Skip to content
This repository has been archived by the owner on Jan 19, 2021. It is now read-only.

Feature: S2S user delegation in Hightrust app scenario #2213

Closed
wants to merge 2 commits into from
Closed

Feature: S2S user delegation in Hightrust app scenario #2213

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b07b17d
Implemented first version to support delegation with hightrust app co…
tmeckel Aug 6, 2019
c3205f4
Improved documentation
tmeckel Aug 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 44 additions & 3 deletions Commands/Base/ConnectOnline.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -487,6 +487,11 @@ public class ConnectOnline : PSCmdlet
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_HIGHTRUST_CERT, HelpMessage = "The IssuerID under which the certificate has been registered in SharePoint as a Trusted Security Token issuer to use for the High Trust connection. Uses the ClientID if not specified.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_HIGHTRUST_PFX, HelpMessage = "The IssuerID under which the CER counterpart of the PFX has been registered in SharePoint as a Trusted Security Token issuer to use for the High Trust connection. Uses the ClientID if not specified.")]
public string HighTrustCertificateIssuerId;

[Parameter(Mandatory = false, ParameterSetName = ParameterSet_HIGHTRUST_CERT, HelpMessage = "Name of the user (login name) on whose behalf to create the access token. Supported input formats are SID and User Principal Name (UPN). If the parameter is not specified, an App Only Context is created.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet_HIGHTRUST_PFX, HelpMessage = "Name of the user (login name) on whose behalf to create the access token. Supported input formats are SID and User Principal Name (UPN). If the parameter is not specified, an App Only Context is created.")]
[ValidateNotNullOrEmpty()]
public string UserName;
#endif

protected override void ProcessRecord()
Expand Down Expand Up @@ -622,11 +627,36 @@ protected override void ProcessRecord()
#if ONPREMISES
else if (ParameterSetName == ParameterSet_HIGHTRUST_CERT)
{
connection = SPOnlineConnectionHelper.InstantiateHighTrustConnection(Url, ClientId, HighTrustCertificate, HighTrustCertificateIssuerId ?? ClientId, MinimalHealthScore, RetryCount, RetryWait, RequestTimeout, TenantAdminUrl, Host, NoTelemetry, SkipTenantAdminCheck);
connection = SPOnlineConnectionHelper.InstantiateHighTrustConnection(Url,
ClientId,
HighTrustCertificate,
HighTrustCertificateIssuerId ?? ClientId,
MinimalHealthScore,
RetryCount,
RetryWait,
RequestTimeout,
TenantAdminUrl,
Host,
NoTelemetry,
SkipTenantAdminCheck,
UserName);
}
else if (ParameterSetName == ParameterSet_HIGHTRUST_PFX)
{
connection = SPOnlineConnectionHelper.InstantiateHighTrustConnection(Url, ClientId, HighTrustCertificatePath, HighTrustCertificatePassword, HighTrustCertificateIssuerId ?? ClientId, MinimalHealthScore, RetryCount, RetryWait, RequestTimeout, TenantAdminUrl, Host, NoTelemetry, SkipTenantAdminCheck);
connection = SPOnlineConnectionHelper.InstantiateHighTrustConnection(Url,
ClientId,
HighTrustCertificatePath,
HighTrustCertificatePassword,
HighTrustCertificateIssuerId ?? ClientId,
MinimalHealthScore,
RetryCount,
RetryWait,
RequestTimeout,
TenantAdminUrl,
Host,
NoTelemetry,
SkipTenantAdminCheck,
UserName);
}
#endif
else
Expand All @@ -639,7 +669,18 @@ protected override void ProcessRecord()
creds = Host.UI.PromptForCredential(Properties.Resources.EnterYourCredentials, "", "", "");
}
}
connection = SPOnlineConnectionHelper.InstantiateSPOnlineConnection(new Uri(Url), creds, Host, CurrentCredentials, MinimalHealthScore, RetryCount, RetryWait, RequestTimeout, TenantAdminUrl, NoTelemetry, SkipTenantAdminCheck, AuthenticationMode);
connection = SPOnlineConnectionHelper.InstantiateSPOnlineConnection(new Uri(Url),
creds,
Host,
CurrentCredentials,
MinimalHealthScore,
RetryCount,
RetryWait,
RequestTimeout,
TenantAdminUrl,
NoTelemetry,
SkipTenantAdminCheck,
AuthenticationMode);
}
#if !ONPREMISES
#if !NETSTANDARD2_0
Expand Down
21 changes: 16 additions & 5 deletions Commands/Base/SPOnlineConnectionHelper.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,18 +83,18 @@ internal static SPOnlineConnection InstantiateSPOnlineConnection(Uri url, string

