CODEWITHSUNDEEP
c#azure-active-directorymicrosoft-graph-api
aBlaze
aBlaze

Reputation: 2716

Request_ResourceNotFound calling /v1.0/me

The following GET request works, which shows that my AccessToken is valid and that my application has correct permissions to access user information using the Microsoft Graph API:

GET https://graph.microsoft.com/v1.0/users/
Authorization: Bearer <my_access_token>

However, the following GET request does not work and returns the error message:

GET https://graph.microsoft.com/v1.0/me/
Authorization: Bearer <my_access_token>

{
    "error": {
        "code": "Request_ResourceNotFound",
        "message": "Resource '<my_resource_id>' does not exist or one of its queried reference-property objects are not present.",
        "innerError": {
            "request-id": "<my_request_id>",
            "date": "2018-01-26T06:24:27"
        }
    }
}

I am certain that the resource (an "Enterprise Application" object created in my Azure Active Directory B2C instance) does exist because I can find it in portal.azure.com and because the first GET request used that same resource and returned successfully.

My question is: Why can't I access "me" but I can access a list of users?

Both of the GET requests above are run after I have successfully authenticated into my ASP.NET version 4.71 MVC. Could it be an issue with the way I am saving the authenticated user's information in a cookie? Here is the code for this:

public partial class Startup
{
    private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
    private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
    private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
    private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
    private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

    public static readonly string Authority = aadInstance + tenantId;

    // This is the resource ID of the AAD Graph API.  We'll need this to request a token to call the Graph API.
    string graphResourceId = "https://graph.windows.net";

    public void ConfigureAuth(IAppBuilder app)
    {
        ApplicationDbContext db = new ApplicationDbContext();

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = Authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                   AuthorizationCodeReceived = (context) => 
                   {
                       var code = context.Code;
                       ClientCredential credential = new ClientCredential(clientId, appKey);
                       string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                       AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
                       AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
                       code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);

                       string token = result.AccessToken;

                       return Task.FromResult(0);
                   }
                }
            });
    }
}

What have I done incorrectly? Thank you!

Upvotes: 4

Views: 5450

Answers (1)

juunas
juunas

Reputation: 58733

Your resource URI is wrong.

// This is the resource ID of the AAD Graph API.  We'll need this to request a token to call the Graph API.
string graphResourceId = "https://graph.windows.net";

should be:

string graphResourceId = "https://graph.microsoft.com";

As the comment says, that is for AAD Graph API, which is not Microsoft Graph API.

Make sure you also grant permissions to Microsoft Graph API in your app registration.

Upvotes: 5

Related Questions