Forum Discussion
AuthenticationManager.GetAppOnlyAuthenticatedContext Azure App API permissions access denied
When building a ClientContext based on an App ID and ClientSecret, you get an access denied while trying to access a SharePoint site. I have tried setting several API permissions, separately for SharePoint or Microsoft Graph, but the behavior stays the same.
var authManager = new AuthenticationManager();
using (var clientContext = authManager.GetAppOnlyAuthenticatedContext(siteUrl, _sharePointSettings.AppId, _sharePointSettings.AppSecret))
{
clientContext.Load(clientContext.Web);
clientContext.ExecuteQuery();
}
- If you're connecting to the SharePoint APIs using the Azure App registration you'll need to do it with a certificate as detailed here https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
Otherwise use the method in my other post
- Toby StathamBrass Contributor
Mathieu Marchant Did you use this method to create the app id and secret - https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
If so what's the XML you used for the permissions?
- Mathieu MarchantCopper Contributor
Toby Statham I used the Azure Portal to register a new App under "Azure Active Directory" and from there I generated a new secret. Additionally I also added SharePoint related "API permissions" from there.
However I still get an access denied. So what I need to do, is lookup the app with the appinv.aspx from within SharePoint and add additional permissions from there with the xml.
What I would expect, is that setting the API permissions from the Azure Portal would be enough, but that doesn't seem to be the case. Is suppose by using the AuthenticationManager, the credentials are built up in a different way?
- Toby StathamBrass ContributorIf you're connecting to the SharePoint APIs using the Azure App registration you'll need to do it with a certificate as detailed here https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
Otherwise use the method in my other post
- ArvindKumar MepaniBrass ContributorDoes admin have given consent to your app??
For first time admin consent is required to use app created from azure portal app registration.