403 Forbidden Error while calling GetWebPartPage SharePoint Online


I had this code, https://realmpksharepoint.wordpress.com/2014/04/07/get-webpart-page-of-a-sharepoint-site-using-web-services-c/ which I was using to download the html content of a SharePoint page along with all the web parts. The importance of this method is that it eliminates the external file references, so in the response, you will get the schema of all the web parts of that page only.


The code was working fine until recently, when it suddenly stopped working and I started to receive the error, 403 Forbidden.

Read More »

Download Large Files from SharePoint Online

In my previous post, I had explained how to upload large files up to 10 GB to SharePoint Online. This is as per the new revised upload limit. The upload operation, as we know, is actually incomplete without download. I mistakenly, assumed that the previous code for file download will work for the latest larger files as well. But, just like I had to rewrite the upload code to accommodate this new limit, file download also needed a complete makeover. I initially tried the following ways with no success.

Read More »

Upload Large Files to SharePoint Online

Microsoft has now increased the SharePoint per file upload size limit to 10 GB. Here’s a full list of SharePoint Online limitations. Now, this has thrown up a number of new challenges for this upload to be carried out through code.

  • Cannot keep such a large file in a single .NET object.
  • It’s very difficult to upload a file of this magnitude in a single HTTP request. If ever, the connection fails, the entire upload would have to be restarted! For a large file, this could easily turn into a nightmare for us.

Read More »

Create a read-only user in Office365

This is the first of the 2 series blog. In this, I’ll explain how to do create a read-only Office365 User, directly from the client PowerShell. And then there’s a complete code snippet to achieve the same from a C# Console App in the 2nd part of this blog[Coming soon]. Before delving deep, I would like to highlight the fact, that you’ll NOT be charged for this User a/c by Microsoft. We’ll be barely creating a User, not assigning any license to it.

The entire process can be broadly classified into 4 major steps:

  1. Authenticate using existing administrator’s userID & password
  2. Create a new User with a randomly generated password
  3. Assign the role, “Service Support Administrator
  4. Assign the RoleGroupMember, “View-Only Organization Management” [Exchange]



SharePoint Online Management Shell with all its dependencies.

Authenticate using existing administrator’s userID & password

Open Windows PowerShell and enter the cmdlet,


A dialogue will pop-up seeking the userId & password.

Provide an administrators credential here. Note, you’ll not be notified for wrong userID or password. In the event of providing wrong credential, the following cmdlets will refuse to run. So, make sure, that the credential is correct.

Create a new User with a randomly generated password

Once, the authentication is done, we’ll then create a new Office365 user. We’ll be providing basic user details, like FirstName, LastName, LoginID [or, UserPrincipal(compulsory)]. But, we’ll never set the password. The password will be returned back to us, once the user has been created. Another important thing to note here is the password policy we’re enforcing here. First, we’re setting, “ForceChangePassword” to false. This implies that when the User will login for the very first time, he/she will not be prompted to change it. Next, we’re setting “PasswordNeverExpires“, to true which, is pretty much self-explanatory.

New-MSolUser -DisplayName “PK” -UserPrincipalName “pk@company.onmicrosoft.com” -FirstName “Piyush” -LastName “Singh” -ForceChangePassword $false -PasswordNeverExpires $true

Once the User has been created, its basic details like, UserPrincipalName, newly created Password, etc, will be displayed in the Shell. One can also specify their preferred password also by adding, “-Password “Password123” at the end of the above cmdlet.

Note: There can be multiple Users with identical DisplayName but not UserPrincipalName. It has to be unique.

Assign the role, “Service Support Administrator”

This is simple. We’ll be assigning the “Service Support Administrator” role to this newly created User.

Add-MSOLRoleMember –RoleName “Service Support Administrator” –RoleMemberEmailAddress pk@company.onmicrosoft.com

Assign the RoleGroupMember, “View-Only Organization Management”

This role group is specific to Exchange. The objective is to assign only view permission to this user. To accomplish this, we’ll execute the cmdlet, “Add-RoleGroupMember“. One problem, this cmdlet is not a part of SharePoint Online Management Shell. So we cannot directly run it. We have to, first, establish a remote connection to the Exchange Server, and temporarily import it’s commands to the local PowerShell session. Only then, we can execute the cmdlet, “Add-RoleGroupMember“. Once the job’s done, we should also remove this session. To know more about this, plz visit the site, http://technet.microsoft.com/en-us/library/dd335083(v=exchg.150).aspx

Since, here, we’ll be executing a series of commands, I have put it all down in a script file. Here’s the content,

$Cred = Get-Credential
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection
Import-PSSession $s
$memberLoginName = Read-Host ‘LoginID’
Add-RoleGroupMember -identity ‘View-Only Organization Management’ -member $memberLoginName
Remove-PSSession $s

Say, we saved the file in D drive, with the name, addExchngViewRole.ps1. So to execute the same, just run from powershell, D:/addExchngViewRole.ps1. A dialog box will be prompted (same as above). Here again, you need to specify the admin’s credential. Once validated, it will import the Exchange commands.

Next, you’ll be asked to provide the PrincipalID or LoginName of the User who will be assigned to the RoleGroup, View-Only Organization Management [in this case, pk@company.onmicrosoft.com]. After that the user will be added to the given group and the current session will be removed from your machine, as per Microsoft’s guideline.

Note: ConnectionUri has been fixed to https://ps.outlook.com/powershell. This is valid for Exchange Online only. If you’re using on-premise, plz replace the url with this one, http:///PowerShell/.