Deprecated: Implicit conversion from float 1.1818181818181819 to int loses precision in /var/www/wp-content/mu-plugins/wp-login.php on line 13

Deprecated: Implicit conversion from float 1.074074074074074 to int loses precision in /var/www/wp-content/mu-plugins/wp-login.php on line 13

Deprecated: Implicit conversion from float 1.1818181818181819 to int loses precision in /var/www/wp-content/mu-plugins/wp-login.php on line 13
External or .NET api’s Accessing SharePoint Online (Office 365) Content – ridhvi.in
Close

External or .NET api’s Accessing SharePoint Online (Office 365) Content

ridhviSharePoint
  • To understand the external interface communication with the SharePoint Online environment.
  • Recommendations for any request that might come across where .Net or any other applications are to be used to communicate with the SharePoint Online Content.

What’s happening now

  • Dedicated user accounts are being used by .Net Applications to interact with SharePoint Rest interfaces.
  • Chances are more that these accounts are service accounts and super user access is attested by default.
  • With this super access credentials, there is always a high viability of misuse knowingly or unknowingly.
  • These accounts are having long expiration policy. In case of password change the impact will be major on applications which are using the accounts.

Impact on

  • Losing the track of service accounts which are
    • Being used in number of applications
    • On what purpose these accounts are being employed
    • Employing the request for more than necessary usage. For example if an application fetches only the content, read access would suffice.
    • The accounts will have super access with which site can be manipulated.
  • Post the V-Next migration all the existing implementations should be changed to the SharePoint Online compatibility.
  • Accessing SharePoint through network credentials is no longer supported. These are replaced by SharePoint online credentials.

Recommended approach

  • For the existing applications usage of credentials should be replaced by App Principal entry. This approach would require the below
    • Client Id & Secret
    • A Generic Assembly can be build (optional) which interacts with the SharePoint and provides the Access Token, Refresh Token and SharePoint Context.
  • The new requests that requires SharePoint interaction should be handled through App Principal Entry Via Provider Hosted Add-in.
  • These add-ins are tightly integrated with SharePoint governance policies and to be designed which abides the security rules.

 Advantages

  • Works through App Only Policy
  • Assigning only necessary permissions to the app.
  • No need to use service accounts
  • No misuse of the access as the interaction would be based on Add-In permission not the user.
  • Zero Infrastructure maintenance once the app is deployed. Ex: any changes to the environment or user accounts.
  • Proper track of the access usage as we have to create an entry in the SharePoint system on site basis.

Limitations

  • Requires .NET framework 4.0 or above
  • Client Id & Client Secret is valid for 1 year
© 2024 ridhvi.in | WordPress Theme: Annina Free by CrestaProject.