none
Cannot access another site collection using AppContextSite or SP.RequestExecutor RRS feed

  • Question

  • I have read in many blogs that it should be possible to access data in another SiteCollection from a SharePoint-hosted App. My App is installed in one SiteCollection (http://collaboration.futurama.local/development/01) and the App URL is http://app-9b3b765713592f.app.futurama.local/development/01/MyApp From MyApp I'm trying to read data from an Announcements list in another SiteCollection http://collaboration.futurama.local/development/02/Announcements. I've tried for example:

    var executor = new SP.RequestExecutor(appweburl);
        executor.executeAsync(
            {
                url: appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('Announcements')/items?@target='http://collaboration.futurama.local/development/02'",
                method: "GET",
                headers: { "Accept": "application/json; odata=verbose" },
                success: successHandler,
                error: errorHandler
            }
        );

    And also:

    ctx = new SP.ClientContext(appweburl);
        targetSite = new SP.AppContextSite(ctx, 'http://collaboration.futurama.local/development/02/');

    But in both cases I get Unauthorized. I've given my App Tentant => Manage permissions and the account running the App has permissions to both SiteCollection. At other occassions I get a 12031 error.

    I'm just not sure, whether I'm trying to do something that actually is not possible.

    Thanks!

    Sunday, March 17, 2013 8:22 PM

Answers

  • So I finally found a solution for this issue. If your SharePoint (hosted) App Needs to Access lists/library data (or the rest API) in another Site Collection then where your App is installed to, you Need to:

    a) Allow your App to Read at Tenant Scope (=Permission Setting in your App.Manifest)

    b) Publish your App in the App Catalog

    b) Install your App in the App Catalog Web

    c) Deploy it (so that it is deployed at Tenant Scope) to Site Collection A and you'll find that you App now is able to retrieve data from a list in a web in Site Collection B

    So apparently Tenant Scoped Permissions only make sense when you Deploy at Tenant Scope (instead of deploying at Web Scope). As far as I know this is undocumented!

    • Marked as answer by mavawie Saturday, April 20, 2013 7:29 AM
    Saturday, April 20, 2013 7:29 AM

All replies

  • Having slept one night one this topic, I just come to realize that the permission level that would allow access to other site collections is Tenant. That probably would mean that SharePoint 2013 in the background is checking whether or not both site collections belong to the same tenant i.e. have the same subscription ID. Since I haven't configured multi-tenancy properly I guess both my site collections either don't belong to the same tenant or do not belong to a (default) Tenant at all; Hence the permission level Tenant is useless in this case. I guess I will need to run some tests later today to see whether this is true. Howver most of the posts referring to accessing data in other site collections using the code above were indeed about SharePoint-hosted Apps for SharePoint Online (where tenancy obviously is configured).

    Still, I would appreciate any pointers, as I now wonder how I can access data outside of the host web's site collection (and probably, if multi-tenancy is not configured this actually means outside of the current tenant) using client-side techniques. This really is not a question related to cross-domain scripting anymore, because that basically works fine (using either of the above techniques I can access the host web that is in a different domain). I get the feeling that the SharePoint hosted App lacks the appropriate permission levels to callout to other site collections e.g. Web Application (only available when tenancy is not availabe) and hence will block the request. Does this imply that I need to create some additional request broker/proxy functionality or use OAuth when I want to make a callout to another site collection in an on-premise no-multi-tenancy farm?

    Thanks!

    Update

    Ps, my assumption and probably, if multi-tenancy is not configured this actually means outside of the current tenant is wrong. If multi-tenancy is not configured all site collections are registered to a default tenant when you execute (using PowerShell):

    Set-SPAppSiteSubscriptionName -Name "mvwapp" -Confirm:$false

    However, if you have multiple tenants configured you can create specific subscriptions for a tenant by adding

    -SiteSubscription $sub

    Where $sub is the tenant's subscription.


    • Edited by mavawie Monday, March 18, 2013 9:57 PM
    Monday, March 18, 2013 6:35 AM
  • I created an isolated Tenant with two site collections but unfortunately I was still not able to gain access to the second site collection from my app that is installed in (the appweb under) the root site of the first site collection. I'm a little lost here and help would be appreciated!

    Monday, March 18, 2013 9:45 PM
  • How are you deploying the solution? Are you using Visual Studio for the same? If yes, can you try to deploy it without using Visual Studio by uploading your app to corporate catalog and publishing it for the desired site collections.

    Geetanjali Arora | My blogs |

    Tuesday, March 19, 2013 5:37 PM
  • I have tried that already, without much luck though. Does this mean that you can successfully Access data in other site collections? If so, maybe you could post an code snippet? Again, I get two different Errors. 80% of the time I get Unauthorized exceptions. 20% of the the time I see that the Ajax request Status is set to 12031 which apparently means that the Internet Connection was reset. Hence I also not fully trust my set (AD on the same machine with LoopbackCheck disabled).

    Thanks!

    Wednesday, March 20, 2013 9:17 AM
  • So I finally found a solution for this issue. If your SharePoint (hosted) App Needs to Access lists/library data (or the rest API) in another Site Collection then where your App is installed to, you Need to:

    a) Allow your App to Read at Tenant Scope (=Permission Setting in your App.Manifest)

    b) Publish your App in the App Catalog

    b) Install your App in the App Catalog Web

    c) Deploy it (so that it is deployed at Tenant Scope) to Site Collection A and you'll find that you App now is able to retrieve data from a list in a web in Site Collection B

    So apparently Tenant Scoped Permissions only make sense when you Deploy at Tenant Scope (instead of deploying at Web Scope). As far as I know this is undocumented!

    • Marked as answer by mavawie Saturday, April 20, 2013 7:29 AM
    Saturday, April 20, 2013 7:29 AM