WebRequest to Sharepoint site using Access Token returns 403

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/247261

  •  21-01-2021
  •  | 
  •  

Question

I need to create web request to specific page in SharePoint Online using Access Token in order to get certain Header information, but I keep getting 403 and I'm not sure why. After toying with access requests some more, I managed to only get 403 using clientContext, and 401 using Postman.

I can get response from grah api in my app and with postman using access token, but the problem is I need to do a web request to get real web page headers like SpRequestDuration and SPIISLatency.

  1. I've followed steps to create my Azure AD and application.

  2. I request user login to get authentication code for my application

    loginScopes = [
'User.Read.All',
'Directory.Read.All',
'Group.Read.All',
'Sites.Read.All',
'Reports.Read.All' 
'offline_access',
'https://www.sharepoint.com/AllSites.FullControl'
];

const encodedScopes = encodeURIComponent(loginScopes.join(' '));
const encodedRedirectUri = encodeURIComponent(redirectUri);
let url = `https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?
response_type=code&
client_id=${clientId}
&redirect_uri=${encodedRedirectUri}
&scope=${encodedScopes}
&prompt=select_account`;

return url;

After this returns authentication code I create ConfidentialClientApplication with authority : 'https://login.microsoftonline.com/organizations' and with my application clientId, secret, redirect etc. With newly created ConfidentialClientApplication I acquire token silently with scope '{tenantUrl}/AllSites.FullControl' and user from token cache.

Now with access token I successfully create ClientContext, which retrieves data from sharepoint site and I can easily make a graph API request and everything will be fine. But the problem is with creating a WebRequest to a specific site (example. {tenantUrl}/SitePages/Forms/ByAuthor.aspx)

var manager = new AuthenticationManager();
var clientContext = manager.GetAzureADAccessTokenAuthenticatedContext(tenantUrl, accessToken);
clientContext.Load(clientContext.Site);
clientContext.Load(oWebsite.Lists);
clientContext.ExecuteQuery(); // Works fine

var request = clientContext.WebRequestExecutorFactory.CreateWebRequestExecutor(clientContext,{tenantUrl}/SitePages/Forms/ByAuthor.aspx).WebRequest;

request.Method = "GET";
//request.Headers.Add("Authorization", $"Bearer {accessToken}");

clientContext.ExecutingWebRequest += delegate (object sender, WebRequestEventArgs e)
{
    e.WebRequestExecutor.WebRequest.Headers.Add("Authorization", "Bearer " + accessToken);
};
await request.GetResponseAsync(); // Throws 403
Was it helpful?

Solution 2

As Steve mentioned, it is not possible to get request from site using access token. We managed to solve the problem by fetching and using FedAuth and rtFa cookies.

OTHER TIPS

I am having the same problem. It seems you cannot access anything outside of a Microsoft API with an access token.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top