Categories

## Connecting to SharePoint using Python

##### The API

We will use the SharePoint REST service. If you’re not familiar with the concept of REST services and how to construct REST requests you can check out this nicely written and hands-on tutorial.

Also, we’ll only be looking at classic on-premises installations of SharePoint. If you want to connect to SharePoint online you can give the Office 365 REST Python Client a try. There are plenty of code samples on the intro page.

• Connect using BASIC Authentication
• Connect using NTLM Authentication
• Connect using Kerberos Authentication (Negotiate)

Kerberos is generally considered the safest option. So if you’re working in a corporate environment it is likely, that your administrators have locked down the other authentication types.

##### SSL certificate

For any of these options, you need a valid SSL certificate to connect to the SharePoint. Please don’t do insecure HTTP requests! No, not even for the early phase of your project. Just don’t. 🙂

To get the SSL certificate, open the browser of your choice and navigate to the SharePoint site. Then open the certificate.

What we want to do, is to download the CA certificate and use it in our Python program to validate a secured connection to the server. So select the root certificate (at the top of the chain) and download it as file. When you’re asked for the file type, select Base-64 encoded X.509.

Depending on the server configuration you might only need the root (top-level) certificate. But there are some cases where you have to validate the entire chain. So if you get SSL errors, try to download each certificate in the chain individually and simply concatenate them into one .cer file using a text editor of your choice as shown below:

-----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE----------BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----
##### Basic Authentication

If you’re coding against a SharePoint opened for visitors outside of your Active Directory or the security requirements of your company are not too strict, you can try to connect with Basic Authentication:

import requestsfrom requests.auth import HTTPBasicAuthcert = 'path\to\certificate.cer'user = 'DOMAIN\\User'password = 'MyPassword'response = requests.get(    url=r'http://mysharepoint.com/_api',    auth=HTTPBasicAuth(user, password),    verify=cert)print(response.status_code)
##### NTLM Authentication

For the NTLM authentication, you need to install the requests_ntlm package first. The adjusted code sample looks like this:

import requestsfrom requests_ntlm import HttpNtlmAuthcert = 'path\to\certificate.cer'user = 'DOMAIN\\User'password = 'MyPassword' response = requests.get(    r'http://mysharepoint.com/_api',    auth=HttpNtlmAuth(user, password),    verify=cert) print(response.status_code)
##### Kerberos Authentication (Negotiate)

For the Kerberos authentication, the setup depends on your operation system.

###### Windows users:

Install the requests_negotiate_sspi package and you’re ready to go. The package makes use of the Windows SSPI interface to get the credentials of the currently logged in users (a.k.a. integrated authentication).

import requestsfrom requests_negotiate_sspi import HttpNegotiateAuthcert = 'path\to\certificate.cer' response = requests.get(    r'http://mysharepoint.com/_api',    auth=HttpNegotiateAuth(),    verify=cert) print(response.status_code)
###### Linux users:

You first have to add the correct authentication package requests_negotiate to your environment. Additionally, you need to install the appropriate Kerberos distribution on your system from the MIT Kerberos Distribution page. After the installation, make sure, to add the folder containing the binary to your PATH.

Now, you can use the kinit command to retrieve a valid Kerberos ticket. Once this works, you’re properly set up and ready to connect:

import requestsfrom requests_negotiate import HTTPNegotiateAuthcert = 'path\to\certificate.cer' response = requests.get(    r'http://mysharepoint.com/_api',    auth=HTTPNegotiateAuth(),    verify=cert) print(response.status_code)