I would like to request SP/PO OData from C# application. I think I’m doing everything according to guidlines:
-
created Azure AD (now it is Microsoft Entra) app, add there secret:
application setup -
Set api permissions. As far as I understood, I need just few of them like Site.ReadAll and ProjectWebAppReporting.Read, but because of problems i set up almsot all related to sites and reports:
permissions -
In c# desktop app (actually, it will be win service), I use MSAL to get token:
string authority = $"https://login.microsoftonline.com/{tenantId}/";
string[] scopes = { $"https://{tenantName}.sharepoint.com/.default" };
IConfidentialClientApplication? app = ConfidentialClientApplicationBuilder.Create(clientId)
.WithTenantId(tenantId)
.WithClientSecret(clientSecret)
.WithAuthority(new Uri(authority))
.Build();
AuthenticationResult? result = await app.AcquireTokenForClient(scopes).ExecuteAsync();
- Use token in REST call:
string baseUrl = $"https://{configuration.TenantName}.sharepoint.com/sites/{configuration.OrganizationName}/_api/ProjectData/";
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
httpClient.BaseAddress = new Uri(baseUrl);
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = await httpClient.GetAsync("Tasks");
The result of the GetAsync is 401 Unauthorized, Unsupported app only token.
As far as I understood, this error could be raised if used some kind of old style app registration inside sharepoint. But I use modern one – via Azure AD. So, I absolutely confused, what else should be done.
I tried command set-spotenant -DisableCustomAppAuthentication $false but without success
Could anyone help, what should be done else?