I'm seeing something similar with a REST call in a workflow that creates a subsite. Get a "Forbidden."

So it has worked forever, and works on some sites...but not on new ones. 

I do. I wouldn't know where to start. My workflow is attached. Where would that go?

Daniel,

Thank you, i have tried your code and now its working. 

Just FYI, here is the piece of updated code i have used.

SecureString passWord = new SecureString();
foreach (char c in m_Password.ToCharArray()) passWord.AppendChar(c);
var credentials = new SharePointOnlineCredentials("UserName, passWord);
string metaDataURL = "ProjectOnlineURL";
var req = (HttpWebRequest)WebRequest.Create(metaDataURL);
req.Credentials = credentials;

req.Headers["X-FORMS_BASED_AUTH_ACCEPTED"] = "f";

req.Headers.Add(HttpRequestHeader.Cookie, credentials.GetAuthenticationCookie(new Uri(metaDataURL)));
var resp = (HttpWebResponse)req.GetResponse();

Regards,

Sunil G.

Hi Sunil,

Glad to hear it worked, thanks for letting me know.  

Joe - this is a little more tricky for you given you are calling the api direct in a workflow.  You have a few options on how to fix this but they will all require development and will be a change to your current design. 

If this isn't critical to get working I'd sit tight till someone hears back from Microsoft on a ETA in getting the api auth issues resolved.  Given the impact of this issue I'd be hoping to hear something official soon.  

If you have to get this working now and you have access to a developer then you could either create a standalone application that creates the sub sites and leave your workflow alone (benefit here is when MS fixes the issue your workflow will continue to work). 

Or you could host your own API wrapper for the SharePoint api in azure that creates the sub sites and update your workflow to use that.  That way in your api you could do the authentication.  This is a pretty big change to your design tho so it might be better to wait.

Thanks

Dan

Hi Dan,

It seems the solution you have suggested is working. But I want to know whether Microsoft is fixing this issue or going forward we need to use different authentication mechanisms

Regards,

Mahidhar

Thanks Sunil. Changing the header worked fine.

It is curious you mentioned that things are changing. From last weekend to today (9 May 2018) I am also getting the 'The Remote server returned an error: (401) Unauthorized' System.Net.WebException error, where the detail status tells "ProtocolError". The unmodified, proven-tested and working until today CSOM code I tried to run (repeat: always worked fine) with SharePoint Online was:

ClientContext context = new ClientContext(serverUrl);

SecureString securestringpassw = new SecureString();
foreach (char c in password) { securestringpassw.AppendChar(c); }

SharePointOnlineCredentials creds = new SharePointOnlineCredentials(username, securestringpassw);

context.Credentials = creds;
context.RequestTimeout = 60000; // ms

Web web = context.Web;

var list = web.Lists.GetByTitle(Library);
context.Load(list.Fields);
context.ExecuteQuery();  // Error 401 here

I really curious on what is going on... Any clues?

Many thanks!

Hi All,

I have just received a response from the product team that SharePoint Online no longer sends NTLM challenges on 401 responses. 

Their suggestion was to use SPOIDCRL in the request headers.  

So continue to authenticate with the sample code I provided earlier which does this.

I understand some of you are trying to do this in a SharePoint designer workflow.  I'll try and create one this week and see if there is a way to do this for your workflows.

Thanks

Dan