sharepoint online – Getting 401 error when placing HTTP request in Flow

I’m trying to write a Flow that gets a list of emails from the Finance Managers list to send an email to. When I get to the HTTP Request to query the Finance Managers list, it throws a 401 error- access denied. The list I’m querying is of course on SharePoint Online (O365). Do I need to do something like creating an app step and authorizing the Flow like I had to do with SharePoint Designer workflows? If so, how do I do that with a Power Automate Flow?

Provider-hosted app – SharePoint 2016 app with high confidence: 401 is not authorized and the Azure Access Control service is not available.

We're trying to deploy our first trusted SharePoint 2016 app in a non-developer environment, but are getting the common "401 Unauthorized" error. Our environment is as follows:

  • SharePoint 2016 server
  • App server hosted by the remote provider with IIS 10.0

This 2017 Stack Exchange post lists almost exactly the same problems and symptoms, but we already have a solution (use a CA certificate instead of a self-signed one).

We checked the following:

  • Certificate used (from our internal certification authority) using an FQDN address using
    SHA256 and SAN
  • Serial number of the certificate in web.config (on the remote control)
    Server) is entered manually
  • Private key of the certificate (on the remote server)
    has read permission for IIS_IUSR group. (Without that we get one
    "Keyset does not exist" error.)
  • Client ID generated by
    AppRegnew.aspx is correct in web.config
  • The token issuer ID is correct
    in web.config
  • HTTPS runs on everything, both SharePoint and that
    Remote web server
  • Remote web server authentication is set to NTLM
    followed by negotiation. Anonymous access is deactivated.
  • Get-SPTrustedRootAuthority lists our FQDN certificate (as well
    an intermediate and root certificate.)
  • Get-SPTrustedSecurityTokenIssuer lists our token issuer with that
    RegisteredIssuerName as "IssuerGUID @ SharePointRealmGUID"
  • The app permissions in our app manifest XML file are "Manage" under
    SiteCollection level and we also tried "Full Control" at Tenant
    Level.

SharePoint ULS protocols

Error when get token for app i:0i.t|ms.sp.ext|133809c8-e459-44f7-a206-1136bf1c2539@77b99930-703e-4df3-94b0-acc6556794a5, exception: Microsoft.SharePoint.SPException: Azure Access Control Service is unavailable.    
 at Microsoft.SharePoint.Administration.SPSecurityTokenServiceDiscoveryManager.DiscoverApplicationSecurityTokenService(SPServiceContext serviceContext)    
 at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)    
 at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)    
 at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)    
 at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)

App token requested from appredirect.aspx for site: 913136fe-207e-447c-9630-4f0fd88304b0 but there was an error in generating it.  This may be a case when we do not need a token or when the app principal was not properly set up.  LaunchUrl:https://remoteserver.domain.com/Pages/Default.aspx?SPHostUrl=https://sharepoint.domain.com/sites/site&SPLanguage=sv-SE&SPClientTag=14&SPProductNumber=16.0.4615.1000&SPAppWebUrl=https://app-9f504b2adb7f3a. appdomain.com/sites/site/OurApp Exception Message: Azure Access Control Service is unavailable.  Stacktrace:   
 at Microsoft.SharePoint.Administration.SPSecurityTokenServiceDiscoveryManager.DiscoverApplicationSecurityTokenService(SPServiceContext serviceContext)    
 at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)    
 at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)    
 at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)    

Fiddler protocols

  • Two Instanes of 401 – 1) The server presents NTLM and negotiate options and 2) The client tries NTLM.

