Setting Like in High Trust Provider-Hosted App

Similar Messages

• Creating High trust provider hosted app in SharePoint online

  Hi,
  I need to create high trust provider hosted app for SharePoint Online. provider hosted would be not going to host in Azure but it will be some where else.
  some kindly provide step by step that how to create High trust app for SharePoint online but not for SharePoint 2013.
  Kaps

  check this link
  http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx#Intro
  A high-trust app for SharePoint is is primarily intended for use in an on-premises environment. The high-trust
  app cannot be installed to Microsoft SharePoint Online, and the remote components are typically installed on premises, too, within the corporate firewall. Thus, the instances of the app for SharePoint are specific to each individual company.
  Kind Regards, John Naguib Technical Consultant/Architect MCITP, MCPD, MCTS, MCT, TOGAF 9 Foundation

• Why do we need UPA for rehydrating users in Sharepoint provider hosted app scenario?

  Our on prem. SPS 2013 environment is configged to authenticate through ADFS against a third party IDP. We know nothing about these users, the returned SAML contains a role and based on this role we authorize user in SPS. This works great.
  No we are investigating high-trust provider hosted apps (on prem, no azure acs). We have created a simple MVC, and configged it to use ADFS. Now if users are authenticated from SPS they can call the MVC and the ADFS token is reused. Works perfect. Only thing
  is that whenever we need to call Sharepoint code through the client objectmodel, we get a 401 and the ULS shows that SPS is not able to map the incoming user to a user in User Profile DB. Off course it can't because the user is not in UPA and cannot be in
  UPA beacuse the users are stored outside our domain and there is no way to sync these to our SPS environment. I read a couple of blogs about this issue and the all say that we ned to sync with the user repository to fill upa; but again that cannot be (suppose
  on of our IDP's was facebook...?)
  The construction works if we use apponly security, but now we lose our SPS security. So my real question is, can we some how workaround User Profile service in the scenario, or at least without needing to sync these users.
  Any help/guidance is much appreciated!
  Sander

  Hi John,
  No we were not able to find a solution. The provider hosted app-model of SPS 2013 just does not take into account that in some cases useraccounts are not available. We could not find a way around user rehydration. Off course you can all ways use another
  security model like app-only policies, but that was not sufficient for us. It was also kind of disappointing there was no way to handle this; th emost problematic for me personal is that I cannot think of a reason why the rehydration can not be skipped in
  some way. If you configure it to run within SPS itself, rehydration is not necessary, so why it seams mandatory in provider hosted app beats me ;-)
  We went back to good old farm-solutions with webparts. 
  Sorry 
  Sander

• Provider hosted app in windows Azure cloud Virtual Machine

  Hi
  thanks in advance,
  1. I am having requirement to setup a sitecollections specific to clients with same app installed for each client site collection( as app will act specific to client configuration).
  Thoughts :
  1. Create a provider hosted app or SharePoint hosted app and SharePoint site collections in the same virtual machine in Cloud.
   I am able to achieve high Trust provider hosted app on premise, it is working.
  Can any body suggest my thoughts on the approach is right or wrong. If wrong please suggest me how to achieve this.

  Hi,
  I have a sharepoint online site and Azure Virtual Machine.
  I have developed 4 SharePoint provider hosted apps and I want to deploy the same in office 0365 and App web should in Azure VM.
  So I seek help in terms with understanding the deployment.
  Because Azure comes with its own certificate cloudapp.net and what I find is this is a private certificate so I cannot use it outside.
  Please let me know if I am wrong, I need to buy a third party SSL certificate but doing so can I map it with cloudapp.net domain(which is provided by microsoft). Also Virtual machine is not in the domain. If so then do I also need a wild card certificate
  because I need to deploy 4 apps.
  just to conclude,
  I have SharePoint online site.
  Azure Virtual Machine (can I use the cloudapp.net certificate)
  SharePoint provider hosted apps(4 apps).
  Thanks and Regards Anup Kadam

