Setting a Custom "401 Unauthorized" Page
When our claims based SharePoint web application cannot authenticate users (for whatever reason, e.g cannot get a Kerberos ticket), they are presented with a blank white page with the text "401 Unauthorized".
How and where can I can customise this page?
I can find lots of info on the 404 (accessed denied) page, but not this one specially.
Any ideas?
Thanks,
Richard
Hi Richard,
Those errors would occur only when the pages
would be rendered through the /_layouts/15/start.aspx page. This specific page is responsible for loading pages from a site using the
Minimal Download Strategy (MDS), a new feature in SharePoint 2013 that improves client rendering performance and fluidity when navigating from page to page by downloading only the changes between two pages. This feature should help improve
page navigation performance. If you want to read more about Minimal Download Strategy (MDS), check out this
post<o:p></o:p>
The MDS feature is a great performance enhancement that comes along with SharePoint 2013 so it should NOT be turned off permanently! Keep it disable
for some time to debug the issue and do activate once you resolve the current issue. After that shared what page you are getting and the error displaying to come up with solution.<o:p></o:p>
Krishana Kumar http://www.mosstechnet-kk.com
Please mark the replies and Proposed as answer if they help and solve your issue
Similar Messages
-
401 Unauthorized Page Not working in SharePoint.
When a bad log-in is entered three times while opening a SharePoint Site, "401 Unauthorized"page is not reached but SP site returns a blank page.
Its SP 2010 Environment with Windows Server 2008 R2 and IIS 7.
Please share your thoughts in resolving this issue.
Thank you.Disable the authentication loopback check
Reference: https://support.microsoft.com/kb/926642/en-us?wa=wsignin1.0
Re-enable the behavior that exists in Windows Server 2003 by setting the DisableLoopbackCheck registry entry in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry
subkey to 1. To set the DisableLoopbackCheck registry entry to 1, follow these steps on the client computer:
Click Start, click Run,
type regedit, and then click OK.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Right-click Lsa, point to New,
and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1,
and then click OK.
Exit Registry Editor.
Restart the computer.
Note You must restart the server for this change to take effect. By default, loopback check
functionality is turned on in Windows Server 2003 SP1, and the DisableLoopbackCheck registry entry is set to 0 (zero). The security is reduced when you disable the authentication loopback check, and you open the Windows Server 2003 server for man-in-the-middle
(MITM) attacks on NTLM.
If my contribution helps you, please click Mark As Answer on that post and
Vote as Helpful
Thanks, ShankarSingh(MCP) -
Error 401--Unauthorized when deployed on WL Managed server (10.3.3)
Hi,
I created & started a WL-Managed server on my window desktop machine. I deployed to this Managed server, an application which is running without problem on Admin Server. (The managed server is created in the same Domain as that of Admin Server)
However, when I log on to the application on Managed server & enter the UID & PW I get the Error 401--Unauthorized page. The same security works perfectly well for Admin Server.
Any clues what could be going wrong.
Thanks in advance.
Edited by: Prakash Chavan on Feb 28, 2011 4:57 PMThanks Faisal,
Here is the log after I add the 2 flags
<Mar 1, 2011 8:59:30 AM EST> <Notice> <WebLogicServer> <BEA-000365> <Server stat
e changed to RUNNING>
<Mar 1, 2011 8:59:30 AM EST> <Notice> <WebLogicServer> <BEA-000360> <Server star
ted in RUNNING mode>
Mar 1, 2011 9:13:27 AM oracle.jbo.uicli.mom.CpxUtils$Visitor logMainApplicationC
px
INFO: zip:C:/JDev11g/Middleware/user_projects/domains/base_domain/servers/Svr0/t
mp/_WL_user/TestTrackApp_V2.0/77qs7f/war/WEB-INF/lib/_wl_cls_gen.jar!/view/DataB
indings.cpx
[JpsAuth] Check Permission
PolicyContext: [TestTrackApp#V2.0]
Resource/Target: [view.pageDefs.ttsPageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionP
ermission]
Result: [FAILED]
For more information on this failure, please set -Djps.auth.debug.verb
ose=true
I have emailed you the requested log & the config files.
