When accessing Microsoft SharePoint Online from custom code, we’ll want to use an Azure App Registration to give the application access to SharePoint. 1

Steps to setup Azure AD App-only access

  1. Create a self-signed certificate using PowerShell.
  2. Save the .cer and .pfx files and the information used to create the certificate.
  3. Create an Azure App Regsitration from Azure AD
  4. Under Certificates & Secrets, upload the .cer file created earlier.
  5. Under API Permissions, assign the appropriate permissions for the App. If the app needs permission to access specific SharePoint sites, select SharePoint Sites.Selected and then use PowerShell to Configure App Registration for SharePoint Sites.Selected.

Sample Code

This sample code is a simple .NET Console application. I added the PnP.Framework Nuget package to the project. Update the Program.cs file with the following code. Debug, and if successful, the console window should display the name of the SharePoint site collection.

using Microsoft.SharePoint.Client;
using PnP.Framework;
using System;

namespace Test.TestAppRegistration
    internal class Program
        static void Main(string[] args)
            string siteUrl = "{sharepoint site url}";
            string tenant = "{tenant ID (from Azure AD)}";
            string pathPfx = "c:\\{path to cert file}\\Certificate.pfx";
            string aadAppId = "{app registration id}";
            string pfxPassword = "{certificate password}";

            AuthenticationManager authManager = new AuthenticationManager(aadAppId, pathPfx, pfxPassword, tenant);           

            using (ClientContext cc = authManager.GetContext(siteUrl))
                cc.Load(cc.Web, p => p.Title);


  1. Granting access via Azure AD App-Only | Microsoft Learn ↩︎