Application Development with SharePoint CSOM
Client Side Object Model (CSOM) was first introduced in SharePoint 2010. The Client Side Object Model is mainly used to build client applications and enable us to access SharePoint Sites that are hosted outside without using web services. Prior to the CSOM, developers had only a few choices to build client applications.
With the introduction of CSOM, developers now have more choices and will be able to access the core SharePoint functionalities to a wide extent. In SharePoint 2010, the CSOM exposed the core SharePoint functionalities only whereas in SharePoint 2013, the Microsoft SharePoint team has added a few more assemblies. Now we are able to access the Service Applications using the Client Side Object Model.
You can use the SharePoint client object model (CSOM) to retrieve, update, and manage data in SharePoint. SharePoint makes the CSOM available in several forms:
- .NET Framework redistributable assemblies
- JavaScript library (JSOM)
- REST/OData endpoints
- Windows Phone assemblies (deprecated)
- Silverlight redistributable assemblies (deprecated)
Using modern authentication with CSOM for .NET Standard
Using user/password based authentication, implemented via the SharePointOnlineCredentials class, is a common approach for developers using CSOM for .NET Framework. In CSOM for .NET Standard this isn't possible anymore, it's up to the developer using CSOM for .NET Standard to obtain an OAuth access token and use that when making calls to SharePoint Online. The recommended approach for getting access tokens for SharePoint Online is by setting up an Azure AD application. For CSOM for .NET Standard, the only thing that matters are that you obtain a valid access token. This can be using resource owner password credential flow, using device login, using certificate based auth.
How CSOM works ?
If you use the Client Side API to perform a specific task then the SharePoint .NET client object model bundles up these uses of the API into XML and send them to the server. The server receives this request, and makes appropriate calls into the object model on the server, collects the responses, forms them into JavaScript Object Notation (JSON), and sends that JSON back to the SharePoint .NET client object model.
The client object model parses the JSON and presents the results to the application.
Load() method: The Load() method does not actually load anything, only when the ExecuteQuery() method is called does it provide notification that these are the property values that should be loaded for the object. In the Load() method lambda expressions can be used to specify which property should be loaded instead of loading all the properties.
ExecuteQuery() method: The ExecuteQuery() method sends the request to the server. There is no network traffic until the application calls this method. Until the ExecuteQuery() method is called only the requests are registered by the application.
FIRST PROJECT
1- Create a console application using Visual Studio
First of all, we run Visual Studio as an administrator. Then we select “Create a new project” and then “Console App (.NET Framework)” from the relevant menu and click on the Next button.
Then we create the project by changing the name of the project and select the place where it will be created.
Open Project -> NuGet Package Manager. You can add the Microsoft.SharePointOnline.CSOM package. This package contains SharePoint and Project Client Object Model libraries.
That’s great. We have completed the first stage. You can now access Sharepoint lists via CSOM.
2- Basic operations with the SharePoint .NET client object model
2.1. Authentication to Sharepoint Online
Using the Client Object Models for Remote Authentication in SharePoint Online
The starting point for using the SharePoint client-side object model for remote authentication is getting a ClientContext object. This client context object is the object that ties the other operations in the object model to the server and specified site. In a Windows-based HTTP authentication scenario, the client context behaves as Internet Explorer behaves. It automatically transmits credentials to the server if the server is in the Intranet zone. In most cases, this works just fine. The server processes the credentials and authenticates the user.
In a forms-based authentication environment, it is also possible to use the FormsAuthenticationLoginInfo object to provide forms-based authentication to the server. However, this works only for forms-based authentication. It does not work for federated-claims scenarios, because SharePoint does not own the actual authentication process.
Creating an authenticated ClientContext object is a multistep process. First, the user must be able to sign into the remote system interactively.
- The user signs into SharePoint through the federated authentication provider, and SharePoint must issue its authentication cookies.
- Code retrieves the authentication cookies.
- Cookies added to the ClientContext object.
If you want to access a site in Sharepoint Online, you must first authenticate. The 'SharePointOnlineCredentials' class is used to authenticate the SharePoint Online site. "SharePointOnlineCredentials" represents an object that provides credentials for accessing SharePoint Online resources.
using(var context = new ClientContext(webSPOUrl))
{
context.Credentials = new SharePointOnlineCredentials(userName, password);
}The userName parameter sent to the SharepointOnlineCredentials class can be a string. The password must be sent from the SecureString class.
You can add System.Security assembly reference and add the following “using” statement.
using System.Security;The SecureString class will now be active. I wanted to make a dynamic application, so request all the information from the user. For this, I first asked the user for the Sharepoint Online site url information and then the username and password. As you will notice, when getting the password from the user, we use the "GetPasswordFromConsoleInput" function. The password information received from the console is assigned to the password value with the SecureString format.
static void Main(string[] args)
{
Console.WriteLine(“Enter the URL of the SharePoint Online site:”);
string webUrl = Console.ReadLine();
Console.WriteLine(“Enter your user name (format: username@tenant.onmicrosoft.com)”);
string userName = Console.ReadLine();
Console.WriteLine(“Enter your password.”); SecureString password = GetPasswordFromConsoleInput();
}private static SecureString GetPasswordFromConsoleInput()
{
ConsoleKeyInfo info;
//Get the user's password as a SecureString
SecureString securePassword = new SecureString(); do {
info = Console.ReadKey(true);
if (info.Key != ConsoleKey.Enter)
{
securePassword.AppendChar(info.KeyChar);
}
}while (info.Key != ConsoleKey.Enter); return securePassword;
}
Now we have username and password, so we can log in to the site and get first data.
using (var context = new ClientContext(webUrl)){
context.Credentials = new SharePointOnlineCredentials(userName, password);
Web web = context.Web;
context.Load(web);
context.ExecuteQuery();
Console.WriteLine(web.Title);
}We get first data by taking the title information of the site to which we are already connected. You can find the full version of the code below.
2.2. Basic operations with the SharePoint .NET client object model
In the first part, we signed in with username and password, connected to the Sharepoint list and get our first data. We can also get data as well as update, delete or create.
CRUD Operation in WebSite
CRUD Operation in Sharepoint List
You can find some examples here. Please don’t forget that you need to customize the list names and fields according to your own Sharepoint site!
SharePoint List Item Tasks
You can find more examples by clicking here.
