AxleWack
AxleWack

Reputation: 1911

PowerBI AADSTS90002: Tenant authorize not found

Reference: Power BI Sample Solution

I have moved the necessary code from the sample solution to my solution and its giving me the following error when authenticating:

AADSTS90002: Tenant authorize not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator.

I am authenticating with these 2 lines:

 var authenticationContext = new AuthenticationContext(AuthorityUrl);
 var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ApplicationId, credential);

The error is occurring on the last line. Below are values in my web.config:

<add key="authorityUrl" value="https://login.windows.net/common/oauth2/authorize/" />
<add key="resourceUrl" value="https://analysis.windows.net/powerbi/api" />

Again, this works 100% in the sample app but not when I move to my app. Any ideas why ?

Thanks in advance for any help.

Upvotes: 10

Views: 8803

Answers (5)

HariHaran
HariHaran

Reputation: 4199

The fix is quite simple but it's hard to find it from Microsoft Docs as they are very vast. So I'm sharing what worked for us.

Note that we are using AuthenticationContext combined with ClientCredential to get the token.

The AuthorityUrl for 3.x versions is - https://login.windows.net/{yourOrg}/oauth2/token

After upgrading to 4.x or later it should be changed to - https://login.microsoftonline.com/{yourOrg}

Incase if you are wondering the full code is just 2 lines

var authenticationContext = new AuthenticationContext(AppSettings.AuthorityUri);
var token = authenticationContext.AcquireTokenAsync(AppSettings.ResourceUri, new ClientCredential(AppSettings.ClientId, AppSettings.ClientSecret)).GetAwaiter().GetResult();

Upvotes: 0

Jayendran
Jayendran

Reputation: 10960

Yes all the answer are correct, I just want to put some lights on the things like why it's working in low version and not in new version

As per the official doc this is a better authority validation update from microsoft

ADAL.NET 4.x is also less forgiving than ADAL 3.x when setting the authority in the constructor of AuthenticationContext. Valid authorities should be, in the case of Azure AD v1.0:

Upvotes: 4

Amir Chatrbahr
Amir Chatrbahr

Reputation: 2370

In my case instead of downgrading Microsoft.IdentityModel.Clients.ActiveDirectory, I changed the authentication endpoint from https://login.windows.net/{My tenant}/oauth2/tokento https://login.microsoftonline.com/{My tenant} which resolved the issue.

Upvotes: 20

Kaushal Khamar
Kaushal Khamar

Reputation: 2123

Resolved by reverting the assembly "Microsoft.IdentityModel.Clients.ActiveDirectory" to Version=3.13.9.1126.

Using latest version of this assembly raised this issue. Version = 4.4.0.0

Upvotes: 2

AxleWack
AxleWack

Reputation: 1911

So after some research I found that it was to do with the version of the following nuget packages:

Microsoft.IdentityModel.Clients.ActiveDirectory
Microsoft.PowerBI.Api

The following versions needed to be used:

Microsoft.IdentityModel.Clients.ActiveDirectory v3.13.9
Microsoft.PowerBI.Api V2.0.12

It seems it has something to do with the endpoints that are used. If you downgrade to the above versions(which are the same versions used in the sample tool provided), then it works.

The latest versions use something like this : https://login.microsoftonline.com/common/ where the versions provided in the same uses : https://login.windows.net/common/oauth2/authorize/

Once I "downgraded" my versions, it authenticated!

Hope this helps someone else.

Upvotes: 19

Related Questions