If you register the app on the Seller Dashboard, you can set the expiration as long as 3 years. In the dashboard, you can also add new secrets when the old ones approach their expiration date. The new secret will be enabled in all instances of the app. But if you register the app with AppRegNew.aspx, the secret expires in 1 year.
In order to replace/renew the client secret we need to follow below steps:
In order to replace/renew the client secret we need to follow below steps:
- Prerequisites for refreshing a client secret
- Find out the expiration dates of the SharePoint Add-ins installed to the Office 365 tenancy
- Generate a new secret
- Update the remote web application in Visual Studio to use the new secret
1. Prerequisites for refreshing a client secret
Ensure that you have the following things installed on your local development server/computer:
- Microsoft Online Services Sign-In Assistant is installed on the development computer.
- Microsoft Online Services PowerShell Module (32-bit; 64-bit) is installed on the development computer.
- You are a tenant administrator for the Office 365 tenant (or a farm administrator on the farm) where the add-in was registered with the AppRegNew.aspx page.
2. Find out the expiration dates of the SharePoint Add-ins installed to the Office 365 tenancy
- Open Windows Powershell or SharePoint 2013 Management Shell and run the below mentioned command:Connect-MsolService
- Once you run the above cmdlet a login prompt will appear, enter tenant-administrator (or farm administrator) credentials for the Office 365 tenancy or farm where the add-in was registered with AppRegNew.aspx.
- To generate a list of all registered add-ins, run the below mentioned cmdlet:
$applist = Get-MsolServicePrincipal -all |Where-Object -FilterScript { ($_.DisplayName -notlike "*Microsoft*") -and ($_.DisplayName -notlike "autohost*") -and ($_.ServicePrincipalNames -notlike "*localhost*") } foreach ($appentry in $applist) { $principalId = $appentry.AppPrincipalId $principalName = $appentry.DisplayName Get-MsolServicePrincipalCredential -AppPrincipalId $principalId -ReturnKeyValues $false | Where-Object { ($_.Type -ne "Other") -and ($_.Type -ne "Asymmetric") } $date = get-date Write-Host "$principalName;$principalId;$appentry.KeyId;$appentry.type;$date;$appentry.Usage" } > c:\temp\appsec.txt
- Now, open the file C:\temp\appsec.txt to see the report. Leave the Windows PowerShell window open for the next procedure, if any of the secrets is near to expiration
3. Generate a new secret
- Create a client ID variable with the following line (Please mention the Client ID whose Client secret is about to expire)
$clientId = 'client id of the add-in'
- Generate a new Client ID with the following line:
$bytes = New-Object Byte[] 32 $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create() $rand.GetBytes($bytes) $rand.Dispose() $newClientSecret = [System.Convert]::ToBase64String($bytes) New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret $newClientSecret
- The new client secret will appear on the Windows PowerShell console. Copy it to a text file. You use it in the next procedure.
4. Update the remote web application in Visual Studio to use the new secret
Open the SharePoint Add-in project in Visual Studio, and open the web.config file for the web application project. In the appSettings section, there are keys for the client ID and client secret. Update the Client ID, Client Secret and add Secondary Client Secret as mentioned below:
<appSettings>
<add key="ClientId" value="your client id here" />
<add key="ClientSecret" value="your new secret here" />
<add key="SecondaryClientSecret" value="your old secret here" />
... other settings may be here ...
</appSettings>
Now Republish the web application.
It's done :)
No comments:
Post a Comment