• SharePoint 2013 Provider hosted App installation error

  Hi All,
  I am trying to install a provider hosted app in SharePoint 2013. Installation goes for about 15mins and get "Sorry, something went wrong
  with adding the app. Click to retry."
  Please find belw ULS details for Correlation ID:
  Error when try to get access token when deploy AppInstanceId 7bcf1d9d-897a-48a1-b4f4-cd3120fd98a5 with AppPrincipalId i:0i.t|ms.sp.ext|[email protected]01b993b6. Exception=System.InvalidOperationException:
  An unexpected error was returned from the delegation service.  Error Code: 'invalid_client' Error Description: 'ACS65003: The clientId 'd12de581-316c-4224-b58b-e91ac2042150/www.SERVERNAME.DOMAIN.com@0d85160c-5899-44ca-acc8-db1501b993b6' is not a valid
  service identity.  Trace ID: 4a0c4974-94f4-4077-9a22-2ba5f0abb444  Correlation ID: 674d9839-686b-45f3-be46-31db4dc2a9d0  Timestamp: 2014-07-23 09:34:49Z'    
   at Microsoft.SharePoint.Administration.SPAzureAccessControlDelegationServiceClient.HandleUnexpectedError(SPAzureAccessControlDelegationServiceResponse delegationServiceResponse)    
   at Microsoft.SharePoint.ApplicationServices.SPApplicationContextAccessToken.GetResponseOrThrow[T](SPAzureAccessControlDelegationServiceClient delegationServiceClient, SPAzureAccessControlDelegationServiceResponse delegationServiceResponse)    
   at Microsoft.SharePoint.ApplicationServices.SPApplicationContextAccessToken.IssueApplicationContextAccessToken(SPServiceContext serviceContext, SPApplicationContextAccessTokenCreationParameters creationParameters)    
   at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType
  consentValue)    
   at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenForDeploymentTask(Guid siteId, SPUserToken userToken, String appPrincipalId)    
   at Microsoft.SharePoint.Lifecycle.SPAppPrincipalAccessTokenTask.<>c__DisplayClass1.<Deploy>b__0()
  sudesh withanage

  Hi  sudesh,
  According to your description, my understanding is that you encountered the error “An unexpected error was returned from the delegation service" when you try to add a SharePoint 2013 Provider hosted App.
  As the error message says, the clientId 'd12de581-316c-4224-b58b-e91ac2042150/www.SERVERNAME.DOMAIN.com@0d85160c-5899-44ca-acc8-db1501b993b6' is not a valid service identity when your SharePoint  try
  to get access token via ACS. Is there any plans to develop a low trust mechanism for non-connected scenarios? i.e. low trust provider hosted apps with no external connection, like say for a Bank who lock down external access.  Please  follow the
  steps as the blog  to set development environment for  SharePoint Low-Trust Apps:
  http://blogs.msdn.com/b/besidethepoint/archive/2012/12/10/sharepoint-low-trust-apps-for-on-premises-deployments.aspx?PageIndex=1#comments
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• SharePoint Provider Hosted App that can update existing SharePoint Task List

