none
SharePoint Online - Access Denied when attempting to upload a document via CSOM - PnP Sample RRS feed

  • Question

  • Hello Office / SharePoint Developers,

    I am working on a project based on the Office Developer Patterns and Practices Sample where a console application accesses a WebAPI which then access SharePoint Online as the logged in user:  The sample is here: https://github.com/SharePoint/PnP/tree/master/Samples/AzureAD.WebAPI.SPOnline

    I have adapted the sample to list files in a document library.  I have also added the ability to query for documents based on a meta data column.  All of these reads work perfectly.  However, when I attempt to upload a file to the document library, I get an error 401 "The remote server returned an error: (401) Unauthorized".

    I get an access token from SharePoint online based on the token I get in the native client.

     public string GetAccessToken(string accessToken)
            {
                string clientID = _clientId;           
                string clientSecret = _clientSecret;
                var appCred = new ClientCredential(clientID, clientSecret);
                var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/common");
                AuthenticationResult authResult = authContext.AcquireToken(new Uri(_spoUrl).GetLeftPart(UriPartial.Authority), appCred, new UserAssertion(accessToken));
                return authResult.AccessToken;
            }

    This is the CSOM that uploads the file.  I know it works as I can paste it into a console app and using (SharePointOnlineCredentails) it works fine.

     string newToken = _tokenSvc.GetAccessToken(accessToken);
                /* Beginning CSOM Magic */
                using (ClientContext cli = new ClientContext(_spoUrl))
                {
                    /* Adding authorization header  */
                    cli.ExecutingWebRequest += (s, e) => e.WebRequestExecutor.WebRequest.Headers.Add("Authorization", "Bearer " + newToken);
                    cli.AuthenticationMode = ClientAuthenticationMode.Default;
                    using (var fs = new FileStream(@"c:\test.txt", FileMode.Open))
                    {
                        var fi = new FileInfo("test.txt");
                        var list = cli.Web.Lists.GetByTitle("documents");
                        cli.Load(list.RootFolder);
                        cli.ExecuteQuery();
                        var fileUrl = String.Format("{0}/{1}", list.RootFolder.ServerRelativeUrl, fi.Name);
                        Microsoft.SharePoint.Client.File.SaveBinaryDirect(cli, fileUrl, fs, true);
                        Web web = cli.Web;
                        Microsoft.SharePoint.Client.File newFile = web.GetFileByServerRelativeUrl(fileUrl);
                        cli.Load(newFile);
                        cli.ExecuteQuery();
                        ListItem item = newFile.ListItemAllFields;
                        item["CRUID"] = "CRU_1337";
                        item.Update();
                        cli.ExecuteQuery();
                    }

    }...

    TLDR:  I get 401 on file upload.  Reads work.  I am using CSOM with an access token that is supposed to be a webAPI on behalf of the logged in user.

    I look forward to hearing your advice!

    Chris

    Thursday, April 27, 2017 7:06 PM

All replies

  • Hi Chris, did you ever find a solution? I also work with an access token to communicate with SharePoint online. Seems I can read any list, but whenever I try to update or insert I get an 401 access denied. Perhaps it has something to do with the headers I set?

    Sander

    Tuesday, October 31, 2017 1:37 PM