1

I come here as a last resort, I don't know what the hell happened. I restored my server battery and I've got the whole thing working, besides a provider hosted app that I made before. when I deployed it again from the same Visual Studio project, I couldn't access it anymore. Whatever account I am using, it will not work.

The part that hence the server to respond error 403 is when I get the context and then I Load and execute a query in the C# code behind of my aspx page : Here is the relevant part of the code which was working but doesnt work now :

Uri hostWeb = new Uri(Request.QueryString["SPHostUrl"]); using (ClientContext context = new ClientContext(hostWeb)) { Web web = context.Web; List ourList = null; try { ourList = web.Lists.GetByTitle(LIST_NAME); } catch (IOException ex) { Console.WriteLine(ex.Message); } CamlQuery itemFilter = new CamlQuery(); itemFilter.ViewXml = "<View><Query></Query><RowLimit>10</RowLimit></View>"; Microsoft.SharePoint.Client.ListItemCollection currentItems = ourList.GetItems(itemFilter); context.Load(currentItems); context.ExecuteQuery();

i tried so many things that I almost got a headache.

  • Changed the app rights.
  • Verified that the ClientId were the same in the Web.config( the secret was the same too), appmanifest, and AppReg Sharepoint form.
  • Changed my way to get the context (tried the ways described here : http://blogs.msdn.com/b/kaevans/archive/2013/09/24/introducing-sharepointcontext-for-provider-hosted-sharepoint-apps.aspx) : here I got either a 401 error or a "The parameter 'token' cannot be a null or empty string" error) on this I googled and followed the tips from the first result page : nothing more.
  • I changed services and pool owners, tried to disable OAuth over HTTPS, ...
  • Tried to redo a fresh new app with only the code to get context in the 4 ways (TokenHelper S2S or ACS, new ClientContext(hostweb), SPContext.Current ...) NO WAY TO MAKE IT WORK, always errors 403 or null token.
  • I made a pfx certificate and attached it to the app web, filling the details in Web.config.
  • Tried different web browser
  • I also checked the logs from Sharepoint : got a few tips like "can't write the Distributed Cache" or "App token requested from appredirect.aspx for site "myssite" but there was an error on generating it". SAME HERE the tips were not useful for my case on the internet. I tried reboot the server battery service distributed cache, changing owner, ... still nothing.

EDIT 1 : In the LOGS I also spotted "Error when get token for app i:0i.t|ms.sp.ext|7bfc14e7-057b-4b98-8b16-351222de0351@5cad9afa-9d0b-47bf-9db9-a3b157cf48b1, exception: Microsoft.SharePoint.SPException: The Azure Access Control Service is unavailable.". But I don't want to contact an Azure service, I want to authenticate from the SharePoint site accounts, which are bound to a local Active Directory.

EDIT 2 : I also tried to recreate the Trusted Root Authority and the Trusted Security Token Issuer on the server with a valid pfx certificate and also I put the correct references into the Web.config file of App web. I successfuly re-registered the app and all the nameid and id was correct. But still no changes.

Tried to give full rights permission to users, IIS user to the web directory, but doesn't worked too.

In this app all I used to do was to get some elements from a list and it WORKED before the restore backup. Nothing else is changed besides this, can someone help me to find out whats wrong ? thanks a lot

Improve this question
5
  • Did you try registering the app again? Commented Aug 25, 2015 at 15:50
  • @Akhoy thanks for the hint : I tried it with the Id, the Secret, the same title as the App, the FQDN of my Sharepoint site, and the link to my Default.aspx page with the StandardsTokens. Same error , 403 forbidden after uninstalling and reinstalling app Commented Aug 25, 2015 at 16:05
  • Did you go through this question? Maybe turning https off will fix it? sharepoint.stackexchange.com/questions/79284/… Commented Aug 25, 2015 at 17:38
  • yes I read the whole subject, ans as I was saying in my (agreed huge) description, I tried it and it changed nothing :( Commented Aug 26, 2015 at 6:53
  • Ok I've manually added in the using statement : context.Credentials = new System.Net.NetworkCredential("ACCOUNT","PASSWORD","DOMAIN"); with a domain account, it works. When I manually define correct context credentials it will work. So maybe it doesnt succeed to automatically retrieve current user logged in ... dive deeper Commented Aug 26, 2015 at 15:34

1 Answer 1

Reset to default
0

Ok so let's face it my restore broke something and I still don't know what even if I have some tracks. When I use the method

context.Credentials = new System.Net.NetworkCredential("ACCOUNT","PASSWORD","DOMAIN");

to authenticate myself into the context, I can then get data on Sharepoint lists, etc ... If I try to get a Secure Token with multiple methods it says the token is null, or 401/403 error. When I provide the CredentialCache.DefaultCredentials or DefaultNetworkCredentials, the value is empty and I'm still unauthorized.

Track 1 : I suspect the cache being affected somehow and can't keep the current user logged in credentials, it should explain why I have to manually connect a domain user to the context.

I totally deleted/ reinstall the cluster cache and the distributed cache service, it didnt changed anything. And I had nothing in the ULS logs about caching error (the can't write in distributed cache error I had to the beginning went away).

Track 2 : My other track was that in Appredirect.aspx, a form asked to chose the way of authentication (Windows indentity) that blocked my app to identify the user and hence the messages error. After the restore I've got several times the pages I access to ask me this kind of choice (there was a dropdown list with 2 same choice : Windows identity).

From now I don't know exactly the source of the issue but I solved my problem by creating an application account user in the AD, giving him read rights on Sharepoint, and by signing in the context with this credentials, so my app can access and pay around in READ with SharePoint datas.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.