If you could just fix SharePoint... That would be great.

Fixing “-2147024891, System.UnauthorizedAccessException” when accessing SharePoint SOAP Web Services

This post was most recently updated on January 27th, 2019.

This post is about delving into some legacy stuff – Microsoft has still kept SOAP-based SharePoint Web Services included in the product, since a lot of functionality has been built on top of them. We encountered an issue where you suddenly started getting exceptions for Unauthorized Access (-2147024891, System.UnauthorizedAccessException), no matter if you had access to the list or not.

Error description

We started getting this error, when requesting list items using SharePoint SOAP Web Services (namely, Lists.asmx):

<m:code>-2147024891, System.UnauthorizedAccessException</m:code>
<m:message xml:lang="en-US">
Access denied. You do not have permission to perform this action or access this resource.

This error gets thrown at you even if your user account has Global Admin permissions.

“Wait! SOAP is still around in SharePoint?”

Haha, yes, yes it is. SharePoint Web Services is built on SOAP.

While you probably shouldn’t build anything new using these services, there’s bound to be a lot of legacy stuff that uses them.

Can’t deny it, though – my first thought was, that now it finally happened: Microsoft just shut down the service it deprecated already in 2013(?). But it actually only happened on one tenant, so I guess that wasn’t the case after all :)

But what was it, then?


Okay, this is basically magic. It’s a bit weird, but the resolution here is the same as in this case:

Surprising, but the underlying error is apparently the same. So enabling “Legacy Auth Protocols” fixes the issue for the SOAP Web Service authentication.

So, in short – the PowerShell commandlets below should help you out:

Set-SPOTenant -LegacyAuthProtocolsEnabled $True

Then wait 24 hours and try again :)

Further reading

  • https://sharepoint.stackexchange.com/questions/103365/office-365-sharepoint-online-2013-rest-with-soapui
  • https://stackoverflow.com/questions/7935279/sharepoint-webservices-getlists
The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

Leave a Reply

Notify of