Sharepoint 2013 Workflow App Step Security

My workflow ran fine for me as a full control user.  In testing any other type of user it failed on a 401.  So I followed these steps:

http://msdn.microsoft.com/en-us/library/office/jj822159(v=office.15).aspx

After this, it failed with a 401 on my first REST webservice call so I changed the header using  Authorization= "".

http://sharepoint.stackexchange.com/questions/118876/call-http-web-service-unauthorized

I was then able to get results from my REST call.  

Then it failed with the below message trying to "Start a task process".

Any thoughts on what I can do?

Thanks.

   w3wp.exe (0x2F90)                        0x1EE4 SharePoint Foundation          CSOM                           afxwb High     System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))     at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex)     at Microsoft.SharePoint.Library.SPRequest.GetUsersDataAsSafeArray(String bstrUrl, UInt32 dwUsersScope, UInt32 dwUserCollectionFlags, String bstrValue, UInt32 dwValue, UInt32& pdwColCount, UInt32& pdwRowCount, Object& pvarDataSet)     at Microsoft.SharePoint.SPUserCollection.InitUsersCore(Boolean fCustomUsers, String[] strIdentifiers, SPUserCollectionFlags ucf)     at Microsoft.SharePoint.SPBaseCollection.GetEnumerator()     at Microsoft.SharePoint.Client.ServerStub.<EnumerateChildItems>d__36.MoveNext()     at Microsoft.SharePoint.Client.ServerStub.WriteAsFeed(Object value, OData... 41e525b4-b6e9-4035-9a5d-2cb7b1804daa
 

 w3wp.exe (0x2F90)                        0x1EE4 SharePoint Foundation          CSOM                           afxwb High     ...Writer writer, RESTfulQuery query, ProxyContext proxyContext)     at Microsoft.SharePoint.Client.ServerStub.Write(Object value, Uri path, ODataWriter writer, RESTfulQuery query, ProxyContext proxyContext)     at Microsoft.SharePoint.Client.Rest.RestRequestProcessor.Process()     at Microsoft.SharePoint.Client.Rest.RestRequestProcessor.ProcessRequest()     at Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer) 41e525b4-b6e9-4035-9a5d-2cb7b1804daa

   w3wp.exe (0x2F90)                        0x1EE4 SharePoint Foundation          CSOM                           agmjp High     Original error: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))     at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex)     at Microsoft.SharePoint.Library.SPRequest.GetUsersDataAsSafeArray(String bstrUrl, UInt32 dwUsersScope, UInt32 dwUserCollectionFlags, String bstrValue, UInt32 dwValue, UInt32& pdwColCount, UInt32& pdwRowCount, Object& pvarDataSet)     at Microsoft.SharePoint.SPUserCollection.InitUsersCore(Boolean fCustomUsers, String[] strIdentifiers, SPUserCollectionFlags ucf)     at Microsoft.SharePoint.SPBaseCollection.GetEnumerator()     at Microsoft.SharePoint.Client.ServerStub.<EnumerateChildItems>d__36.MoveNext()     at Microsoft.SharePoint.Client.ServerStub.WriteAsFeed(Obj... 41e525b4-b6e9-4035-9a5d-2cb7b1804daa

  w3wp.exe (0x2F90)                        0x1EE4 SharePoint Foundation          CSOM                           agmjp High     ...ect value, ODataWriter writer, RESTfulQuery query, ProxyContext proxyContext)     at Microsoft.SharePoint.Client.ServerStub.Write(Object value, Uri path, ODataWriter writer, RESTfulQuery query, ProxyContext proxyContext)     at Microsoft.SharePoint.Client.Rest.RestRequestProcessor.Process()     at Microsoft.SharePoint.Client.Rest.RestRequestProcessor.ProcessRequest()     at Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer) 41e525b4-b6e9-4035-9a5d-2cb7b1804daa

January 20th, 2015 11:21pm
I removed the Start Task Process from the App Step and it's working.  Not sure why.
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2015 7:24pm

while callling rest api endpoints youn need to pass autohorization header as below:

code to get apponlyaccesstoke:

hostWeb = Page.Request["SPHostUrl"];
            var contextToken = TokenHelper.GetContextTokenFromRequest(Page.Request);
Uri sharepointUrl = new Uri(hostWeb);
                SharePointContextToken appOnlyContextToken = TokenHelper.ReadAndValidateContextToken(contextToken, Request.Url.Authority);
                string appOnlyAccessToken = TokenHelper.GetAppOnlyAccessToken(appOnlyContextToken.TargetPrincipalName, sharepointUrl.Authority, appOnlyContextToken.Realm).AccessToken;

code to add it to header :

endpointRequest.Headers.Add("Authorization", "Bearer " + appOnlyAccessToken);

here is an article of mine for your reference:

http://social.technet.microsoft.com/wiki/contents/articles/29173.uploading-file-to-sharepoint-online-document-library-using-rest-api.aspx

---------------------------------------------------------------------------------------------------------------------------

Please mark as answer if you find it useful else vote for it if it is close to answer..happy sharepointing

January 22nd, 2015 6:03am
Thanks but I'm using sharepoint developer only not Visual studio.   I was able to get the REST calls working already by placing Authorization in the header dictionary w/o a value.
Free Windows Admin Tool Kit Click here and download it now
January 23rd, 2015 3:06am

This was the issue.  It was not set to this so the App couldn't read it.

Who can view the membership of the group?  - Everyone
January 31st, 2015 10:26am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics