Haaron Gonzalez Rotating Header Image

SharePoint Online

Just use a Office 365 based credential when deploying programatically

So all people happy and kind of impress with Office 365 Pattern & Practices components, especially the ones that are related to Office 365, is so much easier and simpler the provision things up to SharePoint Online. Recently had to deploy some assets into SharePoint Online, I did use Office 365 PnP as our deployment approach. Everything work just fine in our Office 365 Dev environment but as soon I got to customer tenant our deployment console app didn’t work as expected.

First I notice that customer had ADFS set up and the code when trying to authenticate was throwing the following exception:

Unhandled Exception: Microsoft.SharePoint.Client.IdcrlException: Unable to get ticket due to unknown error.
at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String securityXml, String serviceTarget, String servicePolicy)
   at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String username, String password, String serviceTarget, String servicePolicy)
   at Microsoft.SharePoint.Client.Idcrl.SharePointOnlineAuthenticationProvider.GetAuthenticationCookie(Uri url, String username, SecureString password, Boolean alwaysThrowOnFailure, EventHandler`1 executingWebRequest)
   at Microsoft.SharePoint.Client.SharePointOnlineCredentials.GetAuthenticationCookie(Uri url, Boolean refresh, Boolean alwaysThrowOnFailure)
   at Microsoft.SharePoint.Client.ClientRuntimeContext.SetupRequestCredential(ClientRuntimeContext context, HttpWebRequest request)
   at Microsoft.SharePoint.Client.SPWebRequestExecutor.GetRequestStream()
   at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()
   at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()
   at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
   at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryImplementation(ClientRuntimeContext clientContext,Int32 retryCount, Int32 delay)
   at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryRetry(ClientRuntimeContext clientContext, Int32 retryCount, Int32 delay)
   at BrandingCAN.Program.Main(String[] args) in projectpath\Program.cs:line 41

Did some research and perform several recommendations, but unfortunately didn’t work at all. So, at this moment I still don’t understand what to do to make my console app to authenticate to O365 with ADFS set up and account. But, I did manage to solve the issue just using an Office 365 based credential instead of an ADFS based credential, and that’s what I wanted to share here.

Whenever you deploying something programmatically to O365, please use O365 based credentials like “accountname@company.onmicrosoft.com” and Office 365 PnP and all SharePoint Client APIs will perform as expected.


Consider the cloud

Recently I came across the stage to support collaboration between internal and external users in Office 365 environment. Basically we are talking about an extranet scenario where you need to allow a group of employees of an organization to work with different people outside the organization, are you familiar?

It is well known that SharePoint 2010 supports functionality features to attack extranet scenarios including authentication. As it happens, Microsoft Office 365 already configured authentication provider of Windows Live with which we can make users with Microsoft Windows Live account to access our SharePoint portal without us having to provision, manage, or maintain access credentials.

Some companies create active directory accounts for customers or suppliers and also ask SharePoint developers to develop webparts to allow the external user to change the domain account directly from the extra net portal. Personally I think that exposing the AD for an external update your data via a programming interface is not for me.

In this video I show how SharePoint 2010 Online Office 365 makes setting Extranet scenario by supporting authentication with Windows Live. Of course, thanks for watching this video and do not forget to subscribe.

Configure External User Access