Edited by: Prakash Chavan on Mar 1, 2011 9:35 AM -
Realm enterprise-manager (401 Unauthorized)
Oracle Application server is installed on the same machine as the infrastructure. The infrastructure install went well. Then I installed the IAS with no problems and then I configure the server to only run one instance of Apache, again without a hitch. So far, so good.
I can get to the "Welcome to Oracle9i Application Server" page with no problem. However, when I try to access the Enterprise Manager using the correct information for userid and password for the Realm "enterprise-manager" popup. It comes up 3 times and then gives me a "401 Unauthorized" page.
I have succesfully completed the reset password routine, but it still doesn't fix the problem.
Any ideas?
Thanks in advance.It's good to see I'm not alone! I've run into the problem four times now, on Windows 2000 Professional, and have finally pinpointed the reason, however not the solution. It happens right away when I disable the MS Loopback adapter that I used during installation of the iAS, thus running the normal network adapter.
The result is pretty bad - I'm not at all able to find a workaround. It does not help to revert to the loopback adapter. I simply have to reinstall everything! Password resetting according to the release notes addendum at first seems to work fine, as I long as I stay at the DOS prompt. When I try to enter Enterprise Manager however the same thing happens - 401 Unauthorized. Reboot doesn't help.
A detail that may or may bot be significant, is that I have being doing this away from the office, so that I have not been connected to the configured domain. (Another detail is that I'm starting from an Oracle employee OBI base install of Windows 2000; not just the first time, but every time)
I wonder why not more people are getting this problem - I get it all the time. Please help.
Thanks, Erik Hagen, +47 90631013 -
Dispatch to custom 401 page does not always happen
hi,
I configured custom error401.jspx page to be dispatched to if user enters invalid credentials at login page or if authenticated user attempts direct url access to a page he is not authorized to access. This works most of the time, but sometimes instead of dispatching to 401 page system dispatches to Login page (the user is already logged in so this should not happen!). When this happens Login page looks like original ADF faces page but "face" color is lost, i.e. page is all black and white and it contains message Invalid username and password.
I configured ADF security to also dispatch to this 401 page in case of unauthorized access.
I am using jdev 10.1.3.2.
What is causing this behavior? It seems to happen more often on standalone than embedded oc4j. I checked web.xml and everything points to custom 401 page if unauthorized attempt. userInfo managed bean is identical to SRDemo.
Is there a workaround?Hi,
it is not loss of session as if I click Back button on browser I can proceed with application as currently logged in user.
I reproduce this in following way:
- I try to login as userA/roleA with wrong credentials
=> system dispatches to error401 page.....................OK
- on error401 page I click Home button which replicates SRLogout backing bean function...OK
=> system re-renders Login page...............OK
- I login as userA with correct credentials
=> system renders welcome page.............OK
- I use application as userA..................OK
- I try to access page accessible only to userB/roleB, using direct url access
=> system dispatches to error401 page...........................OK
- On error401 page (or clicking Back button on browser to go to previous page) I, (still logged in as userA/roleA) try to direct url access page belonging to userC/roleC
=> this time oc4j immediately dispatches to Login page (instead of error401 page) with message Invalid username and password...................................NOT OK
So it seems first time only it dispatches correctly but subsequent attempts it always go to Login page although session is not expired -
How can I set up a custom 404 error page on OSX Server?
I moved my web site to a local server and changed the structure drastically. Unfortunately I am getting hits for information that was on the old server which I haven't put back yet. I'd like to set up a custom 404 Error Page to let people know what's up. In server.app I can set up a 500 error page but not a 404 and when I tried hand coding it into the sites .conf file I really messed things up. It took me a while to get that all corrected!
Thanks for any advice,
Bill WFound it!
