diff --git a/Core/OfficeDevPnP.Core/AuthenticationManager.cs b/Core/OfficeDevPnP.Core/AuthenticationManager.cs
index 80812b4267..1789d7551c 100644
--- a/Core/OfficeDevPnP.Core/AuthenticationManager.cs
+++ b/Core/OfficeDevPnP.Core/AuthenticationManager.cs
@@ -613,7 +613,7 @@ public ClientContext GetHighTrustCertificateAppAuthenticatedContext(string siteU
// Configure the handler to generate the Bearer Access Token on each request and add it to the request
clientContext.ExecutingWebRequest += (sender, args) =>
{
- var accessToken = TokenHelper.GetS2SAccessTokenWithUserName(siteUri, loginName);
+ var accessToken = TokenHelper.GetS2SAccessTokenWithWindowsUserName(siteUri, loginName);
args.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + accessToken;
};
diff --git a/Core/OfficeDevPnP.Core/Utilities/TokenHelper.cs b/Core/OfficeDevPnP.Core/Utilities/TokenHelper.cs
index 78cec060aa..96f61ed7dd 100644
--- a/Core/OfficeDevPnP.Core/Utilities/TokenHelper.cs
+++ b/Core/OfficeDevPnP.Core/Utilities/TokenHelper.cs
@@ -523,13 +523,15 @@ public static string GetAppContextTokenRequestUrl(string contextUrl, string redi
/// Url of the target SharePoint site
/// Windows identity of the user on whose behalf to create the access token
/// An access token with an audience of the target principal
- public static string GetS2SAccessTokenWithWindowsIdentity(
- Uri targetApplicationUri,
- WindowsIdentity identity)
+ public static string GetS2SAccessTokenWithWindowsIdentity(Uri targetApplicationUri, WindowsIdentity identity)
{
- string realm = string.IsNullOrEmpty(Realm) ? GetRealmFromTargetUrl(targetApplicationUri) : Realm;
+ string realm = string.IsNullOrWhiteSpace(Realm)
+ ? GetRealmFromTargetUrl(targetApplicationUri)
+ : Realm;
- JsonWebTokenClaim[] claims = identity != null ? GetClaimsWithWindowsIdentity(identity) : null;
+ JsonWebTokenClaim[] claims = identity != null
+ ? GetClaimsWithWindowsIdentity(identity)
+ : null;
return GetS2SAccessTokenWithClaims(targetApplicationUri.Authority, realm, claims);
}
@@ -540,18 +542,41 @@ public static string GetS2SAccessTokenWithWindowsIdentity(
/// web.config, an auth challenge will be issued to the targetApplicationUri to discover it.
///
/// Url of the target SharePoint site
- /// Name of the user (login name) on whose behalf to create the access token
+ /// Name of the user (login name) on whose behalf to create the access token. Supported name formats are SID and User Principal Name (UPN)
/// An access token with an audience of the target principal
- public static string GetS2SAccessTokenWithUserName(
- Uri targetApplicationUri,
- string identity)
+ public static string GetS2SAccessTokenWithWindowsUserName(Uri targetApplicationUri, string identity)
{
- string realm = string.IsNullOrEmpty(Realm) ? GetRealmFromTargetUrl(targetApplicationUri) : Realm;
+ string realm = string.IsNullOrWhiteSpace(Realm)
+ ? GetRealmFromTargetUrl(targetApplicationUri)
+ : Realm;
JsonWebTokenClaim[] claims = string.IsNullOrWhiteSpace(identity)
- ? GetClaimsWithUserName(identity)
+ ? null
+ : GetClaimsWithWindowsUserName(identity);
+
+ return GetS2SAccessTokenWithClaims(targetApplicationUri.Authority, realm, claims);
+ }
+
+ ///
+ /// Retrieves an S2S access token signed by the application's private certificate on behalf of the specified
+ /// user name and intended for the SharePoint at the targetApplicationUri. If no Realm is specified in
+ /// web.config, an auth challenge will be issued to the targetApplicationUri to discover it.