    In TextView: SPAppToken = & SPSiteUrl = https% 3A% 2F% 2Fportal.domain.com% 2Fsites% 2Fsite & SPSiteTitle = Site-Name & SPSiteLogoUrl = https% 3A% 2F% 2Fapp-9f504b2adb7f33.domain.appdomite2% 2 .jpg & SPSiteLanguage = sv-SE & SPSiteCulture = sv-SE & SPRedirectMessage = EndpointAuthorityMatches & SPCorrelationId = 7b04499f-e991-504a-5c02-7a78bc35c7ee & SPErrorCorrelation1c7c7ee

We followed several instructions:

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/create-and-use-access-tokens-in-provider-hosted-high-trust-sharepoint-add-ins

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/high-trust-configuration-scripts-for-sharepoint#addsprootauthorityps1

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins

https://jeremythake.com/troubleshooter-sharepoint-2013-provider-hosted-apps-on-premises-d4b5f633f48d

Cheat Sheet to Troubleshoot SharePoint Provider hosted High-Trust Add-ins – 401, 403, 404, and Misc Errors

Ask:

  1. Simply check that ClientSecret is not needed in the web.config file for apps with high trustworthiness. (This Microsoft page says: "Note that there is no ClientSecret key in a trusted SharePoint add-in.")
  2. Please help. πŸ™‚ πŸ™‚

Thanks for any help!

Safari and .htaccess .htpasswd lead to status 401

I have basic .htaccess authentication for my development server as follows:

AuthName "Developer Demo"
AuthType Basic 
AuthUserFile /path/to/.htpasswd 
require valid-user

It works well in all browsers, but on Safari and on iOS devices. After authentication, .html, .css, .svg and .tff files are loaded. However, the .js files are given status 401.
Any idea why that happens?

I created the .htpasswd content with this generator: https://www.web2generators.com/apache-tools/htpasswd-generator

Python JSON web token (JWT) – GET request 401 error

To generate the token for API requests, Apple describes the following steps.

The key. kid, and iss were all checked to work, In the following Python script

import jwt
import requests

# pseudo, removed secret info
# read the file, currently binary but have tried string too
with open('AuthKey_4..._.p8', 'r+b') as keyfile:
    secret = keyfile.read()

expir = round(time.time() + 20 * 60)

# sign the token with the iss, time, key, and kid with the correct alg
token = jwt.encode({'iss': '6...', 
                    'exp': f'{expir}', 
                    'aud': 'appstoreconnect-v1'},
                    secret, algorithm='ES256', 
                    headers={'alg': 'ES256', 'kid': '4...', 'typ': 'JWT'})

# decode the bytes and create the get request header
s_token = token.decode('utf-8')
headers = {'Authorization': f'Bearer {s_token}'}

# send the get request
r = requests.get('https://api.appstoreconnect.apple.com/v1/salesReports',
                 headers=headers)#, params=params)

r.json() just come back

{'errors': ({'status': '401',
   'code': 'NOT_AUTHORIZED',
   'title': 'Authentication credentials are missing or invalid.',
   'detail': 'Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens'})}

In addition, the link in the error message also appears to be incorrect.

I tried reading on the internet .p8 File in both binary and regular string representation. I tried to pass different values ​​in the token, remove certain values ​​etc. I also tried not to pass the payload parameters to the GET request, which also results in a 401 error. The payload information is listed here. Any help appreciated.

sharepoint online – Provider Hosted App with 401 unauthorized errors

Azure runs apps hosted by a provider that many of our customers use in SP Online. Some of them suddenly experience error 401 when trying to get only app access tokens. The same app works for other customers. We checked the following:

  • Client Secret has not expired for the app in the seller dashboard

  • App is installed on site

  • App is familiar again in the website

  • The same code that runs in the Azure web application can connect for some customers

Please let us know if something has changed recently or what else we should be looking for.

Below is the exception in the server-side code when trying to get the access token. This is already working properly and no changes have been made to the site / security settings in Tenant.

Microsoft.IdentityModel.SecurityTokenService.RequestFailedException: Token request failed. ---> System.Net.WebException: The remote server returned error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.IdentityModel.S2S.Protocols.OAuth2.OAuth2WebRequest.GetResponse()
at Microsoft.IdentityModel.S2S.Protocols.OAuth2.OAuth2S2SClient.Issue(String securityTokenServiceUrl, OAuth2AccessTokenRequest oauth2Request)
--- End of inner exception stack trace.

Sockets – Why does a POST request generate HTML / JavaScript 401 (unauthorized) but not from a C program?

I need to send a POST request with some data to a RESTful API. I currently have a C program that creates a socket, connects to the host, and successfully sends the POST request.

