%3CLINGO-SUB%20id%3D%22lingo-sub-509985%22%20slang%3D%22en-US%22%3ETrigger%20workflow%20for%20an%20item%20in%20the%20list%20by%20using%20CSOM.%20(env%3A%20SP%202013%20on-prem%2C%20provider%20hosted%20app)%20and%20App%20Only%20will%20not%20work%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-509985%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EFirst%20published%20on%20TECHNET%20on%20Oct%2018%2C%202016%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3EThis%20post%20is%20a%20contribution%20from%20Manish%20Joshi%2C%20an%20engineer%20with%20the%20SharePoint%20Developer%20Support%20team%20%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20seems%20to%20be%20a%20check%20in%20SharePoint%20when%20starting%20a%20workflow%20using%20CSOM%20if%20SharePoint%202013%20workflow%20is%20started%20using%20the%20App-Only%20context%20%E2%80%93%20if%20yes%2C%20throw%20Access%20Denied%20exception%20and%20log%20this%20exception.%20%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20there%20is%20no%20other%20way%20than%20to%20start%20a%26nbsp%3BSharePoint%202013%20workflow%20in%20CSOM%20except%20using%20the%20App%2BUser%20context%20%3CBR%20%2F%3E%3CBR%20%2F%3EFollowing%20code%20illustrates%20using%20an%26nbsp%3Bapp%20only%20access%20token%20to%20create%20a%20ClientContext%20and%20start%20the%20SharePoint%202013%20workflow%20in%20CSOM.%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3EGet%20the%20Client%20Context%20using%20the%20App%20only%20Access%20Token%20%3CBR%20%2F%3E%3CDIV%3E%3CBR%20%2F%3E%2F%2F%20get%20app%20only%20access%20token%20by%20passing%20the%20windows%20identity%20as%20null%20%3CBR%20%2F%3Estring%20appOnlyAccessToken%20%3D%20TokenHelper.GetS2SAccessTokenWithWindowsIdentity(hostWeb%2C%20null)%3B%20%3CBR%20%2F%3Ereturn%20TokenHelper.GetClientContextWithAccessToken(hostWeb.ToString()%2C%20appOnlyAccessToken)%3B%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FDIV%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3EInvoke%20the%26nbsp%3Bworkflow%20using%20the%26nbsp%3BClient%20Context%20retrieved%20%3CBR%20%2F%3E%3CDIV%3E%3CBR%20%2F%3E%2F%2F%20start%20the%20workflow%20using%20the%20CSOM%20APIs%20and%20the%20client%20context%20retrieved%20previously%20%3CBR%20%2F%3Evar%20workflowManager%20%3D%20new%20WorkflowServicesManager(clientContext%2C%20clientContext.Web)%3B%20%3CBR%20%2F%3EInteropService%20workflowInteropService%20%3D%20workflowManager.GetWorkflowInteropService()%3B%20%3CBR%20%2F%3E%3CBR%20%2F%3E%2F%2F%20call%20the%20StartWorkflow%20method%20-%20%3CA%20href%3D%22https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Foffice%2Fmicrosoft.sharepoint.client.workflowservices.interopservice.startworkflow.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Foffice%2Fmicrosoft.sharepoint.client.workflowservices.interopservice.startworkflow.aspx%3C%2FA%3E%20%3CBR%20%2F%3EworkflowInteropService.StartWorkflow(workflowAssociation.Name%2C%20corId%2C%20list.Id%2C%20itemGuid%2C%20new%20Dictionary%3CSTRING%3E())%3B%20%3CBR%20%2F%3EclientContext.ExecuteQuery()%3B%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FSTRING%3E%3C%2FDIV%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20above%20code%20will%20throw%20AccessDenied%20exception.%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20get%20this%20to%20work%20the%20code%20needs%20to%20be%20changed%20as%20below.%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3EGet%20the%20Client%20Context%20for%20App%20%2B%20User%20context%20access%20token%20%3CBR%20%2F%3E%3CDIV%3E%3CBR%20%2F%3E%2F%2F%20pass%20a%20valid%20windows%20identity%20to%20get%20app%20%2B%20user%20context%20%3CBR%20%2F%3Estring%20appUserAccessToken%20%3D%20TokenHelper.GetS2SAccessTokenWithWindowsIdentity(hostWeb%2C%20windowsIdentity)%3B%20%3CBR%20%2F%3Ereturn%20TokenHelper.GetClientContextWithAccessToken(hostWeb.ToString()%2C%20appUserAccessToken)%3B%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FDIV%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3EInvoke%20the%20workflow%20using%20the%20Client%20Context%20retrieved%20%3CBR%20%2F%3E%3CDIV%3E%3CBR%20%2F%3E%2F%2F%20start%20the%20workflow%20using%20the%20CSOM%20APIs%20and%20the%20client%20context%20retrieved%20previously%20%3CBR%20%2F%3Evar%20workflowManager%20%3D%20new%20WorkflowServicesManager(clientContext%2C%20clientContext.Web)%3B%20%3CBR%20%2F%3EInteropService%20workflowInteropService%20%3D%20workflowManager.GetWorkflowInteropService()%3B%20%3CBR%20%2F%3E%3CBR%20%2F%3E%2F%2F%20call%20the%20StartWorkflow%20method%20-%20%3CA%20href%3D%22https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Foffice%2Fmicrosoft.sharepoint.client.workflowservices.interopservice.startworkflow.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Foffice%2Fmicrosoft.sharepoint.client.workflowservices.interopservice.startworkflow.aspx%3C%2FA%3E%20%3CBR%20%2F%3EworkflowInteropService.StartWorkflow(workflowAssociation.Name%2C%20corId%2C%20list.Id%2C%20itemGuid%2C%20new%20Dictionary%3CSTRING%3E())%3B%20%3CBR%20%2F%3EclientContext.ExecuteQuery()%3B%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FSTRING%3E%3C%2FDIV%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-509985%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20TECHNET%20on%20Oct%2018%2C%202016%20This%20post%20is%20a%20contribution%20from%20Manish%20Joshi%2C%20an%20engineer%20with%20the%20SharePoint%20Developer%20Support%20teamThere%20seems%20to%20be%20a%20check%20in%20SharePoint%20when%20starting%20a%20workflow%20using%20CSOM%20if%20SharePoint%202013%20workflow%20is%20started%20using%20the%20App-Only%20context%20%E2%80%93%20if%20yes%2C%20throw%20Access%20Denied%20exception%20and%20log%20this%20exception.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-509985%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDeveloper%20Support%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

