Categories
Software engineering

Connecting to SharePoint using Python

Learn how to connect to an on-premise SharePoint using Python with the most common authentication schemes.

The API

We will use the SharePoint REST service. If you’re not familiar with the concept of REST services and how to construct REST requests you can check out this nicely written and hands-on tutorial.

Also, we’ll only be looking at classic on-premises installations of SharePoint. If you want to connect to SharePoint online you can give the Office 365 REST Python Client a try. There are plenty of code samples on the intro page.

Your options
  • Connect using BASIC Authentication
  • Connect using NTLM Authentication
  • Connect using Kerberos Authentication (Negotiate)

Kerberos is generally considered the safest option. So if you’re working in a corporate environment it is likely, that your administrators have locked down the other authentication types.

SSL certificate

For any of these options, you need a valid SSL certificate to connect to the SharePoint. Please don’t do insecure HTTP requests! No, not even for the early phase of your project. Just don’t. 🙂

To get the SSL certificate, open the browser of your choice and navigate to the SharePoint site. Then open the certificate.

How to display the certificate in Chrome
Open the certificate in Chrome

What we want to do, is to download the CA certificate and use it in our Python program to validate a secured connection to the server. So select the root certificate (at the top of the chain) and download it as file. When you’re asked for the file type, select Base-64 encoded X.509.

Depending on the server configuration you might only need the root (top-level) certificate. But there are some cases where you have to validate the entire chain. So if you get SSL errors, try to download each certificate in the chain individually and simply concatenate them into one .cer file using a text editor of your choice as shown below:

-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
Basic Authentication

If you’re coding against a SharePoint opened for visitors outside of your Active Directory or the security requirements of your company are not too strict, you can try to connect with Basic Authentication:

import requests
from requests.auth import HTTPBasicAuth

cert = 'path\to\certificate.cer'
user = 'DOMAIN\\User'
password = 'MyPassword'

response = requests.get(
url=r'http://mysharepoint.com/_api',
auth=HTTPBasicAuth(user, password),
verify=cert)

print(response.status_code)
NTLM Authentication

For the NTLM authentication, you need to install the requests_ntlm package first. The adjusted code sample looks like this:

import requests
from requests_ntlm import HttpNtlmAuth

cert = 'path\to\certificate.cer'
user = 'DOMAIN\\User'
password = 'MyPassword'
 
response = requests.get(
    r'http://mysharepoint.com/_api',
    auth=HttpNtlmAuth(user, password),
    verify=cert)
 
print(response.status_code)
Kerberos Authentication (Negotiate)

For the Kerberos authentication, the setup depends on your operation system.

Windows users:

Install the requests_negotiate_sspi package and you’re ready to go. The package makes use of the Windows SSPI interface to get the credentials of the currently logged in users (a.k.a. integrated authentication).

import requests
from requests_negotiate_sspi import HttpNegotiateAuth

cert = 'path\to\certificate.cer'
 
response = requests.get(
    r'http://mysharepoint.com/_api',
    auth=HttpNegotiateAuth(),
    verify=cert)
 
print(response.status_code)
Linux users:

You first have to add the correct authentication package requests_negotiate to your environment. Additionally, you need to install the appropriate Kerberos distribution on your system from the MIT Kerberos Distribution page. After the installation, make sure, to add the folder containing the binary to your PATH.

Now, you can use the kinit command to retrieve a valid Kerberos ticket. Once this works, you’re properly set up and ready to connect:

import requests
from requests_negotiate import HTTPNegotiateAuth

cert = 'path\to\certificate.cer'
 
response = requests.get(
    r'http://mysharepoint.com/_api',
    auth=HTTPNegotiateAuth(),
    verify=cert)
 
print(response.status_code)

2 replies on “Connecting to SharePoint using Python”

Thank you for the article Stephan.
I tried out the various methods that were listed above to connect to my org’s Sharepoint (.sharepoint.com) to download some files but I keep getting the same error for each and every one of my tries. In the returned headers I saw the following error among other things:

‚X-MSDAVEXT_Error‘: ‚917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+t+the+web+site+and+select+the+option+to+login+automatically.‘

I am obviously missing something but am unable to point it out exactly. Could you please direct me in the right direction. Thank you.

Hi Umesh, I’m glad you liked it.

From the error message it sounds like you’re connecting to a SharePoint Online instance which is part of the Office 365 setup. The methods described in this article are for on-prem SharePoint instances.

Have you tried the Office 365 client package (https://pypi.org/project/Office365-REST-Python-Client/)? Also, make sure to add the SharePoint site to trusted sites as described in this article: https://docs.microsoft.com/en-us/sharepoint/troubleshoot/administration/troubleshoot-mapped-network-drives

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s