  Note: I am unable to take advantage of the Microsoft.SharePoint library directly. Adding a reference results in a 32bit/64bit library mismatch error.
  I have to find a solution that uses only the Microsoft.SharePoint.Client extension. 
  I am looking for example code where provider-hosted SharePoint App loads a SharePoint Task List View that allows users to interact with the tasks.
  So far I have only been able to programmatically create and then load the SharePoint tasks list, create and populate a DataTable object and set the datasource of a GridView object to that DataTable.
  I am unable to trigger my method linked to my checkbox within the gridview.
  Ideally I would like to just customize a Task View that already has this functionality.
  Here is my default.aspx.cs code-behind file:
  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Web;
  using System.Web.UI;
  using System.Web.UI.WebControls;
  using System.Data;
  using SP = Microsoft.SharePoint.Client;
  namespace SPAppBasicWeb
  public partial class Default : System.Web.UI.Page
  protected void Page_PreInit(object sender, EventArgs e)
  Uri redirectUrl;
  switch (SharePointContextProvider.CheckRedirectionStatus(Context, out redirectUrl))
  case RedirectionStatus.Ok:
  return;
  case RedirectionStatus.ShouldRedirect:
  Response.Redirect(redirectUrl.AbsoluteUri, endResponse: true);
  break;
  case RedirectionStatus.CanNotRedirect:
  Response.Write("An error occurred while processing your request.");
  Response.End();
  break;
  protected void Page_Load(object sender, EventArgs e)
  // The following code gets the client context and Title property by using TokenHelper.
  // To access other properties, the app may need to request permissions on the host web.
  var spContext = SharePointContextProvider.Current.GetSharePointContext(Context);
  using (var clientContext = spContext.CreateUserClientContextForSPHost())
  //clientContext.Load(clientContext.Web, web => web.Title);
  //clientContext.ExecuteQuery();
  //Response.Write(clientContext.Web.Title);
  SP.ClientContext cc = new SP.ClientContext("http://server/sites/devapps");
  SP.Web web = cc.Web;
  SP.List list = web.Lists.GetByTitle("General Tasks");
  SP.CamlQuery caml = new SP.CamlQuery();
  Microsoft.SharePoint.Client.ListItemCollection items = list.GetItems(caml);
  cc.Load<Microsoft.SharePoint.Client.List>(list);
  cc.Load<Microsoft.SharePoint.Client.ListItemCollection>(items);
  //try
  //const int ColWidth = 40;
  cc.ExecuteQuery();
  DataTable dt = new DataTable();
  dt.Columns.Add("Task Name", typeof(string));
  dt.Columns.Add("ID", typeof(int));
  foreach (Microsoft.SharePoint.Client.ListItem liTask in items)
  DataRow dr = dt.NewRow();
  dr["Task Name"] = liTask["Title"];
  dr["ID"] = liTask["ID"];
  //dr["chkTask"] = liTask["Checkmark"];
  dt.Rows.Add(dr);
  GridView1.DataSource = dt;
  GridView1.DataBind();
  protected void chkTask_CheckedChanged(object sender, EventArgs e)
  //add code here to update Task Item by ID
  Response.Write("checkbox event triggered");
  Here is my simple default.aspx:
  <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="SPAppBasicWeb.Default" %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head runat="server">
  <title></title>
  </head>
  <body>
  <form id="form1" runat="server">
  <div>
  <asp:GridView ID="GridView1" runat="server">
  <Columns>
  <asp:TemplateField>
  <ItemTemplate>
  <asp:CheckBox ID="chkTask" runat="server" OnCheckedChanged="chkTask_CheckedChanged" AutoPostBack="true" />
  </ItemTemplate>
  </asp:TemplateField>
  </Columns>
  </asp:GridView>
  </div>
  </form>
  </body>
  </html>
  http://www.net4geeks.com Who said I was a geek?

  Hi,
  Please try to modify your code as below:
  using (var clientContext = spContext.CreateUserClientContextForSPHost())
  SP.Web web = clientContext.Web;
  SP.List list = web.Lists.GetByTitle("General Tasks");
  SP.CamlQuery caml = new SP.CamlQuery();
  Microsoft.SharePoint.Client.ListItemCollection items = list.GetItems(caml);
  clientContext.Load(items);
  clientContext.ExecuteQuery();
  If the code still not works, I suggest you debug the code or following the blog below to create a Provider-Hosted App for SharePoint and read list items from SharePoint list.
  http://blogs.msdn.com/b/steve_fox/archive/2013/02/22/building-your-first-provider-hosted-app-for-sharepoint-part-2.aspx
  Best Regards
  Dennis Guo
  TechNet Community Support

• Provider-hosted Apps debug error: The remote server returned an error: (401) unauthorised