Under the web server Advanced Setting set "Allow overrides using .htaccess" then create an .htaccess file in the root directory with the line:
ErrorDocument 404 notfounderror.html
Use whatever HTML/PHP/etc. document you have created. -
Setting the custom master page through powershell is NOT working
Hi,
I am writing the below code to set the custom master page through powershell.
But its not working .when i went to site settings-->master page --> in the drodown , the maste page set is seattle.master ONLY, though my current master page is available in the dropdown.
Can anyone pls help, whether i am missing in the below :
Add-PSSnapin Microsoft.SharePoint.Powershell
$SiteURL = "http://srvr1:22307/sites/SPW5"
$weburl= $SiteURL
$Site= Get-SPSite $SiteURL
$web = $Site.OpenWeb()
$web.CustomMasterUrl = "/_catalogs/masterpage/myMasterpage.master"
$web.MasterUrl = "/_catalogs/masterpage/myMasterpage.master"
$web.Update()
DasHi,
Is it a publishing page? If yes can you try the PowerShell scripts corresponding to the following code snippet?
var publishingWeb = PublishingWeb.GetPublishingWeb(web);
publishingWeb.CustomMasterUrl.SetInherit(inheritFromParent, false);
publishingWeb.CustomMasterUrl.SetValue(masterPageUrl, false);
publishingWeb.MasterUrl.SetInherit(inheritFromParent, false);
publishingWeb.MasterUrl.SetValue(masterPageUrl, false);
I've noticed sometime (not sure though) that Master page doesn't get updated if the inherit property is not updated first.
Thanks,
Sohel Rana
http://ranaictiu-technicalblog.blogspot.com -
Setting a Custom Scope in a Page
Greetings again
i am trying to set a custom scope for my pages, i am following the example 6.3.2 Setting Scope in a Page - Create New Task Flow in the Oracle® Fusion Middleware
Developer's Guide for Oracle WebCenter 11g Release 1 (11.1.1) E10148-06.
i have a managed bean whose class name is AdministratorPagView and has a method called getScopeName() that returns a String. My adfc-config.xml archive looks like this
adfc-config xmlns="http://xmlns.oracle.com/adf/controller" version="1.2">
<managed-bean id="__3">
<managed-bean-name id="__1">adminPagView</managed-bean-name>
<managed-bean-class id="__2">view.AdministratorPagView</managed-bean-class>
<managed-bean-scope id="__4">request</managed-bean-scope>
</managed-bean>
</adfc-config>
then in my page definition archive called AdministratorPagPageDef.xml that corresponds to the JSPX where the create page task flow, there is a parameter for that task flow like this:
<parameters>
<parameter id="oracle_webcenter_page_createpage_scopename"
value="${adminPagView.scopeName}"/>
</parameters>
so i try creating a page and when i finish creating it the getPateTreeITerator does not show me anything and looking into the WL Server floders for the mds, i just found a scope.xml file in a path structure like this one
DefaultDomain/webcenter/mds-integServerRepos/<my_app_name>/oracle/webcenter/framework/scope/scopedMD/<custom_scope_name>/scope.xml, but the new folder that reference to a new scope is not being created
is there something i am missing?
Edited by: Luis_muxhaxho_betancourth on 24/06/2010 08:46
Edited by: Luis_muxhaxho_betancourth on 24-jun-2010 18:54the pages are being placed in a diferent folder from the one used when defaultScope is set, how can i make those pages visible in the page tree for my user ?
-
How to set custom access denied pages in SharePoint 2013?
Hi everybody,
in SharePoint 2010 custom access denied or other error pages could be easily set by setting the new path to the webapp-properties by using webApp.UpdateMappedPage. In SharePoint 2013 this seems to be ignored. The MSDN-entry seems to be out of date and just
copied from SharePoint 2010:
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.administration.spwebapplication.updatemappedpage.aspx
A possible workaround could be writing a HttpModule that checks the requested url for accessdenied.aspx and redirects to a custom page but there must be another more best practice way to achieve this behaviour??I found a workaround to redirect to a custom access denied page but I'm not happy with it.
