I am using the official Microsoft Graph .NET client (through the Microsoft.Graph nuget package) and I want to list all sharepoint sites in my tenant.
To do this, I'm using the following call:
var sites = await client.Sites.GetAsync();
this works well if my client is authenticated with Application permissions... but if I'm authenticated with Delegated permissions this call returns zero results, even if the user I'm using for delegation is a tenant admin.
Is this by design? Is there a way to get the list with delegated permissions? Note that I'm not against using Application permissions per se if it is needed, I'm just curious as to why this happens.
It doesn't seem to be a security issues, because if I call the API with a search query, like:
var sites = await client.Sites.GetAsync(config =>
{
config.QueryParameters.Search = "{some_word_contained_in_the_sites_name}";
});
this works with Delegated permissions without problems. It only breaks if I try to get all sites without filters.
Note that some old posts online (here on SO and elsewhere) mention using the "*" wildcard as filter to get all sites, but this doesn't seem to work anymore, if I try I get the following error:
Syntax error: character '*' is not valid at position 0 in '*'
What am I missing here?
The $search query parameter for the /sites endpoint is tricky. There are some workarounds like specifying the word sharepoint or domain name, because all site URLs contain the words.
https://graph.microsoft.com/v1.0/sites?$search=sharepoint
https://graph.microsoft.com/v1.0/sites?$search=contoso
Or you can use the search API
POST https://graph.microsoft.com/v1.0/search/query
{
"requests": [
{
"entityTypes": [
"site"
],
"query": {
"queryString": "*"
}
}
]
}
The most reliable endpoint is getAllSites, but it supports only application permissions.