cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
paraxion
Level: Powered On

401 Unauthorized when connecting to Sharepoint via On-Prem Gateway

This could be a tricky one, but I'm hoping someone will have some insight.

 

We have a single Sharepoint instance, which uses ADFS for authentication (red flag already, right?) Because of the wealth of issues we had connecting services to the ADFS endpoint, we extended the application to a different URL using Windows auth. This works fine for plenty of other purposes - I can connect to the REST API using PHP and Powershell, for example. I can also access it directly using PowerBI.

 

However - when I try and access using Flow, I get "401 UNAUTHORIZED". I've tried using every combination of authentication details I can think of - a dedicated account, my own account, the Sharepoint Farm admin, in both the DOMAIN\ and @domain.internal formats. None of them work.

 

The extension website has MS's default whack of authentication options turned on. Anonymous, ASP.NET Impersonation, Forms and Windows Auth are all turned on in IIS. This seems... wacky, but if I turn any of them off it both fails to fix the problem, and immediately breaks every other system accessing the API.

 

Has anyone seen anything like this, and is there something simple I'm missing?

 

Thanks!

 

 

Edit: Checking the ULS logs in Sharepoint, I'm seeing this:

Name=Request (GET:https://ext.domain.name/_api/web/lists/getbytitle('hr')/EffectiveBasePermissions)
Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
Value for isAnonymousAllowed is : False
Value for checkAuthenticationCookie is : True
Claims Windows Sign-In: Sending 401 for request 'https://ext.domain.name/_api/web/lists/getbytitle('hr')/EffectiveBasePermissions' because the user is not authenticated and resource requires authentication.
Sending HTTP response 401 - text/plain:401 UNAUTHORIZED.
SPApplicationAuthenticationModule.IsBearerChallengeRequested: Return 'False'.

From what I know about authentication, this is pretty standard when auth headers aren't either being provided, or being consumed correctly.


Edit 2: I may be on to something with my specific case. We put haproxy in front of the ext.domain.name site so it could be accessed externally; looks like the on-prem gateway is using the wrong DNS and is seeing the external (proxied) version instead of accessing the internal version directly. Still getting an access error, but it's "You do not have permission to access this resource" instead of "401 UNAUTHORIZED". I think I needed to rubber-duck with Reddit...


Edit 3: Still getting You do not have access... even when running as farm admin. I've got to be doing something wrong...

1 REPLY 1
Community Support Team
Community Support Team

Re: 401 Unauthorized when connecting to Sharepoint via On-Prem Gateway

Hi @paraxion,

 

In addition to connect to SharePoint directly from Microsoft Flow SharePoint connector, please take a try to build a custom connector for SharePoint, see if this would make any difference:

Which you can specify the authentication type when building the custom connector:

Register and use custom connectors in Microsoft Flow

 

Further, please check the contact support under the following page:

https://ms.flow.microsoft.com/en-us/support/

As the issue here should be more specific.

Regards,

Michael

 

Community Support Team _ Michael Shao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
firstImage

Microsoft Business Applications Virtual Launch Event

Watch the event on demand for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

firstImage

Watch Sessions On Demand!

Continue your learning in our online communities.

Power Platform 2019 Release Wave 2 Plan

Power Platform 2019 Release Wave 2 Plan

Features releasing from October 2019 through March 2020.

thirdimage

Flow Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

fifthimage

Microsoft Learn

Learn how to build the business apps that you need.

sixthImage

Power Platform World Tour

Find out where you can attend!

seventhimage

Webinars & Video Gallery

Watch & learn from the Flow Community Video Gallery!

Users Online
Currently online: 186 members 4,079 guests
Please welcome our newest community members: