We all have had our share of pain when it comes to using High Trust Add-ins in SharePoint. The aim of this article is to put together a collection of common problems and solutions. I’ll try to keep this post updated with any new issues that we might come across.
Error – 401 unauthorized error when running a high-trust app
- Issuer ID is invalid or has uppercase letters or Issuer ID has space in Appweb web.config file. Use the following powershell to get a list of all the TrustedSecuityTokenIssuer in your farm:
Get-SPTrustedSecurityTokenIssuer | select Name,RegisteredIssuerName | fl
- Thumbprint was incorrectly registered, use Get-SPTrustedSecurityTokenIssuer and make sure the Thumbprint you get when you look at the certificate is equal to the one you find here.
- The realm should be the same for any issuers that you had registered and it should be the same as your farm ID:
Get-SPFarm | select Id $spurl ="http://sp/sites/DevCenter" $spsite = Get-SPSite $spurl $realm = Get-SPAuthenticationRealm -ServiceContext $spsite Write $realm
- Your add-in does not have permission to the resource you are trying to access. Run that the following PowerShell cmdlet ($web is the SharePoint website you are trying to get access to and $appPrincipal is the add-in ID):
Set-SPAppPrincipalPermission -Site $web -AppPrincipal $appPrincipal -Scope Site -Right FullControl
- Your digital certificate was not added to the trusted certificate store. Be sure you have followed the procedures in Package and publish high-trust SharePoint Add-ins.
- There is no user profile created for the user who is accessing the remote web application
Error – 403 Error – Forbidden while accessing installed app, SharePoint-App communication issue
- Client ID is invalid or has uppercase letters or Client ID has space in Appweb web.config file.
- Get-SPSecurityTokenServiceConfig AllowOAuthOverHttp setting is invalid.