folder where this file is saved. 
5- Copy the PowerShell command from the above-mentioned page: 

.\Create-SelfSignedCertificate.ps1 -CommonName "SharepointCert" -StartDate 2023-10-09 -EndDate 2024-11-30 

 

  • The CommonName value is the name of the certificate we are creating. 

  • Change the StartDate to the current date and the EndDate to a date of your choice. 
     

 

6- Paste and run the modified command to Windows PowerShell. 

 

7- Enter the password will prompt to protect the Private Key so set a password as you want to protect this Private key. 

 

2 files will be created: SharepointCert.pfx (private key) and SharepointCert.cer (public key)

 

 

 

Keep the private key safe. The public key is the one you need to upload to your Azure Application. 


SharePoint Rest API & Azure App Registration and Upload Certificate 

To consume a REST API using a certificate for authentication, you typically use a client certificate to authenticate your application with an API endpoint. This approach is common in scenarios where OAuth 2.0 with client credentials flow is employed. Below is a guide on how to achieve this using various tools and libraries.

1. Set Up the Certificate

Ensure you have a client certificate (including the private key) and that it is correctly set up. This certificate will be used to authenticate your application with the API.

2. Register and Configure Your Application

Azure AD Setup (for APIs secured by Azure AD)

  1. Register the Application:

    • Go to the Azure portal.
    • Navigate to Azure Active Directory > App registrations.
    • Register a new application.

  2. Upload the Certificate:

    • In the application registration, go to Certificates & secrets.
    • Upload your .cer file (public part of the certificate).

  3. Configure API Permissions:

    • Go to API permissions and add the required permissions for the API you want to access.
    • Grant admin consent if needed.

3. Use the Certificate to Authenticate and Call the API

Here’s how to use the certificate to authenticate and consume a REST API in different programming environments:

Using C# (.NET Core)

  1. Install NuGet Packages:

  1. bash
    dotnet add package Microsoft.Identity.Client
dotnet add package System.Net.Http

  2. Sample Code to Authenticate and Call the API:

    csharp
    using System;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Identity.Client;

class Program
{
    static async System.Threading.Tasks.Task Main(string[] args)
    {
        // Configuration
        string tenantId = "your-tenant-id";
        string clientId = "your-client-id";
        string authority = $"https://login.microsoftonline.com/{tenantId}";
        string apiUrl = "https://yourapi.com/endpoint";

        // Load the certificate
        var certPath = @"C:\path\to\yourcert.pfx";
        var certPassword = "your-cert-password";
        var cert = new X509Certificate2(certPath, certPassword);

        // Create a confidential client application
        var app = ConfidentialClientApplicationBuilder.Create(clientId)
            .WithAuthority(new Uri(authority))
            .WithCertificate(cert)
            .Build();

        // Get a token
        var result = await app.AcquireTokenForClient(new[] { "https://yourapi.com/.default" }).ExecuteAsync();

        // Call the API
        using (var client = new HttpClient())
        {
            client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken);
            var response = await client.GetAsync(apiUrl);
            var content = await response.Content.ReadAsStringAsync();
            Console.WriteLine(content);
        }
    }
}


Comments

Post a Comment

Popular posts from this blog

Sites.Selected | Graph API SharePoint Permission

-
Image
  SharePoint Site Collection Permission   The "sites.selected" permission in Microsoft Graph API allows you to grant an application access to specific SharePoint sites instead of all SharePoint sites in the tenant.   Step1: To   Configure "Sites.Selected" Permission in Azure App Registration To use "sites.selected" , you need to: Register an App in Azure AD . Grant "Sites.Selected" Permission to the app. Manually Grant Access to the specific SharePoint site. Use Microsoft Graph API or PowerShell to assign the required role (Read/Write).   Step 1: Register an App in Azure AD Go to Azure Portal → Azure Active Directory → App Registrations . Click New registration . Provide a name (e.g., SharePointAccessApp). Choose Accounts in this organizational directory only . Click Register . Step 2: Add "Sites.Selected" API Permission Navigate ...
Read more

Configure the SharePoint Online App Catalog

-
Image
  You can create an Sharepoint Online app catalog site collection in few simple steps: Sign into Office 365 as a global admin or SharePoint admin. Select the app launcher icon   in the upper left and choose  Admin  to open the Office 365 admin center (if you don’t see the Admin tile, you don’t have Office 365 administrator permissions in your organization). In the left pane, choose  Admin centers  >  SharePoint .  Click on  ‘More Features’  from the left navigation/pane. Now, click on the  ‘Open’  button under Apps. Select  apps  in the left pane, and then select  App Catalog. Select  Create a new Sharepoint app catalog site , and then select  OK . On the Create App Catalog Site Collection page, enter the required information, and then select  OK . An app catalog site collection has been created.  Once the App Catalog site collection is created successfully, click on the new link to th...
Read more

Azure Function | Sharepoint List item | Call from Power Automate Flow

-
  🔹 Steps to Set Up an Azure Function for SharePoint List Item Creation 1️⃣ Create an Azure Function App Go to Azure Portal → Function Apps → Click Create . Choose: Subscription : Select your subscription. Resource Group : Create a new one or use an existing one. Function App Name : Enter a unique name. Runtime Stack : Choose .NET , Python , or Node.js . Region : Select a preferred region. Plan Type : Choose Consumption (Serverless) . Click Review + Create → Then Create . 2️⃣ Create a New Function Inside the Function App Open your Function App → Click Functions → + Add Function . Choose HTTP Trigger (for now, Power Automate will trigger this function). Name your function (e.g., SharePointNewItemTrigger ). Set Authorization Level to Function . Click Create . 3️⃣ Get SharePoint List Data Using Microsoft Graph API Since Azure Functions cannot directly detect SharePoint list changes, we use Power Automate to send data when an item is added. Modify the...
Read more