Forum Discussion
Azure App access to SharePoint 403 / access denied
We have some custom code that reads document metadata details from a SharePoint online library.
It uses an Azure App with Sites.Selected permission, to do this. The appid has been given access to the sprecific SharePoint site the library is in using powershell PNP:
- grant-PnPAzureADAppSitePermission
This has been working in Test and production since earlier this year.
BUT as of Tuesday AM New Zealand time, our C# code / Postman and PowerShell testing all comes back with 403 / accesss denied errors.
Is anyone else experiencing this issue ?
I've found one other mention of this on StackOverflow which is recent.
I've logged a ticket with Microsoft as my guess (no evidence) is it is a code regression of the PNP comandlet or some change to the SharePoint tenant. I'll update here if I hear anything.
We have 2 apps (test and prod), both began failing Tuesday morning with 403 / access denied messages.
When I tried to check permissions and reset permissions using get-PnPAzureADAppSitePermission or grant-PnPAzureADAppSitePermission
Powershell says : "Operation not supported"
Full text of the error
Grant-PnPAzureADAppSitePermission : {"error":{"code":"notSupported","message":"Operation not supported","innerError":{" date":"2022-05-16T23:39:16","request-id":"xxxx-azureappid-yyyy","client-request-id":"xxxx-azureappid-yyyy"}}} At line:8 char:1
Grant-PnPAzureADAppSitePermission -AppId $appId -DisplayName 'TenantName...
+ CategoryInfo : NotSpecified: (:) [Grant-PnPAzureADAppSitePermission], HttpRequestException
+ FullyQualifiedErrorId : System.Net.Http.HttpRequestException,PnP.PowerShell.Commands.Apps.GrantPnPAzureADAppSite
Permission
5 Replies
Hi
This morning when I tested this, everything is back to the way it was on Friday New Zealand time.
I've heard from Microsoft via the ticket I logged, that the "PG team had reinstated an update from the backend". It didn't work last night, but this morning we're back up and running.I hope your tenancies come back too. If not log a Microsoft ticket if you can.
Hi
thank you very much for your feedback. I confirm you that also in my tenant now all is working fine.
Regards and good job.
Dorje-McKinnon Thanks for posting this. I'm seeing the same issue here with my app registration which had been reading from a list failing. And just as you have written, when I try to check the permissions with Get-PnPAzureADAppSitePermission, I am getting "Operation not supported"
- I've had a call with Microsoft Support. They tell me other customers are reporting the same error messages and they have escalated my call to the Project Engineering (PG) group.
If I get any updates I'll post them here.- I have the same problem and I'm stuck with work. Hope Microsoft will solve the problem as soon as possible. I look forward to your updates with hope.
