0

I'm trying to read from my share point and I got the error System.Net.WebException: 'The remote server returned an error: (401) Unauthorized.' my code. Can any one give me idea why I got this error ?

  static async Task Main(string[] args)
    {
         
       

        string siteURL = "MyURL";
        string clientId = "MYCLIENTID"; // Get client ID from Azure AD
        string secrete = "MYSECRET";// Get Client Secrete from Azure AD
        string tenantId = "MY";
        var scopes = new string[] { "https://MYURL/.default" };

        var accessToken = await GetAuthenticatedClientAccessToken(clientId, secrete, scopes, tenantId);
        var clientContext = GetClientContext(siteURL, accessToken);
        
        Web web = clientContext.Web;

        Console.WriteLine(web.Title);
        Console.ReadKey();
    }
    internal static async Task<string> GetAuthenticatedClientAccessToken(string clientId, string secrete, string[] scopes, string tenantId)
    {
        IConfidentialClientApplication clientApp = ConfidentialClientApplicationBuilder
                                        .Create(clientId)
                                        .WithClientSecret(secrete)
                                        .WithTenantId(tenantId)
                                        .Build();

        AuthenticationResult authResult = await clientApp.AcquireTokenForClient(scopes).ExecuteAsync();
        string accessToken = authResult.AccessToken;
        return accessToken;
    }
    public static ClientContext GetClientContext(string targetUrl, string accessToken)
    {
        ClientContext clientContext = new ClientContext(targetUrl);
        clientContext.ExecutingWebRequest +=
             delegate (object oSender, WebRequestEventArgs webRequestEventArgs)
             {
                 webRequestEventArgs.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + accessToken;
             };
        return clientContext;
    }

}
Luay
  • 3
  • 2
  • The code looks fine. The problem may be some parameters you specify are not valid (like, "client id" or "secret"). Or maybe your application is not registered with azure ad. – Nikolay Apr 22 '22 at 17:58
  • It's already registered in azure Ad and all client id and secret are correct. – Luay Apr 22 '22 at 20:16
  • If it fails on first line, "GetAuthenticatedClientAccessToken", then I think only parameters passed or configuration in azure ad coult be the issue... – Nikolay Apr 23 '22 at 09:01

1 Answers1

0

Your application is failing because you are using a client id/client secret combination in order to request a token from AAD.

It is now written in the documentation that:

all other options are blocked by SharePoint Online and will result in an Access Denied message.

You can find the precautionary message here.

Also, another hint that might help you in resolving this error can be seen in this answer which states that when using a client id/secret combination the appidacr property of the token will be set to 1.

In order to utilize the Client Certificate method, I would suggest you follow this guide, which depicts each step in the creation and publishing to AAD App Registration of the Certificate clearly.

jimas13
  • 597
  • 5
  • 19