Blog

KeePass Exploit Unveiled: Retrieving Master Passwords in Clear Text

Connect through SharePoint

If you’ve recently found yourself working remotely or maybe just further down the hall from your teammates, Microsoft has may tools to help you stay connected together! In particular, you can easily connect through SharePoint across all of your applications to stay informed and collaborative.

What is SharePoint?

SharePoint is a robust document repository that’s been around for years. Specifically, SharePoint Online is hosted in the cloud and can easily be accessed from anywhere (great for remote workers). Within SharePoint, users not only have a document repository, but it includes many other features such as Change Tracking, Advanced Searching, Workflows, Role-Based Security and much more!

Extending SharePoint to your existing applications

Developers can leverage one of its many powerful RESTful APIs that can be used to extend or enhance virtually any application you may have, from data archival to advanced searching.

SharePoint Restful API

SharePoint Search API

Microsoft Graph API with SharePoint operations

Enabling app 2 app authentication

Developers can program app 2 app authentication to SharePoint using OData industry standards, which includes a secure protocol for authentication over HTTPS.

There are two initial ‘set-up’ methods for achieving this within SharePoint, depending on which API you’re consuming. Developers will use the client ID and a client Secret as part of the app credentials to gain access to SharePoint:

SharePoint app add-in

Create a SharePoint app add-in to generate the Client ID, Client Secret

  • This is the most widely used method for consuming the legacy API and other SharePoint APIs such as the advanced Search API

1. SharePoint Administrators can create a new app add-in by going to this url: https://[tenant].sharepoint.com/_layouts/15/appregnew.aspx
Click each Generate button to create a new Client Id and Client Secret.

Note:
– The Client Secret will initially expire after 1 yr and only Admins can regenerate one.
– The App Domain and Redirect URI are not used for true app add-ins and therefore can be entered as localhost. Applications use these when the end user is required to login to SharePoint. Click here for more info.

Connect through SharePoint - App Add-In

2. Provide it with the permissions needed, specific to the API/endpoint you’re consuming by going to: https://[tenant]-admin.sharepoint.com/sites/[sitename]/_layouts/15/appinv.aspx

From here, admins can perform a lookup using the Client ID generated from above, then paste in your permissions and click Create:

App Add-In Permissions

Register an Azure application (the newer approach)

  • This is the newest method for consuming the Microsoft Graph API, which includes endpoints for many of the popular SharePoint operations. Many other endpoints are coming, but are currently in preview only mode, so keep a lookout for this!
  • Additionally, this will allow Developers to leverage many other endpoints within popular O365 products such as Azure Active Directory, Outlook, and OneNote
  1. Azure Active Directory administrators can register an app by going to portal.azure.com. Next, type ‘App registrations’ in the search bar. Click to register a new application. Admins can retrieve the Client ID from the Overview tab after it’s been created:
    Connect through SharePoint - Azure App Registration
  2. Create a Client Secret from the Certificates & secrets tab. Set it to expire after 1 year, 2 years or never
    Azure App Registration Client Secret
  3. Provide it with the permissions needed, specific to the endpoint you’re consuming:
    Azure App Registration Permissions

For both of these methods, you will also need the Azure Tenant ID.

That’s it for the initial set-up to enable app 2 app authentication with SharePoint. Using all 3 ids: Client Id, Client Secret, Azure Tenant ID, Developers can plug those in to their code using Odata standards and begin making the magic happen.

If you want to learn more about how you can connect through SharePoint, contact us today.

Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution. We also provide expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing and Unified Communication Solutions.