SharePoint High Trust Apps – Troubleshoot Tips

We all have had our share of pain when it comes to using High Trust Add-ins in SharePoint. The aim of this article is to put together a collection of common problems and solutions. I’ll try to keep this post updated with any new issues that we might come across.

Error – 401 unauthorized error when running a high-trust app

  • Issuer ID is invalid or has uppercase letters or Issuer ID has space in Appweb web.config file. Use the following powershell to get a list of all the TrustedSecuityTokenIssuer in your farm:

  • Thumbprint was incorrectly registered, use Get-SPTrustedSecurityTokenIssuer and make sure the Thumbprint you get when you look at the certificate is equal to the one you find here.
  • The realm should be the same for any issuers that you had registered and it should be the same as your farm ID:

  • Your add-in does not have permission to the resource you are trying to access. Run that the following PowerShell cmdlet ($web is the SharePoint website you are trying to get access to and $appPrincipal is the add-in ID):

  • Your digital certificate was not added to the trusted certificate store. Be sure you have followed the procedures in Package and publish high-trust SharePoint Add-ins.
  • There is no user profile created for the user who is accessing the remote web application

Error – 403 Error – Forbidden while accessing installed app, SharePoint-App communication issue

  • Client ID is invalid or has uppercase letters or Client ID has space in Appweb web.config file.
  • Get-SPSecurityTokenServiceConfig AllowOAuthOverHttp setting is invalid.

Sources:

Leave a Reply