After some C-magic, the request is made as follows:

POST http://remotemanager.digi.com/ws/sci HTTP/1.1
Host: remotemanager.digi.com
Content-Type: text/xml
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Content-Length: 123


Then I send it with me send of socket.h, Everything is working fine. After submitting I will receive:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=485A5984C8BB21B11BFB305145FAF3B9; Path=/ws/;         HttpOnly;Secure
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/xml;charset=ISO-8859-1
Content-Length: 195
Date: Thu, 09 Jan 2020 21:12:17 GMT


The problem is when I try to do this with HTML and Javascript. I'll do it:



    
        
        Ping Gateway
        
    

    
        


But I get:

OPTIONS https://remotemanager.digi.com/ws/sci 401 (not authorized)

test.html: 1 Access to XMLHttpRequest at & # 39; https: // username: password@remotemanager.digi.com/ws/sci' from origin & # 39; null & # 39; was blocked by the CORS guideline: The answer to the preflight request is no access control check: There is no & # 39; Access-Control-Allow-Origin & # 39; header available in the requested resource.

So, If I run the request form on exactly the same computer and even in the same folder, why does the C code work and the HTML / JS version triggers this CORS problem?

javascript – nodejs 401 Repeat mechanism for requests

I am working on a project in which I have a backend in nodejs and have to call external APIs from there. These APIs require an authentication token that is valid for 15 minutes. So if the response status from external APIs is 401, I have to generate a new token and then call the request.

In my backend I use a request promise package that does not offer an interceptor concept like Axios. So I tried to create my own mechanism. The following code is in typescript

class RequestHandler {

    private token: any = {

        promiseCreator: function () {
            return new Promise((resolve, reject) => {
                this.rejects.push(reject);
                this.resolves.push(resolve);
            });
        },
        rejects: (),
        resolves: (),
        v: null,
        get value() {
            return this.v;
        },
        set value(val) {
            this.v = val;
            if (val) {
                this.resolves.forEach((resolve: any) => resolve());
            } else {
                this.rejects.forEach((reject: any) => reject());
            }
            this.resolves = ();
            this.rejects = ();
        }

    };

    constructor() {
        this.authorize();
    }

    // Test Request
    public async test(reqBody) {

        const reqOptions = {
            dataType: "json",
            headers: {
                Authorization: `Bearer ${this.token.value}`
            },
            json: reqBody,
            method: "POST",
            url: "http://localhost:8080/test-async",
        };

        const { data } = await request(reqOptions);

        // on success return data
        if (data.status === "200") {
            return data;
        }

        // if authentication fails generate new token and then request again
        if (data.status === "401") {
            return await this.unAuthorizeRequestHandler(this.test.bind(this, reqBody));
        }

        // if status other than 200 and 401 then throw error
        throw new Error(data.message);

    }

    // To Get Authentication Token
    async authorize() {

        const reqOptions = {
            dataType: "json",
            json: {},
            method: "POST",
            url: "http://localhost:8080/auth",
        };

        const { token } = await request(reqOptions);
        this.token.value = token;

    }

    // handles retry logic
    async unAuthorizeRequestHandler(requestFunction: any) {

        if (this.token.value) {
            this.token.value = null;

            try {
                await this.authorize();
            } catch (err) {
                this.token.value = null;
                throw new Error(err.toString());
            }

        } else {
            await this.token.promiseCreator();
        }
        return await requestFunction();
    }

}

In the code above, unAuthorizeRequestHandler processes the retry mechanism and first checks that the token value is not zero. Call the authorization function to get the new token and set the value to zero. If there are other requests, wait until the authorization function sets the new token (it is executed by promiseGenerator and returns pending promises that are resolved or rejected when the token.value function set is authorized).

Please check my code guys

Access to site content causes error 401

I have 1 site collection that suddenly stops serving all pages in the _layouts folder. All pages return error 401.

  • It is the root site collection for the web application (https://MyDomain.com).
  • I am the primary site collection administrator for all site collections.
  • The welcome page is fine.
  • I can see lists, but the "Items" and "Lists" bands are never fully loaded.
  • The other site collections are fine.

Any ideas on how to fix this?