Deprecated: Implicit conversion from float 1.1818181818181819 to int loses precision in /var/www/wp-content/mu-plugins/wp-login.php on line 13
Deprecated: Implicit conversion from float 1.074074074074074 to int loses precision in /var/www/wp-content/mu-plugins/wp-login.php on line 13
Deprecated: Implicit conversion from float 1.1818181818181819 to int loses precision in /var/www/wp-content/mu-plugins/wp-login.php on line 13 External or .NET api’s Accessing SharePoint Online (Office 365) Content – ridhvi.in
To understand the external interface communication with the SharePoint Online environment.
Recommendations for any request that might come across where .Net or any other applications are to be used to communicate with the SharePoint Online Content.
What’s happening now
Dedicated user accounts are being used by .Net Applications to interact with SharePoint Rest interfaces.
Chances are more that these accounts are service accounts and super user access is attested by default.
With this super access credentials, there is always a high viability of misuse knowingly or unknowingly.
These accounts are having long expiration policy. In case of password change the impact will be major on applications which are using the accounts.
Impact on
Losing the track of service accounts which are
Being used in number of applications
On what purpose these accounts are being employed
Employing the request for more than necessary usage. For example if an application fetches only the content, read access would suffice.
The accounts will have super access with which site can be manipulated.
Post the V-Next migration all the existing implementations should be changed to the SharePoint Online compatibility.
Accessing SharePoint through network credentials is no longer supported. These are replaced by SharePoint online credentials.
Recommended approach
For the existing applications usage of credentials should be replaced by App Principal entry. This approach would require the below
Client Id & Secret
A Generic Assembly can be build (optional) which interacts with the SharePoint and provides the Access Token, Refresh Token and SharePoint Context.
The new requests that requires SharePoint interaction should be handled through App Principal Entry Via Provider Hosted Add-in.
These add-ins are tightly integrated with SharePoint governance policies and to be designed which abides the security rules.
Advantages
Works through App Only Policy
Assigning only necessary permissions to the app.
No need to use service accounts
No misuse of the access as the interaction would be based on Add-In permission not the user.
Zero Infrastructure maintenance once the app is deployed. Ex: any changes to the environment or user accounts.
Proper track of the access usage as we have to create an entry in the SharePoint system on site basis.