You’re offline. This is a read only version of the page.
Announcements
This could be a tricky one, but I'm hoping someone will have some insight.
We have a single Sharepoint instance, which uses ADFS for authentication (red flag already, right?) Because of the wealth of issues we had connecting services to the ADFS endpoint, we extended the application to a different URL using Windows auth. This works fine for plenty of other purposes - I can connect to the REST API using PHP and Powershell, for example. I can also access it directly using PowerBI.
However - when I try and access using Flow, I get "401 UNAUTHORIZED". I've tried using every combination of authentication details I can think of - a dedicated account, my own account, the Sharepoint Farm admin, in both the DOMAIN\ and @domain.internal formats. None of them work.
The extension website has MS's default whack of authentication options turned on. Anonymous, ASP.NET Impersonation, Forms and Windows Auth are all turned on in IIS. This seems... wacky, but if I turn any of them off it both fails to fix the problem, and immediately breaks every other system accessing the API.
Has anyone seen anything like this, and is there something simple I'm missing?
Thanks!
Edit: Checking the ULS logs in Sharepoint, I'm seeing this:
Share
ReportName=Request (GET:https://ext.domain.name/_api/web/lists/getbytitle('hr')/EffectiveBasePermissions)
Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
Value for isAnonymousAllowed is : False
Value for checkAuthenticationCookie is : True
Claims Windows Sign-In: Sending 401 for request 'https://ext.domain.name/_api/web/lists/getbytitle('hr')/EffectiveBasePermissions' because the user is not authenticated and resource requires authentication.
Sending HTTP response 401 - text/plain:401 UNAUTHORIZED.
SPApplicationAuthenticationModule.IsBearerChallengeRequested: Return 'False'.From what I know about authentication, this is pretty standard when auth headers aren't either being provided, or being consumed correctly.
Edit 2: I may be on to something with my specific case. We put haproxy in front of the ext.domain.name site so it could be accessed externally; looks like the on-prem gateway is using the wrong DNS and is seeing the external (proxied) version instead of accessing the internal version directly. Still getting an access error, but it's "You do not have permission to access this resource" instead of "401 UNAUTHORIZED". I think I needed to rubber-duck with Reddit...
Edit 3: Still getting You do not have access... even when running as farm admin. I've got to be doing something wrong...
Hi @Anonymous,
In addition to connect to SharePoint directly from Microsoft Flow SharePoint connector, please take a try to build a custom connector for SharePoint, see if this would make any difference:
Which you can specify the authentication type when building the custom connector:
Register and use custom connectors in Microsoft Flow
Further, please check the contact support under the following page:
https://ms.flow.microsoft.com/en-us/support/
As the issue here should be more specific.
Regards,
Michael
All responses (
Answers (
525
