SharePoint Provider Hosted App - Property Bag

Jul 9, 2014 at 7:04 AM
I've created a new SharePoint provider hosted app for Office 365. I deploy the app to my office 365 site and the web site to Azure and works fine. However when I try to set/get property bag key and value using the Office.AMS.Core extensions you have provided I get access denied.

So here is the Action on the Home Controller created by the template and I'm using the Office.AMS.Core project and extensions.

I set the permissions for app like this:

Web - Manage
Site Collection - Manage
Tenant - Manage

And it doesn't work!

If I set the permissions to Full-Control then it works!

However if an app asks for full-control cannot be published to Marketplace.

How can I set/get PropertyBag values to a app web or host web from a provider hosted app in Office 365 without full-control on app?

I don't think that an app must have full control to read/write property bag, because it's possible from a SharePoint Hosted App. I've done it from JavaScript without full-control so it means that should work also from a provider hosted app without full control.

Here is the code:
       [SharePointContextFilter]
        public ActionResult Index()
        {
            User spUser = null;

            var spContext = harePointContextProvider.Current.GetSharePointContext(HttpContext);
                       
            using (var clientContext = spContext.CreateUserClientContextForSPHost())
            {
                if (clientContext != null)
                {                                          
                    spUser = clientContext.Web.CurrentUser;

                    clientContext.Load(spUser, user => user.Title);

                    clientContext.ExecuteQuery();

                    ViewBag.UserName = spUser.Title;                   

               
                    Web appWeb = clientContext.Web;

                    clientContext.Load(appWeb);

                    clientContext.ExecuteQuery();

                    appWeb.SetPropertyBagValue("myKey", "myValue");      
                }
            }

            ViewBag.SPUrl = GetSPHostUrl(this.Request).ToString();

            return View();
        }
Coordinator
Jul 9, 2014 at 9:58 AM
Hi alexsm,
Issue what you are facing has nothing to actually do with the Core component, it's rather how the app model works in general. If you try to access the property bag of host web, as follows, you'll need FullControl permission to host web to make it work.
        using (var clientContext = spContext.CreateUserClientContextForSPAppWeb())
        {
            Web web = clientContext.Web;
            var props = web.AllProperties;
            web.Context.Load(props);
            web.Context.ExecuteQuery();

            props["test"] = "update";
            web.Update();
            web.Context.ExecuteQuery();
        }
If you however only work in the app web scope as in the below example, Manage permission is enough.
        using (var clientContext = spContext.CreateUserClientContextForSPAppWeb())
        {
            Web web = clientContext.Web;
            var props = web.AllProperties;
            web.Context.Load(props);
            web.Context.ExecuteQuery();

            props["test"] = "update";
            web.Update();
            web.Context.ExecuteQuery();
        }
I do understand that is not the answer you were looking for, but hopefully you are able to find alternative route for way to approach the needed capabilities than having write access to the property bag of the host web.
Sep 14, 2014 at 5:49 PM
Experiencing the same and it sort of blows. Same issue with the property bag of a list. Too bad we have to resort to SP hosted apps, or provisioning pages with JSOM code in the host web to make this work.
Coordinator
Sep 15, 2014 at 5:32 PM
Hi Wobba,
Difference between JSOM and provider hosted app in this case is the context. In JSOM we are running the code in the context of the user, so use permission are more valid. You can actually do that also with provider hosted apps, if needed just by changing how the client context is created.

This is however really good feedback and would suggest to use the User Voice for any suggestions - https://officespdev.uservoice.com/. This input is one of the primary channels to prioritize API work.

If there's any additional comments or discussions, feel free to use the PnP Yammer group, which is pretty active for these kind of discussions as well - http://aka.ms/OfficeDevPnPYammer.
Sep 17, 2014 at 8:04 AM
Thanks for answering Vesa :) The real issue here is why a user locally with contrib rights can modify the property bags, while the App contex with Write permissions deny the same action.

Using JSOM from an app web against the host web if you only have Write permissions also blocks changing the property bag - as expected.

So for an app which you want to distribute via the App store you are left with provisioning a page to the host web, then open that one in a dialog window from the app web in order to run as the current users permissions. An unneeded step in my opinion.

And I'm all over Yammer and user voice :) Might just pitch the idea to open up more permissions under Write.

Thanks,
Mikael Svenson
SharePoint Server MVP