locked
Can not get app token for site from SharePoint App RRS feed

  • Question

  • There have a On-Premise SharePoint Environment,  and i have deployed the SharePoint App, but when i click the App to redict, in the code 

    i will get an error

    Exception:System.Net.WebException: The remote server returned an error: (401) Unauthorized.
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute()
       at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb)

    and from SharePoint log, i can find this error

    07/22/2013 11:06:09.38 w3wp.exe (0x0A54)                       0x135C SharePoint Foundation         Application Authentication     ajezu Unexpected SPApplicationAuthenticationModule: Failed to authenticate request, unknown error. Exception details: System.IdentityModel.Tokens.SecurityTokenException: The issuer of the token is not a trusted issuer.     at Microsoft.SharePoint.IdentityModel.SPTrustedIssuerNameRegistry`1.GetIssuerName(SecurityToken securityToken, String requestedIssuerName)     at Microsoft.SharePoint.IdentityModel.SPJsonWebSecurityBaseTokenHandler.GetIssuerNameFromIssuerToken(JsonWebSecurityToken token)     at Microsoft.SharePoint.IdentityModel.SPJsonWebSecurityBaseTokenHandler.GetIssuerName(JsonWebSecurityToken token)     at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.ValidateTokenCore(SecurityToken token, Boolean isActorToken)     at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.Val... 4368319c-9866-60c7-cb93-8efb6e2585c4
    07/22/2013 11:06:09.38* w3wp.exe (0x0A54)                       0x135C SharePoint Foundation         Application Authentication     ajezu Unexpected ...idateTokenCore(SecurityToken token, Boolean isActorToken)     at Microsoft.SharePoint.IdentityModel.SPJsonWebSecurityBaseTokenHandler.ValidateToken(SecurityToken token)     at Microsoft.SharePoint.IdentityModel.SPJsonWebSecurityTokenHandler.ValidateToken(SecurityToken token)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.TryExtractAndValidateToken(HttpContext httpContext, SPIncomingTokenContext& tokenContext)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.ConstructIClaimsPrincipalAndSetThreadIdentity(HttpApplication httpApplication, HttpContext httpContext, SPFederationAuthenticationModule fam)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.AuthenticateRequest(Object sender, EventArgs e) 4368319c-9866-60c7-cb93-8efb6e2585c4
    07/22/2013 11:06:09.38 w3wp.exe (0x0A54)                       0x135C SharePoint Foundation         General                       8nca Medium   Application error when access /sites/Home/_vti_bin/client.svc, Error=The issuer of the token is not a trusted issuer.   at Microsoft.SharePoint.IdentityModel.SPTrustedIssuerNameRegistry`1.GetIssuerName(SecurityToken securityToken, String requestedIssuerName)     at Microsoft.SharePoint.IdentityModel.SPJsonWebSecurityBaseTokenHandler.GetIssuerNameFromIssuerToken(JsonWebSecurityToken token)     at Microsoft.SharePoint.IdentityModel.SPJsonWebSecurityBaseTokenHandler.GetIssuerName(JsonWebSecurityToken token)     at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.ValidateTokenCore(SecurityToken token, Boolean isActorToken)     at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.ValidateTokenCore(SecurityToken token, Boolean isActorToken)     at Microsoft.SharePoint.... 4368319c-9866-60c7-cb93-8efb6e2585c4
    07/22/2013 11:06:09.38* w3wp.exe (0x0A54)                       0x135C SharePoint Foundation         General                       8nca Medium   ...IdentityModel.SPJsonWebSecurityBaseTokenHandler.ValidateToken(SecurityToken token)     at Microsoft.SharePoint.IdentityModel.SPJsonWebSecurityTokenHandler.ValidateToken(SecurityToken token)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.TryExtractAndValidateToken(HttpContext httpContext, SPIncomingTokenContext& tokenContext)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.ConstructIClaimsPrincipalAndSetThreadIdentity(HttpApplication httpApplication, HttpContext httpContext, SPFederationAuthenticationModule fam)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.AuthenticateRequest(Object sender, EventArgs e)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Exe... 4368319c-9866-60c7-cb93-8efb6e2585c4
    07/22/2013 11:06:09.38* w3wp.exe (0x0A54)                       0x135C SharePoint Foundation         General                       8nca Medium   ...cute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 4368319c-9866-60c7-cb93-8efb6e2585c4

    i have add SPTrustedRootAuthority;

    anyone have any suggestion about this issue?


    Michael Ma

    Monday, July 22, 2013 3:14 AM

Answers

  • Thanks Yaqi,

    i have double checked my trusted security token issuer id, and i found my principal is not match the issuer id,  i have resolved this issue by re-register principal use command like this:

    Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $web -DisplayName "Principal Name"

    anyway, thanks your reply.


    Michael Ma

    • Marked as answer by Michael.M.193 Tuesday, July 23, 2013 5:04 AM
    Tuesday, July 23, 2013 5:01 AM

All replies

  • From your log, it has "The issuer of the token is not a trusted issuer". Basically the issuer id is not valid. You need to get a valid issuer Id. If you just created the issuer id, please run "iisreset" before using it.
    Monday, July 22, 2013 10:50 PM
  • Thanks Yaqi,

    i have double checked my trusted security token issuer id, and i found my principal is not match the issuer id,  i have resolved this issue by re-register principal use command like this:

    Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $web -DisplayName "Principal Name"

    anyway, thanks your reply.


    Michael Ma

    • Marked as answer by Michael.M.193 Tuesday, July 23, 2013 5:04 AM
    Tuesday, July 23, 2013 5:01 AM
  • Hi Michael,

    I am having the same problem.

    Thank your for sharing your experience but what do you mean by matching token issuer id?

    you probably mean the realm?

    From what I know, $fullAppIdentifier = "$clientId@$realm"

    Thursday, June 8, 2017 12:29 PM