First published on TECHNET on Oct 18, 2016
This post is a contribution from Manish Joshi, an engineer with the SharePoint Developer Support team

There seems to be a check in SharePoint when starting a workflow using CSOM if SharePoint 2013 workflow is started using the App-Only context – if yes, throw Access Denied exception and log this exception.

So there is no other way than to start a SharePoint 2013 workflow in CSOM except using the App+User context

Following code illustrates using an app only access token to create a ClientContext and start the SharePoint 2013 workflow in CSOM.

    1. Get the Client Context using the App only Access Token

      // get app only access token by passing the windows identity as null
      string appOnlyAccessToken = TokenHelper.GetS2SAccessTokenWithWindowsIdentity(hostWeb, null);
      return TokenHelper.GetClientContextWithAccessToken(hostWeb.ToString(), appOnlyAccessToken);

 

    1. Invoke the workflow using the Client Context retrieved

      // start the workflow using the CSOM APIs and the client context retrieved previously
      var workflowManager = new WorkflowServicesManager(clientContext, clientContext.Web);
      InteropService workflowInteropService = workflowManager.GetWorkflowInteropService();

      // call the StartWorkflow method - https://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.client.workflowservices.interop...
      workflowInteropService.StartWorkflow(workflowAssociation.Name, corId, list.Id, itemGuid, new Dictionary<string, object>());
      clientContext.ExecuteQuery();



The above code will throw AccessDenied exception.



To get this to work the code needs to be changed as below.

    1. Get the Client Context for App + User context access token

      // pass a valid windows identity to get app + user context
      string appUserAccessToken = TokenHelper.GetS2SAccessTokenWithWindowsIdentity(hostWeb, windowsIdentity);
      return TokenHelper.GetClientContextWithAccessToken(hostWeb.ToString(), appUserAccessToken);

 

    1. Invoke the workflow using the Client Context retrieved

      // start the workflow using the CSOM APIs and the client context retrieved previously
      var workflowManager = new WorkflowServicesManager(clientContext, clientContext.Web);
      InteropService workflowInteropService = workflowManager.GetWorkflowInteropService();

      // call the StartWorkflow method - https://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.client.workflowservices.interop...
      workflowInteropService.StartWorkflow(workflowAssociation.Name, corId, list.Id, itemGuid, new Dictionary<string, object>());
      clientContext.ExecuteQuery();