#StackBounty: #spfx #azure #azure-ad Access denied when posting to Azure Web API from SPFX

Bounty: 50

I’ve been following the doc here that uses an iframe to handle authentication issues. This works fine for GET operations, but I’m getting a 403.6 error when POSTing.

The code is running in the sharepoint workbench https://someserver.sharepoint.com/_layouts/15/workbench.aspx

The code in the SPFX part is calling a Web API that been deployed to Azure, which is secured with Azure AD. Prior to it being in Azure, it worked fine when running from my local machine. The service is at: https://someazuresite.azurewebsites.net/api/test

      ,headers: {
        'Content-Type': 'application/x-www-form-urlencoded'
      body: JSON.stringify(formPayload)
    }).then((response: HttpClientResponse): Promise<string> => {
        return response.json();
    }).then((result:string):void =>{
      console.log("post completed: " + result);

The browser (chrome) console shows “403 Forbidden”

The Azure log shows “This generic 403 error means that the authenticated user is not authorized to use the requested resource”, and “HTTP Error 403.60 – Forbidden”, “You do not have permission to view this directory or page”

I checked the request headers, and I see the authentication cookies.

Any thoughts on why the GET works, but my POST fails?

Edit: I assume my headers are wrong, though sending “application/json;odata=verbose” causes an options request to be sent, which doesn’t have the authentication headers, causing a redirect, which then doesn’t work.

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.