-1

I'm creating an MVC app that requires me to nab the group users from a Sharepoint site. I'm getting a 401 error when I publish and run it via IIS (localhost). When I run it through the debugger though, everything works as intended.

I'm assuming it's a permissions error based on the context. Is there a way to run the app normally using my current NTLM credentials programmatically (instead of what seems like the IIS account/user)?

Code (I'm on mobile right now, so I'm sorry if anything looks wonky...)

// Constructor
clientContext = new ClientContext("http://sharepointsite");
clientContext.Credentials = CredentialCache.DefaultNetworkCredentials;
//clientContext.Credentials = new NetworkCredentials("username", "password", "domain"); <- this works just fine if I hard code my current credentials

// Calling method
UserCollection users = GetUsersCollection();
clientContext.Load(users);
try {
    clientContext.ExecuteQuery(); // 401 error here
    return true;
}
catch {
    return false;
}
LOL. NO.
  • 577
  • 1
  • 6
  • 33

1 Answers1

1

You can specify the credentials you connect to SharePoint with CSOM it would look something like this:

clientContext.Credentials = new NetworkCredential("Username", "Password", "Domain");

You can do MVC impersonation like this:

        string currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
        System.Security.Principal.WindowsImpersonationContext impersonationContext;
        impersonationContext =
            ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
        currentUser += "Impersonate:" + System.Security.Principal.WindowsIdentity.GetCurrent().Name;
        impersonationContext.Undo();
        ViewBag.U = currentUser;
        return View();

I found that example in this thread:

http://forums.asp.net/t/1961337.aspx?Asp+Net+MVC+5+how+to+impersonate+user+on+IIS

Arcan.NET
  • 700
  • 4
  • 12
  • I only have access to the username (and probably the domain) and I'm trying to use Windows Authentication for this app. Is there an alternative solution? – LOL. NO. May 15 '15 at 16:31
  • You can try using this: NetworkCredential cred = CredentialCache.DefaultNetworkCredentials; That should give you the current logged in users credentials. – Arcan.NET May 15 '15 at 16:39
  • I've tried that, and unfortunately it still gives me a 401 error. – LOL. NO. May 15 '15 at 16:41
  • Can you post more of your source code in the question and are you certain its not a case of access being properly denied to the account in question? If you are setting the context credentials = to the current users creds it should throw an exception because it cannot retrieve the credentials or the authentication should work normally. – Arcan.NET May 15 '15 at 16:49
  • I've updated the post. The new NetworkCredentials line works if I hard code my own current credentials in, but when I use the Default line, it's denying me. – LOL. NO. May 15 '15 at 17:01
  • This is really more of an IIS issue than it is a CSOM which I am not as strong with. I have been looking into it though and do you have ASP.NET Impersonation enabled for the site you are running the code from? I believe if that is working correctly you should remove the lines of code about the credentials. – Arcan.NET May 15 '15 at 18:39
  • I tried enabling impersonation in my Web.config file yesterday but I got a 500.24 error so I went back and disabled it. – LOL. NO. May 15 '15 at 18:49
  • You can try the thread I posted above and that code example or you will have to re-enable the impersonation and troubleshoot the 500 error. IIS code has certain limitations that cannot be circumvented. – Arcan.NET May 15 '15 at 19:02
  • The impersonation string is returning the correct user name. But I'm still getting a 401 error and I can access the SharePoint site normally via browser and through debug. :( Does it have to do anything with dying the credentials for clientContext? – LOL. NO. May 15 '15 at 19:17
  • Why not run the application as a service account and use the username to filter the data you need. Otherwise I think its just a question of getting impersonation working correctly to run it as that user. You cannot create a NetworkCredential from a WindowsIdentity: http://stackoverflow.com/questions/15284017/how-to-convert-windowsidentity-to-a-networkcredential – Arcan.NET May 15 '15 at 20:35