I created a HttpModule which uses static method SPCustomRedirect.RegisterRedirectHandler to register a class inheriting ISPCustomRedirectHandler to the current HttpContext. In this class there is a method GetRedirectUrl that returns the path to my custom
access denied page.
Now at last a value must be written to the HttpRequest.Querystring named "CustomRedirect". But to add something to the QueryString-NameValueCollection I must use reflection to make it writable because it's readonly. After setting the value, I reset the property
to readonly.
For clearness, I post the code-snippet from the HttpModule below:
HttpRequest request = HttpContext.Current.Request;
NameValueCollection QS = request.QueryString;
QS = (NameValueCollection)request.GetType().GetField("_queryString", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(request);
PropertyInfo readOnlyInfo = QS.GetType().GetProperty("IsReadOnly", BindingFlags.NonPublic | BindingFlags.Instance);
readOnlyInfo.SetValue(QS, false, null);
QS["CustomRedirect"] = "CustomAccessDenied";
readOnlyInfo.SetValue(QS, true, null);
SPCustomRedirect.RegisterRedirectHandler("CustomAccessDenied", new CustomAccessDenied());
This is the redirectHandler-class I register in the last line:
public class CustomAccessDenied : ISPCustomRedirectHandler
public string GetRedirectUrl(string key)
string serverRelativeUrl = string.Empty;
var ctx = HttpContext.Current.Items["DefaultSPContext"];
if (ctx != null)
serverRelativeUrl = ((SPContext)ctx).Web.ServerRelativeUrl;
if (serverRelativeUrl.Equals("/"))
serverRelativeUrl = string.Empty;
return string.Format("{0}/_layouts/15/myCode/CustomAccessDenied.aspx", serverRelativeUrl);
This works fine but I really don't like the need to add a value to the querystring by reflection or the need to do this for every page-request...
What's your opinion for this? -
Get "401 Unauthorized" for secured pages when following the tutorial
I tried to configure security for a page in JDeveloper by following the steps in 10.1.3.2 WebCenter Framework Tutorial (http://download.oracle.com/docs/cd/E12529_01/webcenter.1013/b31072/tt_security.htm).
I copied the system-jazn-data.xml from the sample. Then followed the steps in the tutorial except that I don't have the Welcome page but only the secured Mypage.jspx which is protected as instructed in the tutorial. Then I ran Mypage.jspx. I was directed to the login page correctly. But after I entered the correct username/password for any user, it gave me "401 Unauthorized" error. I'm pretty sure the username/password is correct because it'll direct me back to the login page when they're wrong.
I tried it a few times but it always failed with the same error. Any help is greatly appreciated.
-- CindyHi,
if you followed a WebCenter tutorial then it would make sense to ask the question on the WebCenter forum
WebCenter Portal
Frank -
Error 401 (Unauthorized) when setting up Hybrid Search
Hello,
I am trying to set up Hybrid Search (one-way out-bound search) between a SharePoint 2013 on-premises farm I've got running on Windows Azure (IaaS) and a SharePoint Online trial tenant I have set up for the purpose.
I have followed Manas Biswas' rather long guide (search for manas biswas hybrid search on Bing to find it) for setting it up and everything has gone fine -- including setting up my SharePoint 2013 farm in a demo lab on Azure, signing
up for a SharePoint Online tenant, getting DirSync to work, etc. Actually, I hadn't bumped into any errors until the very end when I wanted to try out my setup.
I had just set up SharePoint Online as a search result source on my SharePoint 2013 team site. I have also set up the search query rule with the result block for the SP Online results. Yet, when I try to use the Query Builder and I search for "*",
I get the following error:
System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute() at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate() at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest() at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery() at Microsoft.Office.Server.Search.RemoteSharepoint.RemoteSharepointEvaluator.RemoteSharepointProducer.RetrieveDataFromRemoteServer(Object unused) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at Microsoft.Office.Server.Search.RemoteSharepoint.RemoteSharepointEvaluator.RemoteSharepointProducer.ProcessRecordCore(IRecord record)
Now, I don't know why this operation is rejected as "unauthorized." I am unsure of my certificates, which I have generated and set up in order for the connection to work. Out of all the steps in Biswas' guide, the certificates part is the one I
have the least knowledge about. I am suspecting that there is something wrong in this area but I have no idea of how to troubleshoot it.
