| At line 1 changed one line |
| !!!1. Sharepoint Microsoft Graph REST API based integration.\\ |
| !!!1. Sharepoint Microsoft Graph REST API-based integration.\\ |
| At line 3 changed one line |
| __Remote item name:__Sharepoint\\ |
| More info about Microsft Graph REST API: [https://learn.microsoft.com/en-us/graph/api/resources/onedrive?view=graph-rest-1.0}]\\ |
| At line 5 changed one line |
| __!!!Constraint:__ Microsoft Graph REST API does not support stream upload. In order to integrate with CrushFTP the files are temporary stored as local file (CrushFTP install folder/sharepoint/) during the upload.\\ |
| Remote item name: __Sharepoint__\\ |
| At line 7 changed one line |
| Go to the the Microsoft azure portal: [https://azure.microsoft.com/en-us/features/azure-portal]/\\ |
| __!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\ |
| • login.microsoftonline.com\\ |
| • graph.microsoft.com\\ |
| At line 9 changed one line |
| __Application registration: __Go to the App registrations and click on New registration:\\ |
| Open the Microsoft Azure Portal: [https://azure.microsoft.com/en-us/features/azure-portal]/\\ |
| At line 13 added 2 lines |
| __Application registration:__ Navigate to App registrations in the Azure Portal. Click on "New registration" to create a new application.\\ |
| \\ |
| At line 13 changed one line |
| Name it. Select the Multitenant and personal Microsoft accounts type. The redirect url must ends with: register_microsoft_graph_api/. Then click on register.\\ |
| The Redirect URL must end with __"register_microsoft_graph_api/"__.\\ |
| At line 15 changed one line |
| [attachments|register_app.png] |
| {{{ |
|
| http://localhost:9090/register_microsoft_graph_api/ |
|
| }}} |
| or |
| {{{ |
| |
| https://your.crushftp.domain.com/register_microsoft_graph_api/ |
| |
| }}} |
| At line 17 changed one line |
| __API permission :__ You also need to provide permission for the Microsoft Graph. Go to the Api permission. Click on Add permission, select Microsoft Graph. Choose Delegated permission and add the "Files.ReadWrite.All" permission:\\ |
| __Configure API permission:__ You must also grant permissions for Microsoft Graph. Go to the __API Permissions__ section, click Add a permission, and select __Microsoft Graph__. To learn more about Microsoft Graph permissions—including the difference between __Application__ and __Delegated__ permissions—refer to the official documentation: [https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http]\\ |
| At line 33 added 78 lines |
| !!!1.1 Application Permission:\\ |
| \\ |
| Application permissions are used when an application runs without a signed-in user, such as in server-to-server connections.\\ |
| \\ |
| __a.) Files.ReadWrite.All__: Grants the application read and write access to all files the signed-in user can access, across all user drives and document libraries (including SharePoint sites and OneDrive for Business).\\ |
| This includes the ability to:\\ |
| • List, read, update, create, and delete files and folders\\ |
| • Upload/download documents\\ |
| • Modify file metadata\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Files__ and check the flag Files.ReadWrite.All permission.\\ |
| \\ |
| [SharePoint Integration/ms_graph_app_permission.png]\\ |
| \\ |
| __b.) Sites.FullControl.All__: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> [https://learn.microsoft.com/en-us/graph/permissions-reference#sites-permissions])\\ |
| \\ |
| This permission allows the app to:\\ |
| • Read and write all files in all SharePoint Online site collections\\ |
| • Manage lists, document libraries, subsites, and site permissions\\ |
| • Perform site-level actions across the entire tenant\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Sites__ and check the flag Sites.FullControl.All permission.\\ |
| \\ |
| __c.) Sites.Selected__: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. More information is available at the following link: [Managing SharePoint Site Access for Applications Using Sites.Selected Permission|CrushTaskExample19].\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Sites__ and check the flag Sites.Selected permission.\\ |
| \\ |
| [CrushTaskExample19/site_selected_microsoft_graph.png]\\ |
| \\ |
| Grant __Admin consent__ for the newly added permission.\\ |
| \\ |
| [attachments|app_permission_admin_consent.png]\\ |
