I am building a Provider-Hosted SharePoint Add-in. Given a SharePoint Online tenant (account) where my add-in is installed, I want to get a list of their Site Collections
To get this done I am making a CSOM call that uses an add-in-only policy like so:
var tenantAdminUri =newUri("https://<tenant_name>-admin.sharepoint.com/");var realm =TokenHelper.GetRealmFromTargetUrl(tenantAdminUri);var token =TokenHelper.GetAppOnlyAccessToken(TokenHelper.SharePointPrincipal,
tenantAdminUri.Authority,
realm).AccessToken;using(var clientContext =TokenHelper.GetClientContextWithAccessToken(targetUrl, token)){var tenant =newTenant(clientContext);var siteProperties = tenant.GetSiteProperties(0,true);
clientContext.Load(siteProperties);
clientContext.ExecuteQuery();}
When I run this code an exception is thrown by the call to ExecuteQuery(). The error message is:
"Access denied. You do not have permission to perform this action or access this resource."
Which permission do I need to specify in my SharePoint Add-in's
AppManifest.xml file to be able to get this working?
.
PS - In the Add-in's AppManifest.xml I've set the permission to "Tenant, Read" like so:
<AppPermissionRequestsAllowAppOnlyPolicy="true"><AppPermissionRequestScope="http://sharepoint/content/tenant"Right="Read"/></AppPermissionRequests>
Now I'm getting an exception that says:
Current user is not a tenant admin.
Googling this sentence yields no results (!)