CODEWITHSUNDEEP
.net-coreazure-active-directorymicrosoft-graph-api
Lenny D
Lenny D

Reputation: 2004

Azure AD Application Add User to Active Directory using Client Credentials

I am trying to add a user to an application Active Directory but with little success. I am using the GraphServiceClient with.Net Core

The documentation here says I need these permissions

Azure AD Graph Client Beta Docs

Application Directory.ReadWrite.All

But I cannot find where in the Azure Portal I can assign this permission.

enter image description here

The code is above, the GraphServiceClient is in beta at the moment and this is not part of the API yet, so I am calling the request manually.

Below is my code for authentication, I am using my applications client secret which is set against the application in the AD. I can read directory data fine.

public async Task AuthenticateRequestAsync(HttpRequestMessage request)
        {
            try
            {
                if (null == _configuration)
                {
                    throw new InvalidOperationException("Azure AD Configuration is not set");
                }

                var authContext = new AuthenticationContext(
                    $"{_configuration.Instance}/{_configuration.Domain}", false);

                var credentials = new ClientCredential(_configuration.ClientId, _configuration.ClientSecret);

                var authResult =
                    await authContext.AcquireTokenAsync("https://graph.microsoft.com/", credentials);

                request.Headers.Add("Authorization", "Bearer " + authResult.AccessToken);
            }
            catch (Exception ex)
            {
                _logger.Error("Authentication Provider, unable to get token", ex);
            }
        }

Update - After checking with Rohit's advice, you can see I have the permissions set. But notice they are all in blue with the ticks next to them! I have changed and saved, you can see the save button is disabled. I have clicked Grant Permissions. Is this relevant?

enter image description here

Upvotes: 1

Views: 90

Answers (1)

Rohit Saigal
Rohit Saigal

Reputation: 9664

But I cannot find where in the Azure Portal I can assign this permission.

In Azure portal navigate to Azure Active Directory > App Registrations > Your specific app > Settings > Required Permissions

enter image description here

Click on Add and Select Microsoft Graph

enter image description here

Now, in the Application Permissions section, check "Read and write directory data"

enter image description here

Once you're done, do "Grant Permissions" for Admin consent, as this permission needs it.

Upvotes: 1

Related Questions