SharePoint – Unauthorized Access Issue with Service Principal

Copper Contributor

I am currently working on developing a solution that involves connecting to a SharePoint List to read its items and process them according to specific InfoSec guidelines. To achieve this, I have registered an application in Azure Active Directory and granted it access through the SharePoint Site Collection App Permissions.

1.png

The solution is designed to query the SharePoint REST API to interact with the list data. Despite having set up the permissions, when I attempt to access the SharePoint List via the REST API, I receive a “401 Unauthorized” error.

I was instructed that granting permissions directly on the SharePoint site should enough. Following this advice, I configured the permissions for the SharePoint site collection specifically.

I have also expanded the permissions in my Azure Active Directory App to provide broader access to the SharePoint site collection. Despite these adjustments, I am still encountering the 401 Unauthorized error when attempting to interact with the SharePoint REST API.

Here is the updated permission request I’ve configured in appinv.aspx:

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope=http://sharepoint/content/sitecollection/web Right="Read"/>
</AppPermissionRequests>

With these permissions granted, I am performing the authentication API call as follows:

2.png

Upon successful token acquisition, I proceed to query the SharePoint List. However, the response is still a 401 Unauthorized.

3.png

1 Reply
Check SharePoint Principal Web in Registered app, review the json code, and if a http://......v3......com is noticed, review the json code for the correlated object id, copy the correlated object id, do a search in Azure and Entra. It may not be a resource relation to the json file and SharePoint foundation of your domain environment.