SharePoint 2013 High Trust Provider Hosted App – 401 Unauthorized Error

So while building some demonstration High Trust Provider Hosted Apps in SharePoint 2013, I kept hitting the “401 Unauthorized” error.

Now this error when looking into “ulsviewer” comes up with a whole bunch of errors.

As you can see all of these seem to point to some permission or account issue. However I tried accessing my Provider Hosted App with various accounts and it still failed.

The website I setup within Internet Information Server (IIS), was set with a custom application pool and using an account already known to SharePoint. I read many blog posts that talk about checking the “Client ID” and “Issuer ID“.

Within Visual Studio I checked my core Project for the following settings:

I then went and checked my “AppManifest” file by viewing it in “Code” mode.

I compared the “Client ID” value and checked that my “Issuer ID” was correct. Nothing wrong with this configuration at all.

I also read that it could be an issue with “Anonymous” access being enabled on the “Provider Hosted” website. So I checked that too.

Nothing wrong with that setup either. Every time however I would get this error. So I spent some time looking over my “Provider Website” configuration. As I did this I noticed that my application pool was not set to an “Identity” but to “ApplicationPoolIdentity“.

So I made the change here to make it use a specific account as it should.

Once I made this change I tested again and I still got the same error. So I left it as is and started checking the website itself. As I checked it I noticed that credentials were set for the “Physical Path Credentials” setting, which should not be there.

So I changed the setting for this to be the following:

Now after setting this and testing the Provider Hosted App page loaded as expected. So the lesson here was to make sure that the account you are hitting the Provider Hosted App with, is actually the ending account. In my scenario is quite clearly was being changed due to the misconfiguration of the core Provider Hosted website within IIS.

I have seen this issues logged in all the forums and blog posts, so hopefully this will give you one more thing to check is right.

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...