  Hi,
  Any help appreciated!!
  I'm getting this error: "The remote server returned an error: (401) unauthorised when I debug a provider-hosted app.  I get the error on this line:  
  HttpWebResponse response = (HttpWebResponse)request.GetResponse();
  See code below
  I created a high trust development environment following the instructions provided here:
  http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx and
  http://msdn.microsoft.com/library/office/fp179923
  I created a provider-hosted app with the intent to:
  create a SharePoint list in the appweb
  Use self-signed certificate, tokenhepler.cs and sharepointcontext.cs to retrieve current user context and access on SharePoint.  (No changes were made to tokenhelper.cs and sharepointcontext.cs)
  retrieve list items from the SharePoint list in a button click event handler on a default.aspx of the remote web
  What happens:
  The app is deployed successfully to the Dev site
  The SharePoint feature is deployed and activated
  The default.aspx page of the remote web loads
  The error (see image) is returned on clicking of the button
  My environment is an on-premise SharePoint 2013 with AD and my dev box is standalone windows 8.1 running Visual Studio Professional 2013 Update 3.
  The code block below is a copy of the default.aspx code-behind
  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Web;
  using System.Web.UI;
  using System.Web.UI.WebControls;
  using Microsoft.SharePoint.Client;
  using Microsoft.IdentityModel.S2S.Tokens;
  using System.Net;
  using System.IO;
  using System.Xml;
  using System.Data;
  using System.Xml.Linq;
  using System.Xml.XPath;
  namespace Idea.GeneratorWeb
  public partial class Default : System.Web.UI.Page
  SharePointContextToken contextToken;
  string accessToken;
  Uri sharepointUrl;
  protected void Page_PreInit(object sender, EventArgs e)
  Uri redirectUrl;
  switch (SharePointContextProvider.CheckRedirectionStatus(Context, out redirectUrl))
  case RedirectionStatus.Ok:
  return;
  case RedirectionStatus.ShouldRedirect:
  Response.Redirect(redirectUrl.AbsoluteUri, endResponse: true);
  break;
  case RedirectionStatus.CanNotRedirect:
  Response.Write("An error occurred while processing your request.");
  Response.End();
  break;
  protected void Page_Load(object sender, EventArgs e)
  //// The following code gets the client context and Title property by using TokenHelper.
  //// To access other properties, the app may need to request permissions on the host web.
  var spContext = SharePointContextProvider.Current.GetSharePointContext(Context);
  //var spContext = new ClientContext("MySPDevInstance");
  //spContext.Credentials = new NetworkCredential("username", "password");
  //using (var clientContext = spContext.CreateUserClientContextForSPHost())
  // clientContext.Load(clientContext.Web, web => web.Title);
  // clientContext.ExecuteQuery();
  // Response.Write(clientContext.Web.Title);
  string contextTokenString = TokenHelper.GetContextTokenFromRequest(Request);
  if (contextTokenString != null)
  // Get context token
  contextToken = TokenHelper.ReadAndValidateContextToken(contextTokenString, Request.Url.Authority);
  // Get access token
  sharepointUrl = new Uri(Request.QueryString["SPAppWebUrl"]);
  accessToken = TokenHelper.GetAccessToken(contextToken, sharepointUrl.Authority).AccessToken;
  // Pass the access token to the button event handler.
  Button1.CommandArgument = accessToken;
  protected void Button1_Click(object sender, EventArgs e)
  // Retrieve the access token that the Page_Load method stored
  // in the button's command argument.
  string accessToken = ((Button)sender).CommandArgument;
  if (IsPostBack)
  sharepointUrl = new Uri(Request.QueryString["SPAppWebUrl"]);
  // REST/OData URL section
  string oDataUrl = "/_api/Web/lists/getbytitle('Diagrams In Idea Generator')/items?$select=Title,Diagram,SharingStatus";
  // HTTP Request and Response construction section
  HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(sharepointUrl.ToString() + oDataUrl);
  request.Method = "GET";
  request.Accept = "application/atom+xml";
  request.ContentType = "application/atom+xml;type=entry";
  request.Headers.Add("Authorization", "Bearer " + accessToken);
  HttpWebResponse response = (HttpWebResponse)request.GetResponse();
  // Response markup parsing section
  XDocument oDataXML = XDocument.Load(response.GetResponseStream(), LoadOptions.None);
  XNamespace atom = "http://www.w3.org/2005/Atom";
  XNamespace d = "http://schemas.microsoft.com/ado/2007/08/dataservices";
  XNamespace m = "http://schemas.microsoft.com/ado/2007/08/dataservices/metadata";
  List<XElement> entries = oDataXML.Descendants(atom + "entry")
  .Elements(atom + "content")
  .Elements(m + "properties")
  .ToList();
  var entryFieldValues = from entry in entries
  select new
  Character = entry.Element(d + "Title").Value,
  Actor = entry.Element(d + "Diagram").Value,
  CastingStatus = entry.Element(d + "SharingStatus").Value
  GridView1.DataSource = entryFieldValues;
  GridView1.DataBind();
  Any ideas what I might be doing wrong

  Hi ,
  Use the below code
  Public string GetAccessToken(){
  string sharePointSiteUrlHost =  Page.Request["SPHostUrl"].Tostring();
  string AccessToken = tokenHelper.GetS2SAccessTokenWithWindowsIdentity(sharePointSiteUrlHost, Request.LogonUserIdentity);
  return accessToken;
  Than initialize the ClientCOntext with the below Method
   private static ClientContext GetClientContextWithAccessTokenString(string targetUrl, object accessToken)
              ClientContext clientContext = new ClientContext(targetUrl);
              clientContext.AuthenticationMode = ClientAuthenticationMode.Anonymous;
              clientContext.FormDigestHandlingEnabled = false;
              clientContext.ExecutingWebRequest +=
                  delegate(object oSender, WebRequestEventArgs webRequestEventArgs)
                      webRequestEventArgs.WebRequestExecutor.WebRequest.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
                      webRequestEventArgs.WebRequestExecutor.RequestHeaders["Authorization"] =
                          "Bearer " + accessToken;
              return clientContext;
  use this clientCOntext and it will work.
  Do not use
  SharePointContextProvider
  Whenever you see a reply and if you think is helpful,Vote As Helpful! And whenever you see a reply being an answer to the question of the thread, click Mark As Answer

