Recently I had a problem wherein I needed to connect to an Office 365 SharePoint site from an on Premise Windows App.
Now at first it seemed simple but as I drilled deeper I came across some challenges and while overcoming them I learned a lot more about how O365 Authentication works.
Before I go further I would like to point out 2 resources which helped me a lot in solving this challenge:
- Wictor Wilén’s blog on ‘How to do active authentication to Office 365 and SharePoint Online’
- Codeplex project on using SharePoint with WinRT Client
Here is that diagram which explains the AuthN basics for SharePoint Online in Office 365:
(So the key here is to understand that SharePoint Online uses the binary token returned from the STS service located at login.microsoftonline.com to validate all requests.)
At first I tried using the “MsOnlineClaimsHelper” but I couldn’t get it to work as it kept on throwing errors while fetching the response using ‘WSTrustFeb2005ContractClient’. Then I looked at the WinRT code and it was doing the exact same thing but with much less dependencies. Just plain HttPWebRequests + XML.
But the WinRT code was specifically for REST API’s and not Client Object Model. So I modified the code a little bit to make it work with CSOM.