To make it clear, I did not encounter any error messages while following the guide -- not even when firing off the fair amount of PowerShell scripts that Biswas has written.
I would appreciate it if anybody could help me troubleshoot this problem. I am running out of ideas to try out so any suggestion will appreciated! :-)Hi Sebastian and Manas,
I am trying to set up a hybrid environment and followed the blog posts. Everything was set up as per the guidelines mentioned but still I am not able to fetch any results from SharePoint Online inside my on-premise environment.
There are no errors coming as such. Its just that my on-premise is showing no results from SPO. However if the same user logs on into the Office 365 SPO site he is able to see SPO search results. That means there is no permission related issue specific to
test user.
I am totally out of ideas now. In case you have faced similar issues while setting up the same then any pointers to troubleshoot would be very helpful.
The link to my query that I have asked on the forums is
https://social.msdn.microsoft.com/Forums/office/en-US/540d2629-ec6b-4905-b8e2-f6ba4e770d26/configure-one-way-outbound-hybrid-search?forum=sharepointgeneral
Thanks,
Geetanjali
Geetanjali Arora | My blogs | -
I want to Fill a drop down with Outlook Meeting of Current log-in user in SharePoint 2013 web part for default credentials I am using the following code
ExchangeServiceBinding binding = new ExchangeServiceBinding();
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
binding.RequestServerVersionValue = new RequestServerVersion();
binding.RequestServerVersionValue.Version = ExchangeVersionType.Exchange2010_SP2;
binding.PreAuthenticate = true;
binding.UseDefaultCredentials = true;
binding.Credentials = CredentialCache.DefaultCredentials ;
string server = "https://*********/ews/Exchange.asmx";
binding.Url = server;
I Am Getting the Error "The request failed with HTTP status 401: Unauthorized."
but when I Replace the line
binding.Credentials = CredentialCache.DefaultCredentials ;
with
binding.Credentials = new NetworkCredential(userName, password, domain);
Its run fine. Is there any way I could able to use default credential.
Hi,
As this question is more relate to Exchange development, I suggest you post it to the corresponding forum, you will get more help and confirmed answers from there.
http://social.msdn.microsoft.com/Forums/office/en-US/home?category=exchangeserver
Best regards
Patrick Liang
TechNet Community Support -
Adobe Print Form Error - Invalid Response Code: (401) Unauthorized
Hi, I've just configured ADS on Netweaver 2004s. I've run through the config guide and everything works ok including the form generation test report FP_TEST_00 which outputs PDF without issue. I have two problems:
-When I run a "test connection" on the RFC destination 'ADS' using the ADSUSER for the login details, I get a 403 not authorized error. Changing this user to J2EE_ADMIN resolves the issue and I get a 302 redirect. I've tried adding other permissions to the ADSUSER without any luck.
-Running a report on the Portal under e.g. Executive Reporting and attempting to just right-click and hit "Print Version" results in a 401 error for request "http://hostXX:portXX/AdobeDocumentServices/Config?style=document" exactly as per this thread: Re: Adobe Form Creation Error - Invalid Response Code: (401) Unauthorized. However, I've double-checked all user details in Visual Administrator (ADS_AGENT) and on the ABAP stack side in su01 and sm59. I also tried changing the users to dialog with no effect. If I go directly to that URL and log in with ADSUSER I get a 403 not authorised error (using J2EE_ADMIN is again successful). I've noticed that in the http access log the HTTP protocol used is 1.1 when using the web browser and 1.0 when using the sm59 connection test. I've heard of problems with using HTTP/1.1, but when I change the options on IE8 to use HTTP/1.0, it changes for all other requests except the request for "http://hostXX:portXX/AdobeDocumentServices/Config?style=document", which is still submitted as HTTP/1.1. Conversely, in sm59 if I specify that it should use HTTP/1.1 under Special Options, I can see from the access log that it is in fact still using HTTP/1.0. Could this be related to the 401 error code that I'm seeing?
