Can't Download File by using OneDrive SDK

[yuribb]

Hello.

I'm working with OneDrive SDK for business office 365 client. I try to get a file content. When i try to save the file I get an error 401 Unauthorized.

I have checked requests that were sent. The first request is "GET drive/{item-id}/content", it returns a response 302 code and Location header with url like @content.downloadUrl in FileInfo (looks like "https://{site}/_layouts/15/download.aspx?guestaccesstoken={token}&docid={docId}&expiration={date}&userid={userId}&authurl=True&NeverAuth=True"), next is redirect to this url.

Response of this request returns an error 401 Unauthorized. Access token is valid and scopes for getting files are correct. How can I get files from my drive?

[cdmayer]

Can you try executing the request in the @content.downloadUrl in a web debug tool like Fiddler? It would be great to see if this issue is specific to the SDK or if it's an API issue.

[yuribb]

Verbose: 0 : [4896] HttpWebRequest#65192075::HttpWebRequest(https://{tenant}.sharepoint.com/_api/v2.0/drives/{driveId}/items/{itemId}/content#-2085058608) ... Information: 0 : [9108] HttpWebRequest#65192075 - Request: GET /_api/v2.0/drives/{driveId}/items/{itemId}/content HTTP/1.1 Information: 0 : [9108] ConnectStream#48472089 - Sending headers { SdkVersion: graph-dotnet-2.0.0 Authorization: bearer {accessToken}... }. ... Information: 0 : [12680] Connection#17653682 - Received headers { X-SharePointHealthScore: 0 X-SP-SERVERSTATE: ReadOnly=0 ODATA-VERSION: 4.0 X-Download-Options: noopen Content-Disposition: attachment SPClientServiceRequestDuration: 150 SPRequestGuid: e852a39d-2072-3000-b27e-c2bbcd984d57 request-id: e852a39d-2072-3000-b27e-c2bbcd984d57 Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN MicrosoftSharePointTeamServices: 16.0.0.5701 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly Content-Length: 0 Cache-Control: private, max-age=0 Content-Type: application/octet-stream Date: Tue, 13 Sep 2016 10:04:54 GMT Expires: Mon, 29 Aug 2016 10:04:55 GMT Last-Modified: Tue, 13 Sep 2016 10:04:55 GMT Location: https://{tenant}.sharepoint.com/_layouts/15/download.aspx?guestaccesstoken={guestToken}%3d&docid={docId}&expiration={expireDate}&userid={userId}&authurl=True&NeverAuth=True P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAM... }. ... Verbose: 0 : [4896] HttpWebRequest#10818254::HttpWebRequest(https://{tenant}.sharepoint.com/_layouts/15/download.aspx?guestaccesstoken={guestToken}%3d&docid={docId}&expiration={expireDate}&userid={userId}&authurl=True&NeverAuth=True#-1313417639) ... Information: 0 : [9108] HttpWebRequest#10818254 - Request: GET /_layouts/15/download.aspx?guestaccesstoken={guestToken}%3d&docid={docId}&expiration={expireDate}&userid={userId}&authurl=True&NeverAuth=True HTTP/1.1 Information: 0 : [9108] ConnectStream#29946769 - Sending headers { SdkVersion: graph-dotnet-2.0.0 Authorization: bearer {accessToken}... }. ... { X-SharePointHealthScore: 0 SPRequestGuid: e852a39d-908a-3000-b27e-c4c477fbdcf2 request-id: e852a39d-908a-3000-b27e-c4c477fbdcf2 Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN SPRequestDuration: 125 SPIisLatency: 72 MicrosoftSharePointTeamServices: 16.0.0.5701 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly Content-Length: 16 Cache-Control: private Content-Type: text/plain; charset=utf-8 Date: Tue, 13 Sep 2016 10:04:55 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Server: Microsoft-IIS/8.5 WWW-Authenticate: NTLM X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET }. ... Warning: 0 : [12680] HttpWebRequest#10818254::() - The remote server returned an error: (401) Unauthorized. Verbose: 0 : [12680] HttpWebRequest#10818254::EndGetResponse()

[yuribb]

Do you need more information? I tried again with another file, with same result.

Message: 'The remote server returned an error: (403) Forbidden. StatusCode:Forbidden Response: 403 FORBIDDEN'

Headers: X-SharePointHealthScore: 0 X-Forms_Based_Auth_Required: https://{tenant}.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_layouts%2f15%2fdownload.aspx%3fguestaccesstoken%3d{guestAccessToken}%253d%26docid%3d{docId}%26expiration%3d2016-10-11T20%253a24%253a13.000Z%26userid%3d1073741822%26authurl%3dTrue%26NeverAuth%3dTrue X-Forms_Based_Auth_Return_Url: https://upsafems.sharepoint.com/_layouts/15/error.aspx X-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically. SPRequestGuid: 0a76ac9d-9066-2000-b27e-c3e51a7194c7 request-id: 0a76ac9d-9066-2000-b27e-c3e51a7194c7 Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN SPRequestDuration: 106 SPIisLatency: 2 X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI" MicrosoftSharePointTeamServices: 16.0.0.5729 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly Content-Length: 13 Cache-Control: private Content-Type: text/plain; charset=utf-8 Date: Tue, 11 Oct 2016 19:24:13 GMT P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET

Response: '403 FORBIDDEN'

[cdmayer]

These are different results. In the second you got 403 Forbidden: Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically. Seems like you don't have access to the file with that token.

Either way, this seems like it's an issue with the API, not with the SDK. Can you re-post this issue in the API repository?

[yuribb]

I have permission for downloading file. Also i use app with client assertion certificate to authentication.

[lockelost]

I am having the same situation... every setting is same with other tenant and Azure App I have but it's throwing 403

X-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.