Trigger workflow for an item in the list by using CSOM. (env: SP 2013 on-prem, provider hosted app) and App Only will not work
Published May 01 2019 11:03 PM 1,095 Views
Microsoft

First published on TECHNET on Oct 18, 2016
This post is a contribution from Manish Joshi, an engineer with the SharePoint Developer Support team

There seems to be a check in SharePoint when starting a workflow using CSOM if SharePoint 2013 workflow is started using the App-Only context – if yes, throw Access Denied exception and log this exception.

So there is no other way than to start a SharePoint 2013 workflow in CSOM except using the App+User context

Following code illustrates using an app only access token to create a ClientContext and start the SharePoint 2013 workflow in CSOM.

    1. Get the Client Context using the App only Access Token

      // get app only access token by passing the windows identity as null
      string appOnlyAccessToken = TokenHelper.GetS2SAccessTokenWithWindowsIdentity(hostWeb, null);
      return TokenHelper.GetClientContextWithAccessToken(hostWeb.ToString(), appOnlyAccessToken);

 

    1. Invoke the workflow using the Client Context retrieved

      // start the workflow using the CSOM APIs and the client context retrieved previously
      var workflowManager = new WorkflowServicesManager(clientContext, clientContext.Web);
      InteropService workflowInteropService = workflowManager.GetWorkflowInteropService();

      // call the StartWorkflow method - https://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.client.workflowservices.interop...
      workflowInteropService.StartWorkflow(workflowAssociation.Name, corId, list.Id, itemGuid, new Dictionary<string, object>());
      clientContext.ExecuteQuery();



The above code will throw AccessDenied exception.



To get this to work the code needs to be changed as below.

    1. Get the Client Context for App + User context access token

      // pass a valid windows identity to get app + user context
      string appUserAccessToken = TokenHelper.GetS2SAccessTokenWithWindowsIdentity(hostWeb, windowsIdentity);
      return TokenHelper.GetClientContextWithAccessToken(hostWeb.ToString(), appUserAccessToken);

 

    1. Invoke the workflow using the Client Context retrieved

      // start the workflow using the CSOM APIs and the client context retrieved previously
      var workflowManager = new WorkflowServicesManager(clientContext, clientContext.Web);
      InteropService workflowInteropService = workflowManager.GetWorkflowInteropService();

      // call the StartWorkflow method - https://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.client.workflowservices.interop...
      workflowInteropService.StartWorkflow(workflowAssociation.Name, corId, list.Id, itemGuid, new Dictionary<string, object>());
      clientContext.ExecuteQuery();

 

Version history
Last update:
‎Sep 02 2020 04:14 PM
Updated by: