If you could just fix SharePoint... That would be great.

Fixing “-2147024891, System.UnauthorizedAccessException” when accessing SharePoint SOAP Web Services

This post was most recently updated on March 4th, 2019.

Reading Time: 3 minutes.

This post is about delving into some legacy stuff – Microsoft has still kept SOAP-based SharePoint Web Services included in the product, since a lot of functionality has been built on top of them. We encountered an issue where you suddenly started getting exceptions for Unauthorized Access (-2147024891, System.UnauthorizedAccessException), no matter if you had access to the list or not.

Error description

We started getting this error, when requesting list items using SharePoint SOAP Web Services (namely, Lists.asmx):

<m:code>-2147024891, System.UnauthorizedAccessException</m:code>
<m:message xml:lang="en-US">
Access denied. You do not have permission to perform this action or access this resource.
</m:message>

This error gets thrown at you even if your user account has Global Admin permissions.

“Wait! SOAP is still around in SharePoint?”

Haha, yes, yes it is. SharePoint Web Services is built on SOAP.

While you probably shouldn’t build anything new using these services, there’s bound to be a lot of legacy stuff that uses them.

Microsoft puts it this way:

Two API sets are still supported in the SharePoint framework for backward compatibility, but we recommend that you not use them for new projects: the ASP.NET (asmx) web services, and direct Remote Procedure Calls (RPC) calls to the owssvr.dll file.

Deprecated API sets

The asmx – SOAP – web services generally speaking should not be used anymore.

Marc D Anderson puts it this way (already in 2014):

I am not aware of any official specific time frames for the SOAP services going away, and the Product Group would need to give us a good, long lead time because lots of code depends on it, SPServices or not. Many people have built managed code-based solutions which use the SOAP Web Services as well. GetListItems is a workhorse operation no matter how you build your solutions.

SPServices: What About Deprecation of the SOAP Web Services?

Microsoft’s old stance on the matter is qwll described in the picture below – while Silverlight APIs, JavaScript APIs (namely JSOM) and in a lot of cases Server APIs as well are more or less already gone, the purple box (REST/OData Endpoints) is the API set replacing SOAP Web Services almost entirely.

SharePoint API sets and selected SharePoint extensions
SharePoint API sets and selected SharePoint extensions (picture source: https://docs.microsoft.com/en-us/sharepoint/dev/general-development/choose-the-right-api-set-in-sharepoint#DeprecatedAPIs)

As we can see today, the APIs were still there – and they started throwing errors my way!

Can’t deny it, though – my first thought was, that now it finally happened: Microsoft just shut down the service it deprecated already in 2013(?). But it actually only happened on one tenant, so I guess that wasn’t the case after all :)

But what was it, then?

Solution

Okay, this is basically magic. It’s a bit weird, but the resolution here is the same as in this case:

Surprising, but the underlying error is apparently the same. So enabling “Legacy Auth Protocols” fixes the issue for the SOAP Web Service authentication.

So, in short – the PowerShell commandlets below should help you out:

Connect-SPOService
Set-SPOTenant -LegacyAuthProtocolsEnabled $True

Then wait 24 hours and try again :)

Further reading

Antti K. Koskela

Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world.

He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff.

This is his personal professional (e.g. professional, but definitely personal) blog.

Leave a Reply

avatar
5000
  Subscribe  
Notify of