SharePoint 2013 High Trust Provider Hosted App – 401 Unauthorized Error

So while building some demonstration High Trust Provider Hosted Apps in SharePoint 2013, I kept hitting the “401 Unauthorized” error.

Now this error when looking into “ulsviewer” comes up with a whole bunch of errors.

As you can see all of these seem to point to some permission or account issue. However I tried accessing my Provider Hosted App with various accounts and it still failed.

The website I setup within Internet Information Server (IIS), was set with a custom application pool and using an account already known to SharePoint. I read many blog posts that talk about checking the “Client ID” and “Issuer ID“.

Within Visual Studio I checked my core Project for the following settings:

I then went and checked my “AppManifest” file by viewing it in “Code” mode.

I compared the “Client ID” value and checked that my “Issuer ID” was correct. Nothing wrong with this configuration at all.

I also read that it could be an issue with “Anonymous” access being enabled on the “Provider Hosted” website. So I checked that too.

Nothing wrong with that setup either. Every time however I would get this error. So I spent some time looking over my “Provider Website” configuration. As I did this I noticed that my application pool was not set to an “Identity” but to “ApplicationPoolIdentity“.

So I made the change here to make it use a specific account as it should.

Once I made this change I tested again and I still got the same error. So I left it as is and started checking the website itself. As I checked it I noticed that credentials were set for the “Physical Path Credentials” setting, which should not be there.

So I changed the setting for this to be the following:

Now after setting this and testing the Provider Hosted App page loaded as expected. So the lesson here was to make sure that the account you are hitting the Provider Hosted App with, is actually the ending account. In my scenario is quite clearly was being changed due to the misconfiguration of the core Provider Hosted website within IIS.

I have seen this issues logged in all the forums and blog posts, so hopefully this will give you one more thing to check is right.

Liam Cleary

Liam began his career as a Trainer of all things computer-related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes, and of course security controls and protection. He is also a Microsoft MVP focusing on Architecture but also crosses the boundary into Development. He is also a Microsoft Certified Trainer (MCT). His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...