Recently I’ve been trying to enable Forms-Based Authentication (FBA) in an instance of SharePoint which also has some Apps (SharePoint Add-Ins) installed. The issue was that the calls issued from these apps – which use OAuth2 to authenticate their CSOM calls – were failing with “Access Denied”, even if the same App worked ok when Windows authentication is used.
I found some errors in the ULS log file which pointed me to:
Based on these observations, all I needed to do to make the FBA work with Apps can be summarized in the following two steps:
I am not sure if this is a known issue or some limitation which can be overcome by configuration – and comments are welcome.