| \\ |
| __Client id__: See at App Registration -> Overview -> Application (client) ID\\ |
| \\ |
| [attachments|client_id.png]\\ |
| \\ |
| __Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the __value__ immediately!\\ |
| \\ |
| [attachments|new_secret.png]\\ |
| \\ |
| [attachments|secret_value.png]\\ |
| \\ |
| __Sharepoint VFS item configuration:__\\ |
| \\ |
| Select the __Application Permission__ radio button, then click __Application Permission__. Enter the __Client ID__, __Client Secret__, and __Tenant ID__, then click OK. This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.\\ |
| \\ |
| __Tennant:__ See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type it can be an ID, common, or consumer.\\ |
| Provide the SharePoint-specific settings. See under the __1.3.Sharepoint-specific settings.__ ( Link: [https://www.crushftp.com/crush10wiki/Wiki.jsp?page=SharePoint%20Integration#section-SharePoint+Integration-1.3.SharepointSpecificSettings]\\ |
| \\ |
| [attachments|app_permission_vfs_item.png]\\ |
| \\ |
| !!!1.2 Delegated Permission:\\ |
| \\ |
| Delegated permissions are used when an application makes API calls as the signed-in user. The app is delegated the user’s permissions and can only access resources that the user is authorized to access.\\ |
| \\ |
| __a.) Files.ReadWrite.All__: Grants the application read and write access to all files the signed-in user can access, across all user drives and document libraries (including SharePoint sites and OneDrive for Business).\\ |
| This includes the ability to:\\ |
| • List, read, update, create, and delete files and folders\\ |
| • Upload/download documents\\ |
| • Modify file metadata\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Delegated Permission__. Search for __Files__ and check the flag Files.ReadWrite.All permission.\\ |
| \\ |
| __b.) Sites.FullControl.All__: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> [https://learn.microsoft.com/en-us/graph/permissions-reference#sites-permissions])\\ |
| \\ |
| This permission allows the app to:\\ |
| • Read and write all files in all SharePoint Online site collections\\ |
| • Manage lists, document libraries, subsites, and site permissions\\ |
| • Perform site-level actions across the entire tenant\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Delegated Permission__. Search for __Sites__ and check the flag Sites.FullControl.All permission.\\ |
| \\ |
| __c.) Sites.Selected__: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. More information is available at the following link:[Managing SharePoint Site Access for Applications Using Sites.Selected Permission|CrushTaskExample19].\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Delegated Permission__. Search for __Sites__ and check the flag Sites.Selected permission.\\ |
| \\ |
| \\ |
| At line 114 added 4 lines |
| Grant __Admin consent__ for the newly added permission.\\ |
| \\ |
| [attachments|app_permission_admin_consent.png]\\ |
| \\ |
| At line 26 changed one line |
| __Secret key :__ A new client secret needs to be created as well. Go to the "Certificate & secrets" and generate a new secret key. Click on New client secret.\\ |
| __Secret key:__ A new client secret needs to be created as well. Go to the "Certificate & secrets" and generate a new secret key. Click on New client secret.\\ |
| At line 125 added one line |
| \\ |
| At line 33 changed one line |
| __!!! CrushFTP admin page url must match with the redirect url.__ In our example : http://localhost:9090\\ |
| __!!! The CrushFTP admin page URL must match the redirect URL.__ In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/register_microsoft_graph_api/\\ |
| At line 35 changed one line |
| Select SharePoint item type click on "Get Refresh Token" button. Provide the Client ID and Client Secret, and Tenant (in almost all case it is just: common).\\ |
| Select the SharePoint item type and click on the "Get Refresh Token" button. Provide the Client ID and Client Secret Value (not ID, see the screenshot), and Tenant (in almost all cases it is just: common).\\ |
| At line 39 changed one line |
| Click on "OK" button, log in with your azure credentials, allow CrushFTP to have access to your SharePoint files. After that the form will disappear and the username and password will be filled. Done.\\ |
