Saturday, January 26, 2013

SharePoint 2013 Provider hosted high trust app server returned an error: (401) Unauthorized or 403 forbidden

Scenario: While deploying provider hosted high trust app on to http site on port 80 (not https), I got 401 and 403 forbidden error

Solution: If you get this error ensure below steps:-

1. There is no user profile created for the user the app is acting on behalf of. Ensure that you have created a user profile for the user accessing the remote app.

2. You app certificate was not added to the trusted certificate store.

3. Your .NET web application is accepting anonymous requests. This means there is not a real user identity in the access token. Ensure that the root directory of your remote web app has anonymous access disabled in IIS.

If none of the above worked for you then run below command in "SharePoint 2013 Management Shell":-
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.AllowOAuthOverHttp = $true
$serviceConfig.Update()

The above command will turn off the HTTPS