Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user

All,

Today, in this article we will discuss how to connect to SharePoint online site through an account for which Multi-Factor authentication is enabled. We will also discuss one of the exception which we got.

Background: We have our SharePoint online site. For one of our requirement we need to write tool. So we decided to go with CSOM (Client Side Object Model) approach through console application. So we decided to go with CSOM approach through console application – “The sign-in name or password does not match one in the Microsoft account system.

Following is our normal code to connect the SharePoint online site through CSOM

ClientContext context = new ClientContext("<Site URL>");
string pw = "password";

//Credentials
SecureString password = new SecureString();
foreach (char c in pw.ToCharArray()){ 
          password.AppendChar(c);
}
SharePointOnlineCredentials spocr = 
    new SharePointOnlineCredentials
        ("username@domain.onmicrosoft.com", password);
context.Credentials = spocr;

// The SharePoint web at the URL.
Web web = context.Web;
// We want to retrieve the web's title and description.
context.Load(web, w => w.Title, w => w.Description);
// Execute the query to server.
context.ExecuteQuery();

 

But we were getting following error –

The sign-in name or password does not match one in the 
Microsoft account system.$exception - {"The sign-in name or password does not match 
one in the Microsoft account system."}      
Microsoft.SharePoint.Client.IdcrlException

ErrorCode - 2147186655
HResult - 2147186655
Message - "The sign-in name or password does not match 
one in the Microsoft account system."
Source - "Microsoft.SharePoint.Client.Runtime"
stacktrace -
  at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth
.GetServiceToken
(String securityXml, String serviceTarget, String servicePolicy)

   at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth
.GetServiceToken
(String username, String password, String serviceTarget, 
String servicePolicy)

   at Microsoft.SharePoint.Client.Idcrl.
SharePointOnlineAuthenticationProvider.
GetAuthenticationCookie(Uri url, String username, SecureString password, 
Boolean alwaysThrowOnFailure, EventHandler`1 executingWebRequest)

   at Microsoft.SharePoint.Client.SharePointOnlineCredentials.
GetAuthenticationCookie(Uri url, Boolean refresh, 
Boolean alwaysThrowOnFailure)

   at Microsoft.SharePoint.Client.ClientRuntimeContext.
SetupRequestCredential
(ClientRuntimeContext context, HttpWebRequest request)

   at Microsoft.SharePoint.Client.SPWebRequestExecutor
.GetRequestStream()

   at Microsoft.SharePoint.Client.ClientContext
.GetFormDigestInfoPrivate()

   at Microsoft.SharePoint.Client.ClientContext
.EnsureFormDigest()

   at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
CSOM exception while connecting with account where MFA enabled
Figure 1 : Exception while connection to SharePoint online with an account MFA enabled

We verified our user names and password and seems to be ok. Also previously same code used to work. We were wondering why this is happening. As usual, after googling a bit found one nice article – http://sharepointconnoisseur.blogspot.in/2015/09/how-to-resolve-error.html and then we got clue from above article. We had recently enabled Multi-Factor Authentication on our Office 365 site. Each user not only need to enter their credentials but need to enter the code from authenticator app. This is the main reason the above sample code is not working. It was throwing an above exception.

Approach to connect SharePoint online through CSOM when Multi-Factor Authentication is enabled:

We have to use PnP Core library, if it is not installed on your environment then please install it using NuGet manager. In NuGet manager we can search PnP core library with the string “SharePointPnPCoreOnline” as

NuGetmanager - SharePointPnPCoreOnline
Figure 2 : PnP core library in NuGet manager – SharePoint PnPCoreOnline

Once PnP core library installed, we will use following code to connect the SharePoint online in our console application

var authenticationManager = 
new OfficeDevPnP.Core.AuthenticationManager();

ClientContext context = 
authenticationManager.GetWebLoginClientContext("<Site URL>", null);

Web web = context.Web;
User user = web.CurrentUser;
context.Load(web);
context.Load(user);
context.ExecuteQuery();
Console.WriteLine(web.Title);
Console.WriteLine(user.LoginName);
Console.ReadLine();

When we run the application, prompt will be asked to enter the credentials as

prompt to enter the credentials
Figure 3 : Prompt to enter the credentials to connect SharePoint online when MFA enabled

Once we entered the credentials, next prompt will be for entering the code from authenticator app as

prompt to enter the code
Figure 4 : Prompt for entering code from Authenticator app to connect SharePoint online when MFA enabled

Once we enter the code from our authenticator app, we will get connected to SharePoint online.

In this way we will connect to SharePoint online when Multi-Factor Authentication (MFA) is enabled.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Stay tuned on Knowledge-Junction, will come up with more such articles.

Thanks for reading 🙂

Advertisements

Comments

2 comments on “Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.