• Creating app scoped external content type using Provider Hosted App in sharepoint 2013 using visual studio 2012

  Hi,
  I am creating provider hosted app in visual studio 2012 using app scoped external content type having OData with Northwind url
  App manifest start page url  :
  ODataNewAppWeb/Pages/Default.aspx
  In XML it is:
  <StartPage>~remoteAppUrl/Pages/Default.aspx</StartPage>
  When i am deploying app pressing F5 the app gets deployed successfully....
  Now i am changing my start page url in Appmanifest like this:
  ODataNewApp/Lists/Employees
  In XML it looks like:
  StartPage>~appWebUrl/Lists/Employees</StartPage>
  When i am deploying app pressing F5 the app..
  Getting register SOD error.....
  I have followed all the steps like:
  1)Creating app domain
  2)Starting all the required services
  3)Creating root site collection
  But still no success.. Please help me on this.... I am struggling with this from two weeks...

  Have you set up a wildcard DNS entry for the spapps.com domain?
  Also if you're trying to connect from the server you might be hitting loop back check issues.

• SharePoint Online - Provider hosted App - Deployed in on-premise environment

  Hi
  We are evaluating SharePoint online and wanted to know if the following is possible? If yes, can anyone share his/her experience and issues faced?
  We want to deploy a provider-hosted app to a on-premise environment. This app will need to connect to SharePoint online. What are the requirements from hosting perspective for the on-premise server? Does the server require anything specific so that it is
  able to connect to SPOnline? Should it be outside the corporate firewall?
  What is the difference between SharePoint online standard and dedicated plans, in the context of Provider hosted app. Are there limitations with respect to what can & cannot be done in a Provider hosted app in these environments?
  How do I know if am using a SharePoint online standard or a dedicated plan? Where to look for?
  I have seen few articles where the provider hosted app is deployed to windows azure and is connecting to SharePoint online. However this is not the case with us (i.e. we do not have windows azure for now)
  Regards,
  Deven

  Below links answer most of your questions:
  App- code
  http://msdn.microsoft.com/en-us/library/office/fp142381(v=office.15).aspx 
  How to create high trust apps-  http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx
  How to deploy- http://msdn.microsoft.com/en-us/library/office/jj860570(v=office.15).aspx
  Go to billing and subscriptions and you will see what plan you have. Dedicated plans names and options are in this link- http://technet.microsoft.com/en-us/library/dn151715.aspx 
  Regards
  Libin
  Whenever you see a reply and if you think is helpful, click "Vote As Helpful"! And whenever you see a reply being an answer to the question of the thread, click "Mark As Answer Feel free to unmark answer if does not resolves your problem.

• SharePoint remote provider hosted apps - confusion around key questions

  For some time, I have been trying to get a provider hosted app setup to work, and I am afraid that I - as a relative novice - must have missed some key points despite hours of googling and reading. Here's my questions:
  A remote, provider hosted app, would have its AppWeb in a domain that is different from the host SharePoint Farm in which it is gets installed and used. In other words, the AppWeb may be located at remote.contoso-apps.com, where as the SharePoint farm uses
  for instance spslocal.mycorp.com. However, when you - in the SharePoint host farm - set up your App Domain/App isolation - you can only provide one value - which in this case would then need to be remote.contoso-apps.com??? Does that mean that each SharePoint
  Farm can only contain Apps from one vendor delivering remote apps? Or is the key in hard coding the app web in the manifest? (However, even if I've tried this it seems like the token SPAppWebUrl still translates into the pattern defined in the App Isolation
  Settings in the host farm???).
  Back to the AppWeb: Many bloggers have mentioned that you have to add some kind of SharePoint element to your App project (not the Web Project part) to get the AppWeb provisioned from Visual Studio 2013. But at what stage are these SharePoint elements actually
  provisioned - during some kind of publish operation of the Web Project part (the Pages, Scripts etc.) or when you install the app package (hardly the latter, since the first installation may be when a customer installs the app???). The reason I ask is (of
  course) that my SharePoint Elements do not seem to get provisioned. And just to test my very basic understanding: the AppWeb can be any pure IIS web site from the start - i.e., not a SharePoint Web App?
  Thanks for any help on these challenging issues!

