We have a SharePoint 2010 production site which is configured for claims authentication. But when we access the site with .net client object model code we are getting 403 forbidden error.

But if we use "X-FORMS_BASED_AUTH_ACCEPTED", "f" in request header (which uses windows authentication) , .net CSOM can access the site.

Can we say that the sharepoint site is not properly configured for claims authentication, and this is why the production  site is not accessible with .net  csom except we provide "X-FORMS_BASED_AUTH_ACCEPTED","f" 

February 13th, 2014 5:40am

For this issue, I'm trying to involve someone familiar with this topic to further look at it.

I found follow article that has a explanation about this topic:


Free Windows Admin Tool Kit Click here and download it now
February 20th, 2014 3:30am

Hi SiddharthaDas,

i do agree with Qiao's topic, and in my personal opinion, it is easier to use windows authentication box (windows credential set), rather to create a custom authentication box according the authenticator.if we need the windows authentication box then we may need this X-forms_based_auth_accepted with value 'f'.


"if you want to programmatically access a SharePoint site that uses multiple authentication providers by using a set of Windows credentials, you must add an additional header to your request. The header name must be X-FORMS_BASED_AUTH_ACCEPTED and the value must be f." http://msdn.microsoft.com/en-us/library/hh124553(v=office.14).as

February 20th, 2014 7:23am