CODEWITHSUNDEEP
sharepointazure-api-management
ninja12
ninja12

Reputation: 13

Authenticating sharepoint rest api with SSL cert

I am trying to access the sharepoint rest apis from Azure api management service. I need to send an access token for the request, But I am not sure how we can get the access token.

I am getting the access token in a console application using the following code. I used Microsoft.Identity.Client library in it. Anyone have any idea, how we can translate this code to APIM.

using Microsoft.Identity.Client;
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

public class TokenProvider
{
    public static async Task<string> GetAccessTokenAsync(string endpoint)
    {
        var clientId = "<<AAD_APP_CLIENT_ID>>";
        var tenantId = "<<AAD_TENANT_ID>>";

        using var certificate = GetCertificate(
            Path.Combine(Environment.CurrentDirectory, "MyAppCertificate.pfx"),
            "<<CERTIFICATE_PASSWORD>>");

        var confidentialClient = ConfidentialClientApplicationBuilder
            .Create(clientId)
            .WithTenantId(tenantId)
            .WithCertificate(certificate)
            .Build();

        var token = await confidentialClient
            .AcquireTokenForClient(new[] { $"{endpoint.TrimEnd('/')}/.default" })
            .ExecuteAsync();

        return token.AccessToken;
    }

    private static X509Certificate2 GetCertificate(string path, string password)
    {
        return new X509Certificate2(path, password, X509KeyStorageFlags.MachineKeySet);
    }
}

Upvotes: 0

Views: 1531

Answers (1)

anon
anon

Reputation:

Please check if the below steps that helps to workaround:

  • APIM has a Send Request policy that you can use in your inbound policy, along with the C# expression, to initiate any request before calling your backend services.

  • Here is an article gives information about how to implement Access Token Acquisition, Caching, and Renewal within your policy. To create the SharePoint online token, refer to this MS Q&A on what URL endpoint call you need to initiate and update your policy accordingly.

  • Refer this MSFT Documentation for more information on SharePoint REST services.

  • In the send-request policy, use the client certificate to authenticate. Authenticate policy is used to authenticate with a backend service using the client certificate, but authentication-certificate policy can be used at the end of your send-request. The certificate, which is identified by its thumbprint, must first be installed in API Management. Refer here for more information.

Upvotes: 0

Related Questions