Reputation: 1911
Reference: Power BI Sample Solution
I have moved the necessary code from the sample solution to my solution and its giving me the following error when authenticating:
AADSTS90002: Tenant authorize not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator.
I am authenticating with these 2 lines:
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ApplicationId, credential);
The error is occurring on the last line. Below are values in my web.config:
<add key="authorityUrl" value="https://login.windows.net/common/oauth2/authorize/" />
<add key="resourceUrl" value="https://analysis.windows.net/powerbi/api" />
Again, this works 100% in the sample app but not when I move to my app. Any ideas why ?
Thanks in advance for any help.
Upvotes: 10
Views: 8803
Reputation: 4199
The fix is quite simple but it's hard to find it from Microsoft Docs as they are very vast. So I'm sharing what worked for us.
Note that we are using AuthenticationContext
combined with ClientCredential
to get the token.
The AuthorityUrl for 3.x
versions is - https://login.windows.net/{yourOrg}/oauth2/token
After upgrading to 4.x
or later it should be changed to - https://login.microsoftonline.com/{yourOrg}
Incase if you are wondering the full code is just 2 lines
var authenticationContext = new AuthenticationContext(AppSettings.AuthorityUri);
var token = authenticationContext.AcquireTokenAsync(AppSettings.ResourceUri, new ClientCredential(AppSettings.ClientId, AppSettings.ClientSecret)).GetAwaiter().GetResult();
Upvotes: 0
Reputation: 10960
Yes all the answer are correct, I just want to put some lights on the things like why it's working in low version and not in new version
As per the official doc this is a better authority validation update from microsoft
ADAL.NET 4.x is also less forgiving than ADAL 3.x when setting the authority in the constructor of AuthenticationContext. Valid authorities should be, in the case of Azure AD v1.0:
- https://login.microsoftonline.com/{Guid}, where the Guid is the tenant ID
- https://login.microsoftonline.com/domainName, where the domain name is a domain associated with your tenant
https://login.microsoftonline.com/common which, in the case of ADAL.NET means any Azure AD tenant (note that the meaning is
different in MSAL.NET)It cannot be https://login.microsoftonline.com/common/OAuth2/endpoint even if this for could have been wrongly accepted in ADAL 3.x
Upvotes: 4
Reputation: 2370
In my case instead of downgrading Microsoft.IdentityModel.Clients.ActiveDirectory
, I changed the authentication endpoint from https://login.windows.net/{My tenant}/oauth2/token
to https://login.microsoftonline.com/{My tenant}
which resolved the issue.
Upvotes: 20
Reputation: 2123
Resolved by reverting the assembly "Microsoft.IdentityModel.Clients.ActiveDirectory" to Version=3.13.9.1126.
Using latest version of this assembly raised this issue. Version = 4.4.0.0
Upvotes: 2
Reputation: 1911
So after some research I found that it was to do with the version of the following nuget packages:
Microsoft.IdentityModel.Clients.ActiveDirectory
Microsoft.PowerBI.Api
The following versions needed to be used:
Microsoft.IdentityModel.Clients.ActiveDirectory v3.13.9
Microsoft.PowerBI.Api V2.0.12
It seems it has something to do with the endpoints that are used. If you downgrade to the above versions(which are the same versions used in the sample tool provided), then it works.
The latest versions use something like this : https://login.microsoftonline.com/common/
where the versions provided in the same uses : https://login.windows.net/common/oauth2/authorize/
Once I "downgraded" my versions, it authenticated!
Hope this helps someone else.
Upvotes: 19