Share via

General Azure issue when using CreateAnonymousLink or CreateOrganizationSharingLink in Sharepoint CSOM?

Pablo Glomby 186 Reputation points
2020-10-08T13:10:13.533+00:00

Hi!

We have a product that has been working at customers for a long period of time.

Part of this project just calls CreateOrganizationSharingLink and CreateAnonymousLink (it's a C# project that uses CSOM) and the Sharepoint connection uses ADAL.

When calling CreateOrganizationSharingLink or CreateAnonymousLink (and only if using ADAL) at some customers we are getting:

Microsoft.SharePoint.Client.ServerUnauthorizedAccessException: Access denied. You do not have permission to perform this action or access this resource.

This is new, nothing has changed in our application nor in the server registered application. In the server side the permissions are:

Microsoft Graph (user read)

Sharepoint (MyFiles.Read and MyFiles.Write)

It happens at all customers using ADAL and in our labs too.

If I use the standard credentials (username and pwd) instead of ADAL everything works fine.

If it helps, we have seen that when using ADAL, then when calling Microsoft.SharePoint.Client.Web.GetObjectSharingSettings (the URL parameter is the same parameter that is passed to CreateAnonymousLink) we get:

ObjectSharingSettings.CanSendLink=False

ObjectSharingSettings.IsUserSiteAdmin=False

ObjectSharingSettings.SharePointSettings.PanelGivePermissionsVisible=False

ObjectSharingSettings.SharePointSettings.SelectedGroup=

While if the same is done without using ADAL (that is, using the user name and password in SharePointOnlineCredentials) then we get:

ObjectSharingSettings.CanSendLink=True

ObjectSharingSettings.IsUserSiteAdmin=True

ObjectSharingSettings.SharePointSettings.PanelGivePermissionsVisible=True

ObjectSharingSettings.SharePointSettings.SelectedGroup=role:1073741827

I think something happened in the Azure server since it was working for long time.

Any idea?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,827 questions
SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,619 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amos Wu-MSFT 4,051 Reputation points
    2020-10-09T08:20:31.837+00:00

    Standard credentials with username and pwd is using user rights in SharePoint,it is different from add-in permission.
    Differences between add-in permission rights and user rights
    You could try to authenticate with clientid and clientscrect. 

    new OfficeDevPnP.Core.AuthenticationManager().  
                               GetAppOnlyAuthenticatedContext(  
                               "siteUrl",  
                               "Client Id", "Client Secret");

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.