I am writing an app that is using Windows Azure AD to authenticate to SharePoint Online. I'm trying to provision some files from the app to an existent site collection on the SharePoint tenant. This works with the default site collection located on [subdomain].sharepoint.com but when I'm trying to provision files on a non default site collection,i.e. [subdomain].sharepoint.com/mysite the code throws this exception:
[WebException: The remote server returned an error: (400) Bad Request.]
System.Net.HttpWebRequest.GetResponse() +6540964
Microsoft.IdentityModel.Clients.ActiveDirectory.<GetResponseSyncOrAsync>d__2.MoveNext() +382
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
Microsoft.IdentityModel.Clients.ActiveDirectory.<SendPostRequestAndDeserializeJsonResponseAsync>d__0`1.MoveNext() +414
[AdalServiceException: AADSTS50001: Resource 'https://[subdomain].sharepoint.com/sites/mysite' is not registered for the account.
Trace ID: f9d32123-4a42-4890-bf5d-7e979083ed18
Correlation ID: 71a6d021-270d-4974-8bd6-b17fb06aab9d
Timestamp: 2014-12-19 11:21:30Z]
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask(Task`1 task) +89
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenByRefreshToken(String refreshToken, ClientCredential clientCredential, String resource) +59
...Authorization.Azure.TokenHelper.GetContext(String refreshToken, String site) in d:\...\Authorization\Azure\TokenHelper.cs:30
...Authorization.AuthorizationManager.GetClientContextFromAzureCode(String code, String site) in d:\..\Authorization\AuthorizationManager.cs:57
...Pages.Install.btnInstall_Click(Object sender, EventArgs e) in d:\..\Pages\Install.aspx.cs:65
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +9628114
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +103
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1724
I checked App permission in AD and it has permissions to write on all site collections. Is there something wrong with my configuration or should I try a different approach?
We had the same issue here. In our C# app we use HttpClient to hit the SharePoint REST API to read items from a list. During development, we had set up a list under Team Site. The URL we used to hit the API looked a bit like this:
https://mycompany.sharepoint.com/_api/web/lists/getbytitle('MyList')/items
In the App.config we set up a ServiceResourceId parameter. This was used as the resource parameter when calling the AcquireToken() method of Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext. Importantly, we also used this as our base URL for API calls.
When we tried to move over to a production scenario, the list in question sat within a custom site - not the team site. We could log into a browser and hit the URL like this and see results being returned:
https://mycompanylive.sharepoint.com/MySiteName/_api/web/lists/getbytitle('MyList')/items
We had changed the ServiceResourceId to https://mycompanylive.sharepoint.com/MySiteName/ which no longer allowed us to sign in and threw the exception you mention. The fix was to have a config parameter with the base service URL which is used when authentication then another parameter used as the base URL when calling the API. In the example I mentioned, it looks like this:
<!-- Pass this to AcquireToken() during authentication. This should be the root of your SharePoint instance. -->
<add key="ServiceResourceLoginId" value="https://mycompanylive.sharepoint.com/"/>
<!-- The base URI when using HttpClient to call the API. -->
<add key="APIBaseURI" value="https://mycompanylive.sharepoint.com/MySiteName/"/>