Token request failed error when getting app only access token

-

Recently I started seeing token request failed error in my job and my provider hosted app.   The jobs and provided hosted apps have been working well for a long time and it just suddenly happened.  They always failed at TokenHelper.getAppOnlyAccessToken method.

Error info:

Type: System.Net.WebException

Message: Token request failed.

After digging around, it looks like there are a few updates on Microsoft to SharePoint, Azure, and AAD.  You can see more details from here, https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/provider-hosted-app-pha-application-errors-tls-errors-and-401/ba-p/2273611.

Essentially, here are the 2 solution depending where is your code located:

  • If you're running your jobs or web applications on a server, you can apply the change to update the TLS and cipher used.  See the details for the TLS/Cipher changes in the link above.
  • If you're hosting the provided hosted app in Azure web app, you can update your code instead.  You can add ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 to your code before you get the AppOnly access token.
Sample code:


public ClientContext GetAppContext() 
{
    ServicePointManager.SecurityPortocol = SecurityProtocolType.Tls12;
    Uri siteUri = new Uri(_sharepointUrl);    
    string realm = TokenHelper.GetRealmFromTargetUrl(siteUri);

    string accessToken = TokenHelper.GetAppOnlyAccessToken(
        TokeHelper.SharePointPrincipal, 
        siteUri.Authority, realm).AccessToken;

    return TokenHelper.GetClientContextWithAccessToken(siteUri.ToString(), accessToken);
}

after I added the yellow highlighted line, it started working on Azure web app.  That force the code to use TLS 1.2.

Comments

Post a Comment

Popular posts from this blog

SharePoint 2013 App Details Page Error

-
Image
Out of no where, the app details page started throwing out error for all apps. ULS log entries System.Data.SqlClient.SqlException (0x80131904): The EXECUTE permission was denied on the object 'prc_CountAppInstanceData', database 'UsageAndHealth_Logging_DB', schema 'dbo'.     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)     at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)     at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()     at System.Data.SqlClient.SqlDataReader.get_MetaData()     at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBe
Read more

SharePoint 2013 - Working with Display Template for Content Search Web Part

-
Image
To create a custom display template, the best approach is to copy an existing one from Out-Of-Box display templates.  You can try each one and find the one that is closest to what you want to do. All the display templates are in the master page gallery.  To access it, Site Settings -> Master pages and page layouts -> Display Templates The Content Web Parts folder contains the display templates for content search web part and Search folder contains the display templates for the search results web parts. The easiest way to take a look at the display templates is to open the list in windows explorer.  On the ribbon, click on Open with Explorer option. You'll see a lot of html and js files in Content Web Parts folder.  The HTML files are the ones that you'll need to take a look.  The .js files are auto-generated when you add a new HTML file or update an existing one. For every content search web part, you usually have to specify two display template, Control a
Read more

SharePoint 2013 Features Information List

-
I find this information is so useful.  I used to get my information from, http://blogs.msdn.com/b/razi/archive/2013/10/28/listing-all-sharepoint-2013-features-including-name-title-scope-id-and-description.aspx. But in case the site is down later, I retrieve them using server code (SPFeatureDefinition) on SharePoint 2013 environment.  You can get the feature ID and description below. There is some more information is you're interested. SharePoint Server 2013 Features Display Name (Title) Scope ID Description PublishingStapling(Publishing Features Stapling) Farm 001f4bd7-746d-403b-aa09-a6cc43de7942 Staple Publishing features SiteStatusBar(Site status bar) Farm 001f4bd7-746d-403b-aa09-a6cc43de7999 Creates a Microsoft OneNote 2010 notebook in the Shared Documents library and places a link to it on the Quick Launch. This feature requires a properly configured WOPI application server to create OneNote 2010 notebooks. BasicWebParts(Basic Web Parts) Site 00bfea71-1c
Read more