Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user


Today, in this article we will discuss how to connect to SharePoint online site through an account for which Multi-Factor authentication is enabled. We will also discuss one of the exception which we got.

Background: We have our SharePoint online site. For one of our requirement we need to write tool. So we decided to go with CSOM (Client Side Object Model) approach through console application. So we decided to go with CSOM approach through console application – “The sign-in name or password does not match one in the Microsoft account system.

Following is our normal code to connect the SharePoint online site through CSOM

ClientContext context = new ClientContext("<Site URL>");
string pw = "password";

SecureString password = new SecureString();
foreach (char c in pw.ToCharArray()){ 
SharePointOnlineCredentials spocr = 
    new SharePointOnlineCredentials
        ("", password);
context.Credentials = spocr;

// The SharePoint web at the URL.
Web web = context.Web;
// We want to retrieve the web's title and description.
context.Load(web, w => w.Title, w => w.Description);
// Execute the query to server.


But we were getting following error –

The sign-in name or password does not match one in the 
Microsoft account system.$exception - {"The sign-in name or password does not match 
one in the Microsoft account system."}      

ErrorCode - 2147186655
HResult - 2147186655
Message - "The sign-in name or password does not match 
one in the Microsoft account system."
Source - "Microsoft.SharePoint.Client.Runtime"
stacktrace -
  at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth
(String securityXml, String serviceTarget, String servicePolicy)

   at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth
(String username, String password, String serviceTarget, 
String servicePolicy)

   at Microsoft.SharePoint.Client.Idcrl.
GetAuthenticationCookie(Uri url, String username, SecureString password, 
Boolean alwaysThrowOnFailure, EventHandler`1 executingWebRequest)

   at Microsoft.SharePoint.Client.SharePointOnlineCredentials.
GetAuthenticationCookie(Uri url, Boolean refresh, 
Boolean alwaysThrowOnFailure)

   at Microsoft.SharePoint.Client.ClientRuntimeContext.
(ClientRuntimeContext context, HttpWebRequest request)

   at Microsoft.SharePoint.Client.SPWebRequestExecutor

   at Microsoft.SharePoint.Client.ClientContext

   at Microsoft.SharePoint.Client.ClientContext

   at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
CSOM exception while connecting with account where MFA enabled

Figure 1 : Exception while connection to SharePoint online with an account MFA enabled

We verified our user names and password and seems to be ok. Also previously same code used to work. We were wondering why this is happening. As usual, after googling a bit found one nice article – and then we got clue from above article. We had recently enabled Multi-Factor Authentication on our Office 365 site. Each user not only need to enter their credentials but need to enter the code from authenticator app. This is the main reason the above sample code is not working. It was throwing an above exception.

Approach to connect SharePoint online through CSOM when Multi-Factor Authentication is enabled:

We have to use PnP Core library, if it is not installed on your environment then please install it using NuGet manager. In NuGet manager we can search PnP core library with the string “SharePointPnPCoreOnline” as

NuGetmanager - SharePointPnPCoreOnline

Figure 2 : PnP core library in NuGet manager – SharePoint PnPCoreOnline

Once PnP core library installed, we will use following code to connect the SharePoint online in our console application

var authenticationManager = 
new OfficeDevPnP.Core.AuthenticationManager();

ClientContext context = 
authenticationManager.GetWebLoginClientContext("<Site URL>", null);

Web web = context.Web;
User user = web.CurrentUser;

When we run the application, prompt will be asked to enter the credentials as

prompt to enter the credentials

Figure 3 : Prompt to enter the credentials to connect SharePoint online when MFA enabled

Once we entered the credentials, next prompt will be for entering the code from authenticator app as

prompt to enter the code

Figure 4 : Prompt for entering code from Authenticator app to connect SharePoint online when MFA enabled

Once we enter the code from our authenticator app, we will get connected to SharePoint online.

In this way we will connect to SharePoint online when Multi-Factor Authentication (MFA) is enabled.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Stay tuned on Knowledge-Junction, will come up with more such articles.

Thanks for reading 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

19 Responses

  1. System.ArgumentNullException: ‘Value cannot be null.’
    coming like this

  2. Arunkumar says:

    I hope this blog helps to connect current user of system alone. I would like to connect configured user in App.config file. Thanks in advance

    • Hi, yes currently in example in blog is specified like that way. But we can read the user details from app.config file as well.

      But I would like highlight one more thing is, it requires me verification code, so if I want to schedule something then it is difficult. Better options is to run the job on be half app either SharePoint hosted app or Azure App.

  3. ph says:


    I found your article as I was searching for a solution to make use of the 2FA with C#.
    The login works like a charm with the PnP library.

    Now, I would like to logout. I have not found any possibility to logout again. Can anybody help please?

  4. MK says:

    Thank you!

  5. Jack Le says:

    Thank you for the code. Now, how do I clear the MFA login to start the process again. I need to capture the steps. Thank you

  6. aniket says:

    Hello Prasham,
    Thanks for steps.

    I followed you steps but on authManager.GetWebLoginClientContext(siteUrl,null); I am getting “Error CS0012 The type ‘Icon’ is defined in an assembly that is not referenced.You must add a reference to assembly ‘System.Drawing.Common, Version=, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51’.” Any idea to fix this?

    If I install System.Drawing.Common package from NuGet I am getting “Could not load file or assembly ‘System.Windows.Forms, Version=, Culture=neutral” this error.”

    I am using console app project with VS 2019 Thanks.

    • Hi Aniket, I also faced error for “System.Drawing.Common” but after installing it using Nuget it worked for me.

      Have you tried by installing “System.Windwos.Forms”. If not I would say please try once. Please share the result.

  7. SieMir says:

    verified method for logout for sharepoint online: I haven’t found anything on the internet.CSOM and GITHUB: It seems that all of this is running via AZURE active directory AD. I found out a workaround.
    If you change the password under Account Information, then it takes a while. After that, you have to authorize yourself with MFA.
    This applies to the browsers as well as to the CSOM application.

    If someone has something so that you can reset the MFA (keep login) using CSOM code! Thank you very much!

  1. June 9, 2018

    […] Problem with approach for connecting Office 365 using user credentials: If we connect Office 365 with Admin / User credentials and in case user left the organization then we need to always keep changing the respective credentials. Same is the case in case we have password change policy for our organization. Also, if there is multi-factor authentication is enabled then there is different way to connect Office 365 tenant. Please check this mine article –  Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) … […]

  2. April 16, 2020

    […] Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) … […]

  3. March 12, 2022

    […] Office 365 : Connecting to SharePoint online site using … […]

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: