none
Issues on accessing the particular Share point site only for domain users. RRS feed

  • Question

  • Hi All,

     I am running an asp.net application. We have hosted our app in azure. But for the authentication purpose I am using share point. once the user(could be internal or external) got validated from share point I will give access to our azure application.this is happening from years. But now suddenly domain users are not getting access even if the user is tenant admin. They are getting load web access denied error. Other organisation users(like gmail) are able to access. And very Importantly this issue is very inconsistent. Need to know what is wrong in my piece of code. Would like to show the piece of code where I am trying validate the user in Visual studio 2015.

    The piece of code I used to validate the user in share point is sown below. and same code was working fine from years even now only for external users.

    Can any body please look into the Issue.. any suggestion would  greatly accepted.And would like to give more info at any time if the info is not sufficient.

      string trace = "start";
    
                trace += "->Valid";
                //check if its a new session
                try
                {
                    if (Session[WebConstants.WebConstants.SessionUserEmailKey] == null || string.IsNullOrWhiteSpace(Session[WebConstants.WebConstants.SessionUserEmailKey].ToString()))
                    {
    
                        CheckSPContextValidity(pageContext, pageResponse);
    
                        //check for new user/ session
                        if (GetCurrentUser(Session) == null)
                            {
                                CheckSPContextValidity(pageContext, pageResponse);
                                trace += "->Session null";
                                var spContext = SharePointContextProvider.Current.GetSharePointContext(pageContext);
                                trace += "->get context";
                                if (spContext != null)
                                {
                                    CheckSPContextValidity(pageContext, pageResponse);
                                    trace += "->Session null";
                                    spContext = SharePointContextProvider.Current.GetSharePointContext(pageContext);
                                    trace += "->get context";
                                    if (spContext != null)
                                    {
                                        trace += "->Context not nul";
                                        Microsoft.SharePoint.Client.ClientContext clientContext = spContext.CreateUserClientContextForSPHost();
                                        trace += "-> Get client context";
                                        clientContext.Load(clientContext.Web.CurrentUser);
    
                                        trace += "->Load web";
                                        clientContext.ExecuteQuery();
                                        //check if user exists in the database
                                              pageResponse.Write(trace);
                                        pageResponse.Write(clientContext.Web.CurrentUser.LoginName + "LoginName");
                                        PeopleManager peopleManager = new PeopleManager(clientContext);
                                        PersonProperties properties = peopleManager.GetPropertiesFor(clientContext.Web.CurrentUser.LoginName);
                                        clientContext.Load(properties);
                                        clientContext.ExecuteQuery();
                                        pageResponse.Write(properties.UserProfileProperties["WorkEmail"] + "username");
                                        pageResponse.End();
                                        cpUser = businessProvider.GetUsersByEmail(properties.UserProfileProperties["WorkEmail"]);
                                        if (cpUser != null)
                                        {
                                            Session[WebConstants.WebConstants.SessionUserEmailKey] = cpUser.Email;
                                            Session[WebConstants.WebConstants.SessionUserKey] = cpUser;
                                        }
                                        else
                                        {
                                            pageResponse.Write(properties.UserProfileProperties["WorkEmail"] + "username");
                                            pageResponse.Redirect("invalidusererror.aspx");
                                            pageResponse.End();
                                        }
                                        trace += "->email" + Session[WebConstants.WebConstants.SessionUserKey];
                                    }
                                    else
                                    {
                                        //log error
                                        Exception ex = new Exception("Cant create SPcontext for user");
                                        LogException(ex, "Null SPContext", Session[WebConstants.WebConstants.SessionUserEmailKey].ToString());
                                        //logout user
                                        SesionSignOut(pageResponse, Session);
                                        pageResponse.Write(ex.StackTrace);
    
                                    }
                                }
                            }
                    }
    
                }
                catch (Exception x)
                {
                    trace += "Exception";
                    pageResponse.Write(trace);
                    pageResponse.Write(x.StackTrace);
                    pageResponse.End();
                }


    Please let me know if anything if you have not understood or if you want more info regarding the issue.

    And error that is being thrown for internal users 

    start->Valid->Session null->get context->Context not nul-> Get client context->Load webAccess denied. You do not have permission to perform this action or access this resource. at Microsoft.SharePoint.Client.ClientRequest.ProcessResponseStream(Stream responseStream) at Microsoft.SharePoint.Client.ClientRequest.ProcessResponse() at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb) at Microsoft.SharePoint.Client.ClientRequest.ExecuteQuery() at Microsoft.SharePoint.Client.ClientRuntimeContext.ExecuteQuery() at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery() at OperatingModelWeb.WebUtility.WebUtility.CheckValidSession(HttpContextBase pageContext, HttpSessionStateBase Session)

    

     

    Tuesday, March 21, 2017 5:28 AM

All replies

  • Hi,

    Does it occur to all users in your domain?

    Can you verify that your domain users can access the corresponding SharePoint site in browser?

    As you said, “this issue is very inconsistent”, it means your code should be ok.

    Please monitor the “pageContext” object when accessing your app using domain user account and other organization user account? Let’s see if there will be more details.  

    Best regards,

    Patrick

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 21, 2017 12:15 PM
    Moderator
  • Hi Patrick,

    Yes. All users in the domain are facing this issue. But they can access the share point view list page and all other things. only when you give custom URL the issue is coming from past 1 week,though it was working for years.

    So would like to ask if they have changed any authentication procedures for internal users or domain fr users?



    Tuesday, March 21, 2017 1:01 PM
  • Hi Nytingale,

    Just a quick note that let you know I'm working on it currently, I will come back once there is any progress on my side.

    Best regards,

    Patrick


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, March 30, 2017 2:42 AM
    Moderator