  Paul,
  thanks for your effort, but unfortunately the answers do not get me much further.
  Question 1: You write "You can only use one domain, because cross-domain IFrame requests are blocked in SharePoint 2013". This is contrary to numerous other articles that explain how the SharePoint cross-domain library (SP.RequestExecutor.js) can be
  used to communicate across domains. From the outset, the whole idea about an AppWeb is - according to Microsoft documentation - that the AppWeb should be isolated from the HostWeb and therefore in a separate domain. 
  This article,
  http://msdn.microsoft.com/en-us/library/office/jj612823(v=office.15).aspx, even talks about scenarios where the SharePoint Host Web and App Web are in different security zones!
  So according to a load of other documentation it is indeeed a valid scenario I am addressing, but I still miss the key answers to the questions above. I suspect that the key is to hardcode certain URIs in your app that points to the cloud AppWeb
  (so the single App Domain specified in the Host Farm is not used at all), but I have failed to find the necessary documentation on this.
  Question 2: The article mentioned does not talk about the issues that I have asked about, specifically when the SharePoint elements in the App are created.
  Anyone with experience in this area? Thanks!

• Not able to debug Provider Hosted App in local (Deployed in Azure and Hosted in Office 365)

  I have Provider Hosted App - Deployed in Azure and Hosted in Office 365. 
  Deployed successfully on azure after attaching publishing profile of azure.
  Now I wish to debug app in local?

  Hi,
  According to your post, my understanding is that you want to debug SharePoint provider hosted app in local.
  Per the previous thread, to debug SharePoint provider hosted app in local, we should configure S2S authentication.
  You can follow the article below to build the high trust app, then you can debug the app locally.
  http://blog.karstein-consulting.com/2013/01/08/create-provider-hosted-high-trust-app-for-sharepoint-2013-short-guide/
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Provider-Hosted app intermittent 401 error

  Hi All,
    I've a PH high trust app which is working fine, but at times
  (not always) I'm getting 401 un-authorzed error. This is very intermittent error occurs when the app trys to access sharepoint. when the user refreshes the page its working fine.
  I've digged ULS log but couldn't find anything useful. However in event viewer found the below error.. I'm totally out of clues why its occurring only at times. Any help is appreciated. Thanks!
  Event code: 3005
  Event message: An unhandled exception has occurred.
  Event time: 1/5/2015 8:39:08 AM
  Event time (UTC): 1/5/2015 1:39:08 PM
  Event ID: 26b14be284ca4488abb0a5bba127c4c1
  Event sequence: 28
  Event occurrence: 1
  Event detail code: 0
  Application information:
      Application domain: /LM/W3SVC/2/ROOT-1-130649382841483100
      Trust level: Full
      Application Virtual Path: /
      Application Path: C:\TestWeb\
      Machine name: APPSERVER
  Process information:
      Process ID: 3408
      Process name: w3wp.exe
      Account name: Domain\ServiceAccount
  Exception information:
      Exception type: WebException
      Exception message: The remote server returned an error: (401) Unauthorized.
     at System.Net.HttpWebRequest.GetResponse()
     at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute()
     at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb)
     at App.Pages.WebForm1.Page_Load(Object sender, EventArgs e)
     at System.Web.UI.Control.LoadRecursive()
     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  Request information:
      Request URL: https://appsSite.domain.com/Pages/DisplayPage.aspx?a=EU/gibbs/35&SPHostUrl=http://SPSite.domain.com/sites/TestSite
      Request path: /Pages/DisplayPage.aspx
      User host address: 10.x.x.x
      User: Domain\User
      Is authenticated: True
      Authentication Type: Negotiate
      Thread account name: Domain\ServiceAccount
  Thread information:
      Thread ID: 14
      Thread account name: Domain\ServiceAccount
      Is impersonating: False
      Stack trace:    at System.Net.HttpWebRequest.GetResponse()
     at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute()
     at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb)
     at APP.Pages.WebForm1.Page_Load(Object sender, EventArgs e)
     at System.Web.UI.Control.LoadRecursive()
     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  Custom event details:

  Hi,
  According to your post, my understanding is that Provider-Hosted app get intermittent 401 error.
  If you use IssuerId in provider-hosted application web.config, please make it a lowercase Guid string.
   You need to make sure that the app certificate is added to the trusted certificate store.
  In addition, you can turn off the HTTPS using PowerShell.
  More information:
  http://www.jamestsai.net/Blog/post/SharePoint-Provider-Hosted-App-401-Unauthorized-error-on-clientContextExecuteQuery().aspx
  http://srichallagolla.blogspot.com/2013/01/sharepoint-2013-provider-hosted-high.html
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Provider hosted app - Site Provisioning activities

  Hi ,
  I am creating a Provider hosted app which does site provisioning activities like create site , create site columns, content types etc. I have almost 50 or more fields to be added. I am using the Provider hosted app - Process Event, and used SPRemoteEventType
  - App Installed.
  When the app is installed the above functionalities are done, as I need to code to do these activities synchronously.
  I am facing an issue in App Installed event that,during the code execution (consider the field creation method), since it takes some time to add all the fields, after some time limit,  the runtime comes to the start point of code execution , which is
  creation of token helper, and the methods already executed is also called again.
  I have executed the code in Release mode, the logs show the above behavior.
  I am not sure how I am getting this weird behavoir.
  Please advise.

  msdn (Handling events in apps for SharePoint):
  Your implementation of the App Installed event must complete and return an SPRemoteEventResult object
  within 30 seconds or the SharePoint installation infrastructure will think it has failed. The infrastructure will rerun the event, and repeat your code from the beginning, up to four times. After four timeouts,
  SharePoint will roll back the entire app installation. We recommend the following practices:
  If there is any code in your handler that should not be repeated after a timeout, put it in a conditional block that tests to see if it has already run. You must test the actual installed component. Simply setting
  a variable to true when a block of code completes does not work as a test because all variables are reinitialized when the event times out and restarts.
  Move installation code that takes more than 30 seconds into the app itself. You can add it to "first run" logic that executes the first time the app is launched. Alternatively, the app can prompt the
  user to run the installation code.
  If the preceding bullet item is not feasible for your app, another option is to have your event handler start a remote asynchronous process and then immediately return a SPRemoteEventResultobject.
  A weakness of this strategy is that if the remote process fails, it has no way to tell SharePoint to roll back the app installation.
  [custom.development]

• Provider hosted App certificates (.cer & .pfx)

  I have a implemented a provider hosted App inside the SharePoint 2013 server (the certificates .cer & .pfx  taken from the IIS of same server) and able to get the result. However I am not clear about taking the certificates in the multi server
  environment (SharePoint Server & IIS server for remote web app).
  can anyone please suggest from which server (Sharepoint Server or IIS server)  do I need to take the .cer & .pfx files to configure multi server environment ?
  Thanks

  Hi,
  According to your post, my understanding is that you want to create a provider hosted app and use NLB in premise environment.
  You need to use a different certificate on this ‘Listener’ web application.
  Configuring SharePoint 2013 Apps and Multiple Web Applications on SSL with a
  Single IP Address
  For more information, you can refer to:
  Aspiring Architect: Sharepoint 2013 - Avoiding Azure on Dev Box
  More TroubleShooting Tips for High Trust Apps on SharePoint 2013
  You need to ensure that all connections to the SharePoint servers are secure and encrypted
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Security certificate issue for Provider Hosted App (SP Online)

  Hi all,
  I am having a hard time with SP Online debugging a basic provider hosted app.
  Steps I have taken to create the app:
   created a new provider hosted app in Visual Studio 2013 and setting my SP Online debugging site (wich works perfectly for SP hosted apps).
  Chose Azure ACS option, although I do not have an Azure account
  When I deploy the app I get to the page on my debugging site where I must choose "Trust It", but when I do I get the message that the Connection is Unsecure/unsafe:
   How can I fix this? Do I need to create an Azure account for debugging purposes already? Or is there another way to solve the problem?

  Hi,
  I understand that you get Security certificate issue for Provider Hosted App (SP Online).
  Per my knowledge, you need to create an Azure account for debugging purposes.
  To create a SharePoint 2013 app for Office 365 and publish it to an Azure web site, you can refer to:
  http://blogs.msdn.com/b/kaevans/archive/2014/02/24/creating-a-sharepoint-2013-app-with-azure-web-sites.aspx
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support