+ ///
+ /// Url of the target SharePoint site
+ /// Claims identity of the user on whose behalf to create the access token
+ /// An access token with an audience of the target principal
+ public static string GetS2SAccessTokenWithClaimsIdentity(Uri targetApplicationUri, System.Security.Claims.ClaimsIdentity identity)
+ {
+ string realm = string.IsNullOrWhiteSpace(Realm)
+ ? GetRealmFromTargetUrl(targetApplicationUri)
+ : Realm;
+
+ JsonWebTokenClaim[] claims = identity != null
+ ? GetClaimsWithClaimsIdentity(identity, IdentityClaimType, TrustedIdentityTokenIssuerName)
: null;
+ string accessToken = GetS2SAccessTokenWithClaims(targetApplicationUri.Authority, realm, claims);
+
return GetS2SAccessTokenWithClaims(targetApplicationUri.Authority, realm, claims);
}
@@ -564,20 +589,28 @@ public static string GetS2SAccessTokenWithUserName(
/// Url of the target SharePoint site
/// Windows identity of the user on whose behalf to create the access token
/// A ClientContext using an access token with an audience of the target application
- public static ClientContext GetS2SClientContextWithWindowsIdentity(
- Uri targetApplicationUri,
- WindowsIdentity identity)
+ public static ClientContext GetS2SClientContextWithWindowsIdentity(Uri targetApplicationUri, WindowsIdentity identity)
{
- string realm = string.IsNullOrEmpty(Realm) ? GetRealmFromTargetUrl(targetApplicationUri) : Realm;
+ string accessToken = GetS2SAccessTokenWithWindowsIdentity(targetApplicationUri, identity);
- JsonWebTokenClaim[] claims = identity != null
- ? GetClaimsWithWindowsIdentity(identity)
- : null;
+ return GetClientContextWithAccessToken(targetApplicationUri.ToString(), accessToken);
+ }
- string accessToken = GetS2SAccessTokenWithClaims(targetApplicationUri.Authority, realm, claims);
+ ///
+ /// Retrieves an S2S client context with an access token signed by the application's private certificate on
+ /// behalf of the specified WindowsIdentity and intended for application at the targetApplicationUri using the
+ /// targetRealm. If no Realm is specified in web.config, an auth challenge will be issued to the
+ /// targetApplicationUri to discover it.
+ ///
+ /// Url of the target SharePoint site
+ /// Name of the user (login name) on whose behalf to create the access token. Supported name formats are SID and User Principal Name (UPN)
+ /// A ClientContext using an access token with an audience of the target application
+ public static ClientContext GetS2SClientContextWithWindowsUserName(Uri targetApplicationUri, string identity)
+ {
+ string accessToken = GetS2SAccessTokenWithWindowsUserName(targetApplicationUri, identity);
return GetClientContextWithAccessToken(targetApplicationUri.ToString(), accessToken);
- }
+ }
///
/// Retrieves an S2S client context with an access token signed by the application's private certificate on
@@ -597,11 +630,7 @@ public static ClientContext GetS2SClientContextWithWindowsIdentity(
/// A ClientContext using an access token with an audience of the target application
public static ClientContext GetS2SClientContextWithClaimsIdentity(Uri targetApplicationUri, System.Security.Claims.ClaimsIdentity identity)
{
- string realm = string.IsNullOrEmpty(Realm) ? GetRealmFromTargetUrl(targetApplicationUri) : Realm;
-
- JsonWebTokenClaim[] claims = identity != null ? GetClaimsWithClaimsIdentity(identity, IdentityClaimType, TrustedIdentityTokenIssuerName) : null;
-
- string accessToken = GetS2SAccessTokenWithClaims(targetApplicationUri.Authority, realm, claims);
+ string accessToken = GetS2SAccessTokenWithClaimsIdentity(targetApplicationUri, identity);
return GetClientContextWithAccessToken(targetApplicationUri.ToString(), accessToken);
}
@@ -1074,10 +1103,10 @@ private static JsonWebTokenClaim[] GetClaimsWithWindowsIdentity(WindowsIdentity
throw new ArgumentNullException("identity");
}
#endif
- return GetClaimsWithUserName(identity.User.Value);
+ return GetClaimsWithWindowsUserName(identity.User.Value);
}
- private static JsonWebTokenClaim[] GetClaimsWithUserName(string identity)
+ private static JsonWebTokenClaim[] GetClaimsWithWindowsUserName(string identity)
{
#if DEBUG
if (string.IsNullOrWhiteSpace(identity))