Project Online CSOM without using SharePointOnlineCredentials RRS feed

  • Question

  • We have a console application which runs every night and get data from project online and dumps it into the DB.

    Due to modern authentication being enabled for the tenant ,the flag of LegacyAuthProtocolsEnabled of the tenant would be changed to false. This has as consequence that SharePointOnlineCredentials can no longer be used as you can read (

    A suggested approach in the ( was to use a ClientId and ClientSecret. I've tested this with CSOM approach after adding two new methods to tokenhelper.cs which returns project context. But I was unable to get project list or enterprise custom fields using this code. I was only able to access list and library items.

    To put things short: does anyone have an idea on

    1. How to get a ProjectContext object without using SharePointOnlineCredentials


    2. Without showing a pop-up to log in a user?

    We have disabled MFA for the account with which we are trying to login.

    Wednesday, April 24, 2019 6:50 AM

All replies

  • Aman, 

    depends on your tenant setup, you may have the option to create app passwords which doesn't require the MFA handshake. usually this option is used for mobile apps or outlook/Skype for business.  

    if you are using the token method (OAuth 2.0) then the app must be registered and given the permission to read project data in the scope definition. 

    I would use the first option first if possible. assuming the account has the appropriate permissions in POL to read the data.

    here is more info on that

    Ali Al . PPM Consultant & Development Manager.
    FB TW IN

    Wednesday, April 24, 2019 9:31 PM
  • Aman,

    I am working through the same issue.  We are trying to setup a system-system integration which involves calling the Project Online API from Mulesoft which is Java based.  Every example i find uses the SharePointOnlineCredentials class to acquire a token for the user.  I have also tried to use an App Principal created within the SharePoint site (appregnew.aspx + appinv.aspx).  no luck either even though the SharePoint add-in permissions pages reference the ability to request permissions (see Table 5).

    The documentation refers to Project Server 2013 only, not Project Online.  Either way, I gave this a shot but it didn't work for me.  I was able to retrieve an OAuth2 token but it doesn't have the proper permission to call the API.

    I currently have a case open Microsoft and am expecting to hear back this week about what authentication methods they support for the Project Online API.

    At this point, it seems like a user identity is required that has the appropriate permission assigned within the PWA.


    Saturday, April 27, 2019 8:18 PM
  • if you go the Add-in route, which I used many times, you need to request the appropriate permission like Ryan suggested in the URL. 

    you will also need to enable/request App Permission rather than relying on the user context. the app permission will be more elevated. once you get your access token from the TokenHelper GetAppOnlyAccessToken (app permission token not the user one) you need to maintain it and refresh it using the refresh token. 

    this may help you to get started.

    you can still use the Project CSOM library once you create your project context rather than pure REST calls. 

    ProjectContext clientContext = new ProjectContext(targetUrl);
                clientContext.AuthenticationMode = ClientAuthenticationMode.Anonymous;
                clientContext.FormDigestHandlingEnabled = false;
                clientContext.ExecutingWebRequest +=
                    delegate (object oSender, WebRequestEventArgs webRequestEventArgs)
                        webRequestEventArgs.WebRequestExecutor.RequestHeaders["Authorization"] =
                            "Bearer " + accessToken;

    Ali Al . PPM Consultant & Development Manager.
    FB TW IN

    Sunday, April 28, 2019 7:53 PM
  • I forgot to add the screenshot about the app permission. 

    in the add-in manifest. make sure you request the permissions that fits your need and check the Allow the add-in to make app only calls to SharePoint

    Ali Al . PPM Consultant & Development Manager.
    FB TW IN

    Sunday, April 28, 2019 8:01 PM