Share via

SharePoint call fails with 403 forbidden

Roman Gavrilov 0 Reputation points
2023-02-08T14:53:22.78+00:00

I have an app registered in Azure AD with the following approved permissions:

Microsoft Graph: Files.ReadWrite.All, Sites.ReadWrite.All, Sites.Selected, User.Read
and
SharePoint: Sites.ReadWrite.All, Sites.Selected
Yet a request to load a folder at / fails with 403 Forbidden (the same C# application that uses a different, registered earlier, Azure AD application works fine - I just can't figure out what the differences are, and how to get second app's permissions to work like the first app does).
Which permissions do I need to read a folder?

Are there logs that can give me more information?

Microsoft 365 and Office | SharePoint | Development
Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 46,376 Reputation points
    2023-02-09T09:15:38.0233333+00:00

    Hi @Roman Gavrilov

    There seems to be a same thread on SO, now posting the solution into Q&A:

    This depends on which authentication flow you use, because you are only granting application permissions, which are only supported in the client credentials flow. So if you're using the client credentials flow, your permissions are sufficient. However, if you are using auth code flow or ROPC flow, you also need to grant Files.ReadWrite.All and Sites.ReadWrite.All delegated permissions.

    By the way, if you want to get more error information, then you can try using try-catch capture:

    try 
{
     //code snippet......      
}
catch (Exception ex)
{
    Console.WriteLine(ex);
}

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.