3

I am simply getting some users from SharePoint using CSOM using the below method. This has always worked for me and I've had no issues.

All of a sudden, when I try calling this method today it fails with this error

The sign-in name or password does not match one in the Microsoft account system.
at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String securityXml, String serviceTarget, String servicePolicy)
    at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String username, String password, String serviceTarget, String servicePolicy)
    at Microsoft.SharePoint.Client.Idcrl.SharePointOnlineAuthenticationProvider.GetAuthenticationCookie(Uri url, String username, SecureString password, Boolean alwaysThrowOnFailure, EventHandler`1 executingWebRequest)
    at Microsoft.SharePoint.Client.SharePointOnlineCredentials.GetAuthenticationCookie(Uri url, Boolean refresh, Boolean alwaysThrowOnFailure)
    at Microsoft.SharePoint.Client.ClientRuntimeContext.SetupRequestCredential(ClientRuntimeContext context, HttpWebRequest request)
    at Microsoft.SharePoint.Client.SPWebRequestExecutor.GetRequestStream()
    at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()
    at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()
    at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
    at SharePointLibrary.SPClient.GetAllUsers() in C:\Users\bassie\source\repos\TFS\ADVWKSP\SharePointLibrary\SPClientUsers.cs:line 39

But it only fails after publishing to Azure.

I have logged the username and password being used to the Azure applications streams, and they are definitely correct, and the same ones being used when debugging on my machine.

How is this possible? Am I going crazy?

Constructor

public SPClient(string url)
{
    baseUrl = url;
    var userName = ConfigurationManager.ConnectionStrings["SPsvcUsername"].ConnectionString;
    var password = ConfigurationManager.ConnectionStrings["SPsvcPassword"].ConnectionString;
    Trace.TraceInformation(userName);
    Trace.TraceInformation(password);

    var securePassword = new SecureString();
    foreach (var c in password)
    {
        securePassword.AppendChar(c);
    }
    credentials = new SharePointOnlineCredentials(userName, securePassword);
}

Get Users method

public IEnumerable<SharePointUser> GetAllUsers()
{
    var spUsers = new List<SharePointUser>();

    using (var clientContext = new ClientContext(baseUrl))
    {
        clientContext.Credentials = credentials;

        var web = clientContext.Web;
        var list = clientContext.Web.SiteUserInfoList;
        var users = list.GetItems(new CamlQuery());
        clientContext.Load(users, includes => includes.Include(
            f => f["GUID"],
            f => f["FirstName"],
            f => f["LastName"],
            f => f["UserName"],
            f => f["Picture"],
            f => f.DisplayName));

        clientContext.ExecuteQuery();

        foreach (var user in users)
        {
            var imagePath = (FieldUrlValue)user.FieldValues["Picture"];
            spUsers.Add(new SharePointUser()
            {
                FirstName = (user.FieldValues["FirstName"] is string firstName) ? firstName : string.Empty,
                LastName = (user.FieldValues["LastName"] is string lastName) ? lastName : string.Empty,
                UserName = (user.FieldValues["UserName"] is string userName) ? userName.ToLower() : string.Empty,
                ImagePath = (user.FieldValues["Picture"] is FieldUrl pictureUrl) ? pictureUrl.ToString() : string.Empty,
                DisplayName = user.DisplayName
            });
        }
    }

    return spUsers;
}
Bassie
  • 9,529
  • 8
  • 68
  • 159

1 Answers1

1

Since the credentials are correct, it may be that Multi-Factor Authentication is enabled and a policy may be triggering it for this account. If that is the case, you could disable MFA for that specific account.

Also, the AuthenticationManager class that is part of the PnP Core library may be beneficial as it is helpful for various authentication scenarios.

horinedev
  • 121
  • 3
  • Thank you for this suggestion. This is possible as 2FA was switched on fairly recently. However, the account continued to work for a few weeks after that happened. Is that possible? Is there some sort of delay or grace period with these things? I still need to test this out by removing 2FA from the account or changing the app to use a non-2FA'd account and will post here once I have checked that (this might take some time to set up..) – Bassie May 21 '18 at 02:18
  • Also, `SharePointPnPCoreOnline` looks interesting, but it seems to only exist for .net core projects is that correct? I am using the standard framework – Bassie May 21 '18 at 02:21
  • Yes, there can be a delay. The state can be set to "Enforced" or "Enabled". If set to "Enforced", this app would have probably stopped working right away. Also, conditional access policies can be applied which will only require multi-factor authentication when the specified condition is met. Regarding the PnP Core library, it looks like it is not fully compatible with .NET Standard, but it does work when targeting the .NET Framework. – horinedev May 29 '18 at 13:30