1
votes

I have a requirement to write a C# application which will connect to SharePoint Online document libraries and allow users to import content from the library (doc libraries are replacing old network drives). Our Office 365 tenancy uses SSO provided by an on-premises ADFS server (fully federated identity) for authentication.

I'm thinking that in order to connect to the document library, I will need to request some kind of authorisation token from the ADFS server to pass into the login URL for SharePoint Online when connecting to the doc library. I've never had to do anything like this before though, so I was wondering if anyone on here had done anything similar, or had any good tips on where to start? The application will only be running on domain-joined machines, so there's no requirement to consider off-network scenarios.

Very grateful for any advice!

2

2 Answers

0
votes

What your application needs is the o365 session cookie so Sharepoint allows you to use the doc library.

You should have a look here: Remote Authentication in SharePoint Online Using Claims-Based Authentication

Basically the idea is to open a hidden web browser in your application. You call your Sharepoint site, o365 redirects to your ADFS for authentication, blablabla the standard authentication process occurs.

Once the authentication process is finished, Sharepoint issues a session cookie called "FedAuth" (onprem, maybe it has another name in o365). You extract this cookie from the web browser and you use it to call your Sharepoint online site (once you have the cookie, you can "Dispose" the web browser).

0
votes

I managed to get ADFS to issue a token using this code:

    public GenericXmlSecurityToken GetToken()
    {
        WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.Transport);
        binding.Security.Message.EstablishSecurityContext = false;
        binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
        WSTrustChannelFactory factory = new WSTrustChannelFactory((binding), new EndpointAddress(stsEndpoint));
        factory.TrustVersion = TrustVersion.WSTrustFeb2005;
        factory.Credentials.SupportInteractive = false;
        var rst = new RequestSecurityToken
        {
            RequestType = RequestTypes.Issue,
            AppliesTo = new EndpointReference(realm),
            KeyType = KeyTypes.Bearer
        };
        IWSTrustChannelContract channel = factory.CreateChannel();
        return channel.Issue(rst) as GenericXmlSecurityToken;
    }

This is then used to parametise a SOAP request which I submit to the MS STS server to authenticate. Once this is done, I can get the cookies from SharePoint using a HttpWebRequest and a CookieContainer, then I use this code

    [DllImport("wininet.dll", CharSet = CharSet.Auto, SetLastError = true)]
    private static extern bool InternetSetCookie(string url, string name, string data);

to expose the InternetSetCookie method to save the cookies for the user's session.