#if !NETSTANDARD2_0
#if ONPREMISES
internal static SPOnlineConnection InstantiateHighTrustConnection(string url, string clientId, string hightrustCertificatePath, string hightrustCertificatePassword, string hightrustCertificateIssuerId, int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, PSHost host, bool disableTelemetry, bool skipAdminCheck)
internal static SPOnlineConnection InstantiateHighTrustConnection(string url, string clientId, string hightrustCertificatePath, string hightrustCertificatePassword, string hightrustCertificateIssuerId, int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, PSHost host, bool disableTelemetry, bool skipAdminCheck, string loginName)
{
var authManager = new OfficeDevPnP.Core.AuthenticationManager();
var context = authManager.GetHighTrustCertificateAppOnlyAuthenticatedContext(url, clientId, hightrustCertificatePath, hightrustCertificatePassword, hightrustCertificateIssuerId);
var context = authManager.GetHighTrustCertificateAppAuthenticatedContext(url, clientId, hightrustCertificatePath, hightrustCertificatePassword, hightrustCertificateIssuerId, loginName);

return InstantiateHighTrustConnection(context, url, minimalHealthScore, retryCount, retryWait, requestTimeout, tenantAdminUrl, host, disableTelemetry, skipAdminCheck);
}

internal static SPOnlineConnection InstantiateHighTrustConnection(string url, string clientId, System.Security.Cryptography.X509Certificates.X509Certificate2 hightrustCertificate, string hightrustCertificateIssuerId, int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, PSHost host, bool disableTelemetry, bool skipAdminCheck)
internal static SPOnlineConnection InstantiateHighTrustConnection(string url, string clientId, System.Security.Cryptography.X509Certificates.X509Certificate2 hightrustCertificate, string hightrustCertificateIssuerId, int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, PSHost host, bool disableTelemetry, bool skipAdminCheck, string loginName)
{
var authManager = new OfficeDevPnP.Core.AuthenticationManager();
var context = authManager.GetHighTrustCertificateAppOnlyAuthenticatedContext(url, clientId, hightrustCertificate, hightrustCertificateIssuerId);
var context = authManager.GetHighTrustCertificateAppAuthenticatedContext(url, clientId, hightrustCertificate, hightrustCertificateIssuerId, loginName);

return InstantiateHighTrustConnection(context, url, minimalHealthScore, retryCount, retryWait, requestTimeout, tenantAdminUrl, host, disableTelemetry, skipAdminCheck);
}
Expand All @@ -114,7 +114,18 @@ private static SPOnlineConnection InstantiateHighTrustConnection(ClientContext c
connectionType = ConnectionType.TenantAdmin;
}
}
return new SPOnlineConnection(context, connectionType, minimalHealthScore, retryCount, retryWait, null, url, tenantAdminUrl, PnPPSVersionTag, host, disableTelemetry, InitializationType.HighTrust);
return new SPOnlineConnection(context,
connectionType,
minimalHealthScore,
retryCount,
retryWait,
null,
url,
tenantAdminUrl,
PnPPSVersionTag,
host,
disableTelemetry,
InitializationType.HighTrust);
}
#endif
#endif
Expand Down