Friday, December 28, 2012

Authentication with Office 365 from an On-Premise Application

Recently I had a problem wherein I needed to connect to an Office 365 SharePoint site from an on Premise Windows App.
Now at first it seemed simple but as I drilled deeper I came across some challenges and while overcoming them I learned a lot more about how O365 Authentication works.

Before I go further I would like to point out 2 resources which helped me a lot in solving this challenge:

Here is that diagram which explains the AuthN basics for SharePoint Online in Office 365:

Passive claims AuthN 
(So the key here is to understand that SharePoint Online uses the binary token returned from the STS service located at to validate all requests.)

At first I tried using the “MsOnlineClaimsHelper” but I couldn’t get it to work as it kept on throwing errors while fetching the response using ‘WSTrustFeb2005ContractClient’. Then I looked at the WinRT code and it was doing the exact same thing but with much less dependencies. Just plain HttPWebRequests + XML.

But the WinRT code was specifically for REST API’s and not Client Object Model. So I modified the code a little bit to make it work with CSOM.

Here is my updated code:




1 comment:

Lee Richardson said...

That was a big help and so much less code, thank you Jomit. The only thing was it needed SAML.xml. I successfully used the copy in Wictor Wilén's sample code at