Share via

Azure AD Permissions Error: Unable to Retrieve SharePoint List Items in .NET Core

ArunKumar Arumugam 40 Reputation points
2024-07-05T07:04:29.44+00:00

Hi Team,

To retrieve SharePoint list item details via .NET Core:

I have created a new “App registration” in the “Azure Active Directory” section and generated a client secret. I also granted the necessary API permissions (SharePoint sites “Read All”) and obtained admin consent.

After creating a new .NET Core project in Visual Studio, I used the client ID, tenant ID, and client secret to fetch SharePoint list details. However, I received an “Unauthorized” response.

Could you please review and provide suggestions to resolve this issue?

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,358 questions
0 comments
Accepted answer
  1. Raja Pothuraju 5,180 Reputation points Microsoft Vendor
    2024-07-08T13:21:27.7733333+00:00

    Hello @ArunKumar Arumugam,

    Thank you for posting your query on Microsoft Q&A.Based on your description, it appears that you have created an application in Entra ID via app registration, generated a client secret, and added the "Sites.Read.All" API permission to the registered application under the "API Permissions" tab. You've also created a new .NET Core project in Visual Studio and are generating an access token using OAuth 2.0 client credentials flow. However, you're encountering an "Unauthorized" response when attempting to retrieve SharePoint list item details.

    To troubleshoot this issue, here are some steps and suggestions:

    1. Check Entra ID Application Permissions: Verify that the Azure AD application has the necessary API permissions to access SharePoint sites. You can check this by navigating to the Azure portal, selecting your Azure AD application, and reviewing the API permissions. Ensure you have added application permissions rather than delegated permissions for OAuth 2.0 client credential flow. Refer to the screenshot below for guidance.User's image
    2. Verify Authentication Process: Ensure that your .NET Core application is correctly authenticating with Azure AD and obtaining a valid access token. You can add logging to your application to output the access token and verify its validity. Alternatively, check the Microsoft Entra Sign-in logs for any failure reasons.
    3. Grant Admin Consent: After adding API permissions, ensure that admin consent has been granted. This step is crucial for the permissions to be effective.
    4. Confirm SharePoint Site URL: Verify that the SharePoint site URL you are trying to access is correct and accessible with the permissions granted to your Azure AD App Registration.
    5. Capture Fiddler Trace: If the above steps do not resolve the issue, capture a Fiddler trace to inspect the HTTP requests and responses. This can help identify if the authentication token is correctly included in the request.

    For guidance on capturing a Fiddler trace, refer to: https://learn.microsoft.com/en-us/power-query/web-connection-fiddler

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.