What are Correct Values for App Domain an Redirect URI when using SharePoint App Only Authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-2781359%22%20slang%3D%22en-US%22%3EWhat%20are%20Correct%20Values%20for%20App%20Domain%20an%20Redirect%20URI%20when%20using%20SharePoint%20App%20Only%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781359%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20need%20to%20write%20a%20C%23%20program%20running%20on%20one%20of%20the%20our%20servers%20(in%20AWS)%20to%20be%20able%20to%20transfer%20files%20to%20and%20from%20a%20shared%20folder%20in%20our%20Sharepoint%20using%20App%20Only%20Authentication.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20need%20to%20use%20App%20Only%20Authentication%20because%20MFA%20is%20enabled%20for%20all%20our%20SharePoint%20user%20accounts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20read%20throroughly%20and%20followed%20the%20instructions%20given%20in%20this%20Microsoft%20article.%3C%2FP%3E%3CUL%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fsolution-guidance%2Fsecurity-apponly-azureac%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fsolution-guidance%2Fsecurity-apponly-azureac%3C%2FA%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20are%20the%20pertinent%20details.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EPlease%20note%20that%2C%20in%20the%20following%2C%20for%20security%20reasons%20I%20have%20replaced%20actual%20identifying%20information%20with%20placeholders%20e.g.%20replaced%20the%20first%20part%20of%20our%20SharePoint%20domain%20name%20with%20mysharepoint%20as%20in%20mysharepoint.sharepoint.com%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20set%20up%20a%20client%20ID%20and%20secret%20using%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmysharepoint.sharepoint.com%2F_layouts%2F15%2Fappregnew.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmysharepoint.sharepoint.com%2F_layouts%2F15%2Fappregnew.aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20also%20given%20the%20app%20FullControl%20using%20the%20XML%20below%20in%20the%20%22App's%20Permission%20Request%20XML%22%20field%20using%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmysharepoint.sharepoint.com%2F_layouts%2F15%2Fappinv.asp%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmysharepoint.sharepoint.com%2F_layouts%2F15%2Fappinv.asp%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%3CAPPPERMISSIONREQUESTS%3E%0A%3CAPPPERMISSIONREQUEST%20scope%3D%22http%3A%2F%2Fsharepoint%2Fcontent%2Fsitecollection%2Fweb%2Flist%22%20right%3D%22FullControl%22%3E%3C%2FAPPPERMISSIONREQUEST%3E%0A%3C%2FAPPPERMISSIONREQUESTS%3E%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%3CBR%20%2F%3EThe%20first%20form%20I%20mention%20above%20-%20appregnew.aspx%20-%20is%20also%20asking%20for%20an%20App%20Domain%20and%20a%20Redirect%20URI.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20cannot%20find%20any%20guidance%20anywhere%20on%20what%20these%20values%20really%20mean%20and%20what%20they%20should%20be%20set%20to.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDo%20they%20relate%20to%20the%20domain%20in%20which%20our%20C%23%20program%20resides%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EIf%20so%2C%20how%20would%20we%20make%20this%20happen%20when%20our%20C%23%20program%20makes%20the%20request%20to%20Sharepoint%20i.e.%20how%20do%20we%20associate%20a%20domain%20with%20our%20C%23%20program%20in%20such%20a%20way%20that%20Sharepoint%20will%20identify%20it%20when%20our%20C%23%20program%20is%20making%20a%20request%20to%20Sharepoint%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20tried%20using%20the%20%22default%22%20values%20i.e.%20%3CA%20href%3D%22http%3A%2F%2Fwww.localhost.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ewww.localhost.com%3C%2FA%3E%20for%20App%20Domain%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.localhost.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.localhost.com%3C%2FA%3E%20for%20Redirect%20URI.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20when%20trying%20to%20upload%20or%20download%20files%20from%20Sharepoint%2C%20I%20get%20authorisation%20errors.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%2C%20here%20is%20the%20error%20I%20get%20when%20trying%20to%20upload%20a%20file%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-yaml%22%3E%3CCODE%3E401%20Client%20Error%3A%20Unauthorized%20for%20url%3A%0Ahttps%3A%2F%2F%3CMYSHAREPOINT%3E.sharepoint.com%2F_api%2FWeb%2FgetFolderByServerRelativeUrl('%252FShared%2520Documents%252FMyFolder%252F')%2FFiles%2Fadd(overwrite%3Dtrue%2Curl%3D'test.txt')%3C%2FMYSHAREPOINT%3E%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20in%20the%20AppPermissionRequest%2C%20the%20example%20given%20for%20the%20Scope%20is%3A%3C%2FP%3E%3CP%3E%22%3CA%20href%3D%22http%3A%2F%2Fsharepoint%2Fcontent%2Ftenant%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fsharepoint%2Fcontent%2Ftenant%3C%2FA%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EAgain%20I%20can't%20find%20any%20information%20on%20what%20this%20should%20really%20be%3F%20Should%20it%20be%20this%20value%20or%20should%20it%20be%20customised%20for%20our%20SharePoint%20and%20if%20so%20how%3F%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

 

Hi,

 

I need to write a C# program running on one of the our servers (in AWS) to be able to transfer files to and from a shared folder in our Sharepoint using App Only Authentication.

 

I need to use App Only Authentication because MFA is enabled for all our SharePoint user accounts.

 

I have read throroughly and followed the instructions given in this Microsoft article.

 

Here are the pertinent details.

 

Please note that, in the following, for security reasons I have replaced actual identifying information with placeholders e.g. replaced the first part of our SharePoint domain name with mysharepoint as in mysharepoint.sharepoint.com

 

I have set up a client ID and secret using

https://mysharepoint.sharepoint.com/_layouts/15/appregnew.aspx

 

I have also given the app FullControl using the XML below in the "App's Permission Request XML" field using

https://mysharepoint.sharepoint.com/_layouts/15/appinv.asp

 

<AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="FullControl"/>
</AppPermissionRequests>


The first form I mention above - appregnew.aspx - is also asking for an App Domain and a Redirect URI.

 

I cannot find any guidance anywhere on what these values really mean and what they should be set to.

 

Do they relate to the domain in which our C# program resides?

 

If so, how would we make this happen when our C# program makes the request to Sharepoint i.e. how do we associate a domain with our C# program in such a way that Sharepoint will identify it when our C# program is making a request to Sharepoint?

 

I have tried using the "default" values i.e. www.localhost.com for App Domain and https://www.localhost.com for Redirect URI.

 

However, when trying to upload or download files from Sharepoint, I get authorisation errors.

 

For example, here is the error I get when trying to upload a file:

 

401 Client Error: Unauthorized for url:
https://<mysharepoint>.sharepoint.com/_api/Web/getFolderByServerRelativeUrl('%2FShared%20Documents%2FMyFolder%2F')/Files/add(overwrite=true,url='test.txt')

 

Also in the AppPermissionRequest, the example given for the Scope is:

"http://sharepoint/content/tenant"

 

Again I can't find any information on what this should really be? Should it be this value or should it be customised for our SharePoint and if so how?

0 Replies