Reputation: 1
Azure Active Directory: 'Forbidden' error while fetching groupclaims using Graph API
I'm using Azure Active Directory tenant along with Graph API to fetch groupclaims objectIDs. However, it's failing with Forbidden error at runtime.
I used the same code with another Azure Active Directory tenant (which created almost 4 months back), it's working perfectly. I have followed ditto to create new Azure Active Direct tenant and double checked configuration details in Azure management portal.
Even, I have created many times new Azure Active Directory tenant with the same steps but still getting a Forbidden error.
{
StatusCode: 403,
ReasonPhrase: 'Forbidden',
Version: 1.1,
Content: System.Net.Http.StreamContent,
Headers: {
ocp-aad-diagnostics-server-name: a***********Bc=
request-id: 9*******1
client-request-id: 4b**************b9
x-ms-dirapi-data-contract-version: 1.5
x-ms-gateway-rewrite: false
ocp-aad-session-key: GXB**********************5bi0
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Duration: 1168232
Cache-Control: private
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Fri, 08 Jan 2016 23:29:43 GMT
Content-Length: 139
Content-Type: application/json; odata=minimalmetadata; streaming=true; charset=utf-8
}
}
In general, Forbidden error is due to lack of permissions on the server, but another active directory tenant is working perfectly (which is also created by me 4 months back). There isn’t any configuration change between the working AAD Tenant and newly created one.
- Is there any recent changes in AAD creation?
- I’m using Microsoft Active Directory, do we need any configuration update from MSIT team on server side?
followed the steps: https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims
Could someone help me to fix this issue.
Thanks,
Pradeep
Upvotes: 0
Views: 573
Answers (2)
Reputation: 1
MSIT team owns server side configuration setting. Contacting them has been fixed the issue.
Upvotes: 0
Reputation: 306
Make sure groupclaims that you try to access is in azure subscription you have access, also try creating new groupclaim and try to fetch using GraphAPi
Upvotes: 1
Related Questions
- Use Azure Active Directory SSO without manually adding users in Active Directory
- Azure Graph API : Error 403 Forbidden with Azure AD B2C
- Retrieving the users from Azure tenant using Graph API getObjectsByObjectIds method
- Asp.net Identity using password and Azure Active Directory authentication
- Microsoft Graph API: 403 Forbidden error when trying to retrieve policies on tenant
- Authorization_RequestDenied when trying to get groups from Azure Active Directory using Graph API