search

Azure-Samples / active-directory-dotnet-webapp-webapi-multitenant-openidconnect

A sample .NET 4.5 MVC SaaS web app that signs-up and signs-in users from any Azure AD tenant, and calls the Azure AD Graph API.
66 stars 45 forks source link

SharePoint Online - Accessing site gives error 401-unauthorized. #39

Closed rajeshpatil74 closed 5 years ago

rajeshpatil74 commented 6 years ago

When the code is received in ProcessCode function and then using the result.AccessToekn gives error "401-unanothroized".

I have given the all access to "O365 SharePoint". The App gets autheticated but using the authorization token received using the code doesn't allow to fetch site details like list, site title etc.

               AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
                    code, new Uri(Request.Url.GetLeftPart(UriPartial.Path)), credential);

                try
                {
                    string siteUrl = "https://svtestsite.sharepoint.com/sites/powerapps";
                    ClientContext ctx = new ClientContext(siteUrl);
                    ctx.ExecutingWebRequest +=
                           delegate(object oSender, WebRequestEventArgs webRequestEventArgs)
                           {
                               webRequestEventArgs.WebRequestExecutor.RequestHeaders["Authorization"] =
                                   "Bearer " + result.AccessToken; // accessToken;
                           };
                        ctx.Load(ctx.Web, p => p.Title);
                        ctx.ExecuteQuery();
                        Console.WriteLine(siteUrl);
                        Console.WriteLine(ctx.Web.Title);
                }
                catch (Exception ex)
                {
                    Console.WriteLine("Failure : " + ex.Message);
                }
jmprieur commented 6 years ago

The token you get from the code is for your web app. You then need to acquire a token for the downstream web api. See https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Acquiring-tokens-with-authorization-codes-on-web-apps for details.

rajeshpatil74 commented 6 years ago

jmprieur, I am able to get the token for sharepoint site and its working. There are two additional questions for same -

  1. I need to get two separate tokens for two resources -

    -admin.sharepoint.com --> to create sites .sharepoint.com --> to work on the sites for operation like list, column creation. Is this correct ?

  2. By obtaining token, i create multiple sites and perform various operations on these created sites. It takes more than a hour to complete process And meanwhile token gets expired. How i can get token which will expire after 2-3 hrs ? After searching found that i need to create some policy but don't know how to set service principal (get service principal on which policy needs to be set using powershell)

My application registered in AAD is multitenant web application.

jmprieur commented 6 years ago

@rajeshpatil74

  1. yes, this is correct, you need to get 2 tokens, Having said that you'll just call AcquireTokenSilentAsync with the new resource with the cache for the same user

2.Do you use a token cache? (like EFADALTokenCache shown in the sample). Calling AcquireTokenSilentAsync will refresh the token

kalyankrishna1 commented 5 years ago

Closing as OP has not responded