none
System.UnauthorizedAccessException when accessing sharepoint 2013 REST API RRS feed

  • Question

  • The REST API ("/_api" and "/_vti_bin/client.svc") doesn't work with anonymous access in 2013.

    Getting System.UnauthorizedAccessException when accessing the above Sharepoint REST API.

    stack trace : "{\"error\":{\"code\":\"-2147024891, System.UnauthorizedAccessException\",\"message\":{\"lang\":\"en-US\",\"value\":\"Access denied. You do not have permission to perform this action or access this resource.\"}}}"

    http://www.selvaonline.com - Live a Happy & Balanced Life


    • Edited by SelvaOnline Thursday, September 11, 2014 9:59 PM
    Thursday, September 11, 2014 8:36 PM

Answers

  • Yes you wont be able to access the REST endpoints anonymously. You need to set the Bearer property in the request header with Authorization token.

     SharePointContextToken ContextToken = TokenHelper.ReadAndValidateContextToken(ContextTokenString, Request.Url.Authority);
    
                    Uri sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]);
    
                    //Get the AccessToken
                    string AccessToken = TokenHelper.GetAccessToken(ContextToken,sharepointUrl.Authority).AccessToken;
    
                    HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(@"https://yoursite.sharepoint.com/_api/web/lists");
                    request.Method = "GET";
                    request.Accept = "application/json;odata=verbose";
                    request.Headers.Add("Authorization", "Bearer " + AccessToken);
    
                    HttpWebResponse response =(HttpWebResponse)request.GetResponse();
                    StreamReader reader = new StreamReader(response.GetResponseStream());
    

    Otherwise you need to use SharePointOnlineCredentialHelper class for getting context and then make REST calls.


    Please mark the replies as answers if they help or unmark if not.

    Friday, September 19, 2014 5:43 AM
  • Hi,

    You can't use it anonymously. You need to obtain authorized access , basically there are two way to proceed Depending on your requirement and from where you need to call rest

    1)  Using OAuth

    2) using cross domain javascript library.

     Find More details below:-

    http://msdn.microsoft.com/en-us/magazine/dn198245.aspx

    Thanks

    -Rahul

    Friday, September 19, 2014 5:51 AM

All replies

  • Yes you wont be able to access the REST endpoints anonymously. You need to set the Bearer property in the request header with Authorization token.

     SharePointContextToken ContextToken = TokenHelper.ReadAndValidateContextToken(ContextTokenString, Request.Url.Authority);
    
                    Uri sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]);
    
                    //Get the AccessToken
                    string AccessToken = TokenHelper.GetAccessToken(ContextToken,sharepointUrl.Authority).AccessToken;
    
                    HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(@"https://yoursite.sharepoint.com/_api/web/lists");
                    request.Method = "GET";
                    request.Accept = "application/json;odata=verbose";
                    request.Headers.Add("Authorization", "Bearer " + AccessToken);
    
                    HttpWebResponse response =(HttpWebResponse)request.GetResponse();
                    StreamReader reader = new StreamReader(response.GetResponseStream());
    

    Otherwise you need to use SharePointOnlineCredentialHelper class for getting context and then make REST calls.


    Please mark the replies as answers if they help or unmark if not.

    Friday, September 19, 2014 5:43 AM
  • Hi,

    You can't use it anonymously. You need to obtain authorized access , basically there are two way to proceed Depending on your requirement and from where you need to call rest

    1)  Using OAuth

    2) using cross domain javascript library.

     Find More details below:-

    http://msdn.microsoft.com/en-us/magazine/dn198245.aspx

    Thanks

    -Rahul

    Friday, September 19, 2014 5:51 AM