Any help would be appreciated. Thanks,
JohnI think I've ruled out the HTTP protocol version as being an issue here. However I may have found more useful information on the actual issue.
In the security log under usr\sap\<SID>\DVEBMGS00\j2ee\cluster\server0\log\system I see a different message for the unsuccessful report PDF generation attempt to that of a direct query to the same URL with the same web browser, as below. The unsuccessful attempt appears to forget the ADSUSER credentials and resort to the default J2EE_GUEST which has no authorisations and therefore fails. The direct query doesn't lose the ADSUSER credentials and I think this is because it prompts for the user/password when needed. Does anyone know why this happens for a direct query to this URL but not for the PDF generation attempt?
Resulting logs from unsuccessful PDF generation attempt:
#1.5 #005056AF1EB300750000002D0000142000048B4D2208F055#1279063306899#/System/Security/WS/SecurityProtocol#sap.com/irj#com.sap.security.core.client.ws.AuthenticationContext.setDestination#AICL0001#622##<host>_<sid>_3576650#AICL0001#4c1a62608ed511dfbe2a005056af1eb3#SAPEngine_Application_Thread[impl:3]_5##0#0#Info#1#com.sap.security.core.client.ws.AuthenticationContext#Java###An destination was set with the following properties:
{0}.#1#{PROXY_ENABLED=false, CLIENT_AUTHENTICATION_KEYSTORE_VIEW=, SAP_SID=, SLD_URL=, USERNAME=ADSUSER, SLD_WS_NAME=, URL=http://<host>:50000/AdobeDocumentServices/Config?style=document, PROXY_URL=, SSL_SERVER_AUTHENTICATION=IGNORE, SLD_WS_SYSTEM_NAME=, PASSWORD=XXX, SLD_WS_PORT=, SAP_CLIENT=, DEFAULT_URL=http://localhost:50000/AdobeDocumentServices/Config?style=document, Authentication=BASIC, CLIENT_AUTHENTICATION_KEYSTORE_CERTIFICATE=, URL_CHOICE=Custom, SAP_LANGUAGE=}#
#1.5 #005056AF1EB30072000000250000142000048B4D220A12ED#1279063306977#/System/Security/Authentication##com.sap.engine.services.security.authentication.logincontext#J2EE_GUEST#0##<host>_<sid>_3576650#Guest#4c1a62608ed511dfbe2a005056af1eb3#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: com.adobe/AdobeDocumentServices*AdobeDocumentServices_Config
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule SUFFICIENT ok exception true Authentication did not succeed.#
Successful direct access of URL http://<host>:50000/AdobeDocumentServices/Config?style=document (click on rpData test and manually log in as ADSUSER):
#1.5 #005056AF1EB30070000000250000142000048B4D3E260016#1279063778670#/System/Security/Authentication##com.sap.engine.services.security.authentication.logincontext#ADSUSER#675##<host>_<sid>_3576650#Guest#812f72008ed611dfa62d005056af1eb3#SAPEngine_Application_Thread[impl:3]_14##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.OK
User: ADSUSER
Authentication Stack: com.adobe/AdobeDocumentServices*AdobeDocumentServices_Config
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule SUFFICIENT ok true true
Central Checks true #
#1.5 #005056AF1EB30070000000260000142000048B4D3E2666A6#1279063778702#/System/Security/Audit/J2EE##com.sap.engine.services.security.roles.audit#ADSUSER#675##<host>_<sid>_3576650#ADSUSER#812f72008ed611dfa62d005056af1eb3#SAPEngine_Application_Thread[impl:3]_14##0#0#Info#1#com.sap.engine.services.security.roles.audit#Java###{0}: Authorization check for caller assignment to J2EE security role [{1} : {2}].#3#ACCESS.OK#SAP-J2EE-Engine#all# -
Hello,
I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment. I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
way. I've followed these instructions (among many other resources found along this journey) :
http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error. I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output. Please explain how to fix if you're able.
