SharePoint 2013 Apps and a Blank Page

So this is really a reminder to myself that when you configure a SharePoint on-premises environment for hosting SharePoint Apps, that when using different Application Pool accounts you need to set the permission correctly or any Apps that are installed just display a blank page.

As an example my environment currently has three web apps.

As you can see each one is running over SSL as I like to have it. Each Web Application also has its own Application Pool.

Each one is set to a different domain account also.

Web Application App Pool Name App Pool Account
Apps App DOMAIN\SP_AppPool
My Sites MySites DOMAIN\SP_ProfileAppPool
Portal Portal DOMAIN\SP_SiteAppPool

As you can imagine the permissions are set specifically to those account and those accounts only. This means that when I try to the run the App that I installed into the “Portal” site which runs over SSL from the “App” site it fails. If we now look into SQL we can see that the Application Pool account that is used for hosting Apps, does not actually have permission to anything within the two other site collections.

To resolve this I granted direct access to these database for that account. So this now looks like this in SQL.

Once this is set, the “App” should load, but you may get the following error I blogged about previously:

For me to fix it completely I had to make one more change which was to access the “App” website within IIS and set the “Anonymous Authentication” to the “Application Pool Identity” instead of the “IUSR” account.

This then made it work as expected. Of course you may not be able to do this in some secure environments.

NOTE: I did find that in reality as long as the “Application Pool Account” was the same as the root site you installed the “App” into, then it worked. However the last step I made to the application pool authentication did resolve some other issues I was seeing.

Key takeaway here is check your security policy before you start modifying things just because.

Liam Cleary

Liam began his career as a Trainer of all things computer-related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes, and of course security controls and protection. He is also a Microsoft MVP focusing on Architecture but also crosses the boundary into Development. He is also a Microsoft Certified Trainer (MCT). His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...