CSOM Application Returns 403 on certain websites

Question

I'm currently working on an application that creates a file and attempts to upload this file to a SharePoint site - this site is provided externally.

On a testing site, this application works with zero issues - however, when I try to upload to another site that I do not have full access to, it results in;

The remote server returned an error: (403) Forbidden.

In fact, this error occurs whenever I try to do anything to this site, such as obtain lists, or simply execute an empty query.

I did notice this in the additional error information;

{X-SharePointHealthScore: 4
SPRequestGuid: f49c319e-a0c8-4000-9807-8dbc8c92a12e
request-id: f49c319e-a0c8-4000-9807-8dbc8c92a12e
MS-CV: njGc9MigAECYB428jJKhLg.0
Strict-Transport-Security: max-age=31536000
X-FRAME-OPTIONS: SAMEORIGIN
SPRequestDuration: 148
SPIisLatency: 1
X-Forms_Based_Auth_Required: https://xxxxx.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=/
X-Forms_Based_Auth_Return_Url: https://xxxxx.sharepoint.com/_layouts/15/error.aspx
X-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.
X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"
MicrosoftSharePointTeamServices: 16.0.0.7115
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
X-MSEdge-Ref: Ref A: 669E5D627EFC444B8FF6CCAFF4C35ACC Ref B: DB3EDGE1620 Ref C: 2017-11-29T11:56:15Z
Content-Length: 13
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Date: Wed, 29 Nov 2017 11:56:14 GMT
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

}

Most noteworthy part being the "Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically."

I'm thinking this is a permissions issue with this site - are there any permissions in particular that would be causing this, or are there any forms of adjustments to the context I can do that might get around this?

Answer 1

This turned out to be caused by the websites Security Settings

The site I was attempting to access has a security restriction in place that prevents programmatic access to the contents of the SharePoint - unless the application being run is a specified, internal device, despite the account being used had full access to the site.

Unfortunately, the error message 403 - Forbidden is about as descriptive as it gets, and the tucked away message; "Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically." was simply a red herring that had no relation to the core issue.

I suggest anyone else with this issue have a robust look at the security settings of the site you're attempting to access if at all possible.

Answer 2

This can depend on many things. Start by checking out the following.

• Make sure you create the context with correct url to new site.

• If the code is running as add-in, make sure the add-in has permissions to the site. You can do that on the appinv.aspx page.

• Check if you are creating context for the user and addin or addin only. User and addin requiers both to have permissions on that site.

Please mark as answer if it helps you.