Please Note: I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
Also Note: I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
Here's my ULS output:
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request.
IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Deployment acjjg Medium The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
= 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrv Medium redirectLaunUrl after getting it from query
string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens} 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General aib0n High trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrw Medium redirectLaunUrl after getting token replacement:
https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsry Medium m_oauthAppId after NormalizeAppIdentifier()
i:0i.t|ms.sp.ext|[email protected]8df36d5d. Now getting app principal info. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr0 Medium decided that we need to do a POST to the
app. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr1 Medium m_redirectMessage: EndpointAuthorityMatches
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr2 Medium realm matched attempting to get app token
using GetAccessToken() 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth advzm High Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr3 High App token requested from appredirect.aspx
for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it. This may be a case when we do not need a token or when the app principal was not properly set up. LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
Exception Message:The Azure Access Control service is unavailable. Stacktrace: at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest().
Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General ajlz0 High Getting Error Message for Exception Microsoft.SharePoint.SPException:
The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext) at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth aib0p Medium Doing appredirect from appredirect.aspx:
in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
Execution Time=26.5933938531294 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
Your help is very much appreciated.
With Respect,
LarryYes, actually - I was able to resolve it.
However I don't know how, unfortunately. I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing. It was a daunting task, but I finished it successfully.
If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
NOTE: I'm not all impressed with the way this forum works. This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions. Completely lame. Boooooo Microsoft. -
401 - Unauthorized error while connecting to userprofile web service in InfoPath 2010
Hello,
I have 2wfe (NLB), 2app, 1db farm.
Everything is working fine except for one computer! I have several InfoPath forms, they have custom webservices and userprofile web service. They work without any problem, but there is one computer that gives me 401-Unathourized Error! I'm not sure it is
double hop issue because there is no other user/computer we are having a problem!
I checked several blogs, they refer to hosts file, but not sure because why is it happening only on one computer?
I have hosts files refers to 127.0.0.1 webapp .
What could be the issue? I have other Service Apps are working without any issues.
Could you please help me?
Thank You
OrrinHi ,
No, due to the issue is happening only on one computer.
The error "(401) Unauthorized" usually indicates that the connection has been established but the permission check fails. InfoPath Form Services uses the application pool identity of the web
application to connect to resources.
Does the account which login the computer have permission to connect to User Profile Service Application?
For a workaround, you can go to IIS Manager , set the User Profile Application Pool to Anonymous Access and try again.
Also you can have a look at the blog:
http://sharepointconnoisseur.blogspot.in/2011/04/how-to-resolve-401-unauthorized-error.html
Best Regards,
Eric
Eric Tao
TechNet Community Support
Maybe you are looking for
-
Issue In Posting Proof Of Delivery Using Idoc using Message Type STPPOD
Hi , (The details I have attached in the below file.) We are trying to perform proof of delivery with respect to a outbound delivery via IDOC using idoc inbound function module IDOC_INPUT_STPPOD. Everything is working fine except when it is creating
-
i want to unlock my iphone from verizon to indian gsm network.Can u people piz help me?
-
Can I use a CDRW like a floppy disc to add tracks in multiple sessions???
I want to burn an mp3 CD in iTunes for my car, but I sometimes want to remove a track or add another. Is this possible? If so, with iTunes? I have Toast Titanium 8 also installed, don't really use as much though. Thanks in advance!
-
Dynamically Extending Footer?
Hello! I finally found the time to try and overhaul my website that was built for me, and the one thing I absolutely abhor about it is how the footer cuts off and leaves open white space below it if the monitor viewing size is too large! The website
-
A few problems with install on Macbook 2,1
I used diskutil to set a 4G SWAP partition, and a HFS+ Arch partition. Did not make a separate boot partition. I downloaded and installed rEFit. Went through the Macbook Install wiki, but grub would not install on /dev/sda3 even with the sfdisk -c