I can create an upload session, but I cannot delete it immediately afterwards. I receive a 403 Forbidden error.
Transfer-Encoding: chunked
X-SharePointHealthScore: 0
X-Forms_Based_Auth_Required: https://REDACTED.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fv2.0%2fdrives%2fREDACTED%2fuploadSession%3fguid%3d%27REDACTED%27%26path%3d%27%7etmpE6_test.txt%27%26overwrite%3dFalse%26rename%3dTrue
X-Forms_Based_Auth_Return_Url: https://REDACTED.sharepoint.com/_layouts/15/error.aspx
X-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.
ODATA-VERSION: 4.0
X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/REDACTED/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"
SPRequestGuid: REDACTED
request-id: REDACTED
Strict-Transport-Security: max-age=31536000
X-FRAME-OPTIONS: SAMEORIGIN
MicrosoftSharePointTeamServices: 16.0.0.6712
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
X-MSEdge-Ref: Ref A: REDACTED Ref B: REDACTED Ref C: 2017-07-20T14:31:00Z
Cache-Control: private, max-age=0
Content-Type: application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8
Date: Thu, 20 Jul 2017 14:31:00 GMT
Expires: Wed, 05 Jul 2017 14:31:00 GMT
Last-Modified: Thu, 20 Jul 2017 14:31:00 GMT
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Here is the stripped down version of the code that gets the same result.
using System;
using System.Net;
using System.Web.Script.Serialization;
namespace OneDriveUploadSession
{
class Program
{
static void Main(string[] args)
{
JavaScriptSerializer jss = new JavaScriptSerializer();
string strTokenURL = "https://login.microsoftonline.com/REDACTED.onmicrosoft.com/oauth2/v2.0/token";
string strAppSecret = "client_id=REDACTED&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=REDACTED&grant_type=client_credentials";
string strUserName = "REDACTED";
//Get Access Token
WebClient wcAccessToken = new WebClient();
wcAccessToken.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
string strJSONAccessToken = wcAccessToken.UploadString(strTokenURL, strAppSecret);
dynamic dynJSONAccessToken = jss.DeserializeObject(strJSONAccessToken);
string strAccessToken = dynJSONAccessToken["access_token"].Replace(Environment.NewLine, "");
//Get Drive ID for specified user
WebClient wcDriveID = new WebClient();
wcDriveID.Headers.Add("Authorization", "Bearer " + strAccessToken);
string strDriveJSON = wcDriveID.DownloadString("https://graph.microsoft.com/v1.0/users/" + strUserName + "/drives");
dynamic dynDriveJSON = jss.DeserializeObject(strDriveJSON);
string strDriveID = dynDriveJSON["value"][0]["id"];
//Create Upload Session
WebClient wcCreateUploadSession = new WebClient();
string strCreateUploadSessionURL = "https://graph.microsoft.com/v1.0/drives/" + strDriveID + "/root:/test.txt:/createUploadSession";
wcCreateUploadSession.Headers.Add("Authorization", "Bearer " + strAccessToken);
wcCreateUploadSession.Headers.Add("Content-Type", "application/json");
string strJSONCreateUploadSession = wcCreateUploadSession.UploadString(strCreateUploadSessionURL, "POST", "{\"item\": {\"@microsoft.graph.conflictBehavior\": \"rename\"}}");
dynamic dynJSONCreateUploadSession = jss.DeserializeObject(strJSONCreateUploadSession);
string strUploadSessionURL = dynJSONCreateUploadSession["uploadUrl"];
//Delete Upload Session
WebRequest wrDeleteUploadSession = WebRequest.Create(strUploadSessionURL);
wrDeleteUploadSession.Method = "DELETE";
wrDeleteUploadSession.GetRequestStream();
wrDeleteUploadSession.GetResponse();
}
}
}
Based on your code, you're using the client credentials flow (aka app-only). Resumable uploads are not supported in this scenario. From the documentation:
At this time, resumable uploads are only supported using delegated permission.