SharePoint App-Only Policy

App-Only Policy

A user must be a site collection administrator to be able to grant use of the app-only policy. If the app-only policy is granted and the app already has tenant-scoped permissions, then the user must be a tenant administrator to be able to grant use of the app-only policy.  Only apps with web applications running outside of SharePoint can create and pass app-only tokens.

Once app-only policy is enabled, an app can choose to use an app-only policy or it can use the user + app policy token on each request. The italicized section of the following code example shows how an app can get an app + user policy access token.

string contextTokenString = TokenHelper.GetContextTokenFromRequest(Request);
if (contextTokenString != null)
     //Get context token.
     SharePointContextToken contextToken =
          TokenHelper.ReadAndValidateContextToken(contextTokenString, Request.Url.Authority);

     Uri sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]);
            //Get App + User access token.
     string accessToken =
          TokenHelper.GetAccessToken(contextToken, sharepointUrl.Authority).AccessToken;

      ClientContext clientContext =
           TokenHelper.GetClientContextWithAccessToken(sharepointUrl.ToString(), accessToken);

      //Do something. 

      //Get app only access token.
       string appOnlyAccessToken = TokenHelper.GetAppOnlyAccessToken(contextToken.TargetPrincipalName, sharepointUrl.Authority, contextToken.Realm).AccessToken;
      //Do something.

2 thoughts on “SharePoint App-Only Policy

  1. Have you ever considered about including a little bit more than just your articles?
    I mean, what you say is valuable and everything.
    Nevertheless just imagine if you added some great pictures or
    videos to give your posts more, “pop”! Your content is excellent but with images
    and videos, this blog could definitely be one of the most
    beneficial in its niche. Wonderful blog!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s