Article 23 from 30 : Troubleshooting High-Trust App

This post is article 23 from the 30 Articles App series for SharePoint

In this article I will be discussing about basic guidelines on troubleshooting tips for High-Trust apps. I assume that you already has good understanding of High-Trust app and how to develop one.

Below are some steps you should consider to look into when you run into problems:

(1)    For Hight-Trust App your remote web’s web.config should have appsetting something like below

<appSettings>

<add key="ClientId" value="your-client-id-guid-in-lowercase"/>

<add key="ClientSecret" value="client-secret"/>

<add key="ClientSigningCertificatePath" value="C:\cert.pfx"/>

<add key="ClientSigningCertificatePassword" value="****"/>

<add key="IssuerId" value="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"/>

</appSettings>

(2)    Refer to article-15 to know about how to configure high-trust using client-certificate and configuring high-trust.

(3)    App deployed successfully but client context is always null or you are getting 401 unauthorized error

Make sure you are passing valid identity of Logged in user,

Do iisreset after high-trust configuration if necessary

(4)    App deployed successfully but you are getting 403 forbidden error

oAuth requires SharePoint to run HTTPS. So whenever your SharePoint app attempt to make a call using a test certificate, you will get 403 (forbidden) error.

To overcome this issue, simply turn off HTTPS on your development SharePoint environment using following Powershell command:

$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()

Hope that helps..!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s