| Click on the "OK" button, log in with your Azure credentials, and allow CrushFTP to have access to your SharePoint files. After that the form will disappear and the username and password will be filled. Done.\\ |
| At line 43 changed one line |
| __Sharepoint specific settings:__\\ |
| !!!1.3.Sharepoint-specific settings:__\\ |
| At line 47 changed 4 lines |
| __Site id__ : The sharepoint domain name.\\ |
| __Site Path__ : The path of the SharePoint site. It should start and end with slash.\\ |
| __Drive name__ : Each SharePoint site has document library where the site related files are stored. See [https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provied it's name\\ |
| __Folder__ : Relative path of the document library of the sharepoint site. |
| __Site id__ : The SharePoint domain name.\\ |
| __Site Path__: The path of the SharePoint site. It should start and end with a slash.\\ |
| __Drive name__: Each SharePoint site has a document library where the site-related files are stored. See [https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide its name.\\ |
| __Folder__: Relative path of the document library of the SharePoint site.\\ |
| __Conflict Behaviour__: \\ |
| - __Rename__ the file/folder if already exits\\ |
| - __Replace__ the file/folder if already exits\\ |
| - __Fail__ if the file/folder already exists\\ |
| At line 52 changed one line |
| !!! 2. SharePoint REST service API based integration\\ |
| !!! 2. SharePoint REST service API-based integration\\ |
| __Remote item name:__ Sharepoint2\\ |
| At line 55 changed 2 lines |
| __!!!Constraint:__\\ |
| 1. On newer Sharepoint (after 2019) Grant App permission is disabled by default. To enable Custom Application APP Authentication run the following PowerShell commands:\\ |
| __!!!Constraint:__ On newer Sharepoint (after 2019) Grant App permission as it is disabled by default. To enable Custom Application APP Authentication run the following PowerShell commands:\\ |
| At line 164 added one line |
| get-spotenant | Select DisableCustomAppAuthentication |
| At line 166 added 9 lines |
| }}}\\ |
| Or |
| \\ |
| {{{ |
| $creds = Get-Credential |
| $orgName="<name of your Office 365 organization>" |
| Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $creds |
| get-spotenant | Select DisableCustomAppAuthentication |
| set-spotenant -DisableCustomAppAuthentication $false |
| At line 65 changed one line |
| 2. Advantage(Compared with MSGraph API): Stream upload supported. No temporary stored local file during the upload. |
|
| At line 178 added 43 lines |
| __Advantage(Compared with MSGraph API Delegated Permission)__: Stream upload supported. There is no temporarily stored local file during the upload.\\ |
| \\ |
| __1. Register Add-In__\\ |
| Navigate and log in to the SharePoint online site. Got to the Register Add-In page by entering the URL as: \\ |
| |
| {{{https://<sitename>.sharepoint.com/<<site path>>/_layouts/15/appregnew.aspx}}}\\ |
| \\ |
| Click the Generate button.\\ |
| \\ |
| [attachments|app_reg_new.png]\\ |
| \\ |
| Store the __Client ID__ and __Client Secret__ and click on __Create__ button.\\ |
| \\ |
| [attachments|app_reg_new_success.png]\\ |
| \\ |
| __2. Grant Permissions to Add-In__\\ |
| \\ |
| Navigate to: \\ |
| {{{ |
| https://<sitename>.sharepoint.com/<<site path>>/_layouts/15/appinv.aspx |
| }}}\\ |
| \\ |
| This will redirect to the Grant permission page. Enter the __Client ID__(generated earlier), in the __AppId__ textbox and click the Lookup button.\\ |
| Provide the permission Request xml and click on __Create__ button.\\ |
| \\ |
| Permission Request XML content: \\ |
| {{{ |
| <AppPermissionRequests AllowAppOnlyPolicy="true"> |
| <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/></AppPermissionRequests>}}}\\ |
| \\ |
| [attachments|app_inv_permission.png] |
| \\ |
| __SharePoint2 remote item settings:__\\ |
| \\ |
| __User name__ : The created __Client ID__\\ |
| __Password__ : The created __Client Secret__\\ |
| __Site id__ : The sharepoint domain name.\\ |
| __Site Path__: The path of the SharePoint site. It should start and end with a slash.\\ |
| __Drive name__: Each SharePoint site has a document library where the site-related files are stored. See [https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide its name\\ |
| __Folder__: Relative path of the document library of the sharepoint site.\\ |
| \\ |
| [attachments|sharepoint2_vfs.png]\\ |
| \\ |
