Issues Accessing Microsoft Graph API Data

Question

Currently having issues integrating Microsoft Graph API, into my ASP.NET Core 2.2 Web Application(MVC). That uses "Work or Schools Accounts" : “Cloud – Single Organisation” using Two Factor Azure Sign-on Authentication.

Using Code Sample 1 code I'm attempting to GET the graph query: -

https://graph.microsoft.com/v1.0/me/

returning the surname from the response header

The issue that i'm experiencing at the moment is that i'm receiving an error at the line of code: -

var objMessages = objGraphClient.Me.Request().GetAsync().Result;

With the error message : "does not exist or one of its queried reference-property objects are not present".

// #############
// Code Sample 1
// #############

// Graph Api.
string strResource = "https://graph.microsoft.com";
string SecretId = "<Secret Id>";

// Azure Ad.
Uri strInstance = new Uri("https://login.microsoftonline.com/");
string strDomain = "<Domain>.onmicrosoft.com";
string strTenantId = "<Tenant Id>";
string strClientId = "<Client Id>";
string strCallbackPath = "/signin-oidc";

// The authority to ask for a token: your azure active directory.
string strAuthority = new Uri(strInstance, strTenantId).AbsoluteUri;
AuthenticationContext objAuthenticationContext = new AuthenticationContext(strAuthority);
ClientCredential objClientCredential = new ClientCredential(strClientId, SecretId);

// Acquire Token.
AuthenticationResult objAuthenticationResult = objAuthenticationContext.AcquireTokenAsync(strResource, objClientCredential).Result;

// Get bearer token.
GraphServiceClient objGraphClient = new GraphServiceClient(new DelegateAuthenticationProvider(
async request =>
    {
    // This is adding a bearer token to the httpclient used in the requests.
    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", objAuthenticationResult.AccessToken);
    }));

// The next line produces an error :: does not exist or one of its queried reference-property objects are not present.
var objResult = objGraphClient.Me.Request().GetAsync().Result;

Debug.WriteLine($"{objResult.Surname}");

If I change Code Sample 1 above to Code Sample 2 below passing in the tokenPlease() requested that’s obtained from Microsoft Graph Explorer after successful login, this works, returning the surname successfully, indicating that their is an issue possible in my Bearer token: -

// #############
// Code Sample 2
// #############

// Get bearer token.
GraphServiceClient objGraphClient = new GraphServiceClient(new DelegateAuthenticationProvider(
async request =>
    {
    // This is adding a bearer token to the httpclient used in the requests.
    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer","ERf54f2f...Etc");
    }));

// The next line now works.
var objResult = objGraphClient.Me.Request().GetAsync().Result;

Debug.WriteLine($"{objResult.Surname}");

Any help on this would be much appreciated!

Answer 1

You are using the ADAL library which uses the old Azure AD V1 authentication endpoint. You should be using the MSAL Library which uses the Azure AD V2 authentication endpoint.

I would suggest making your life easy and go grab the Microsoft.Graph.Auth Nuget package and then use this code instead of having to create your own DelegateAuthenticationProvider

IConfidentialClientApplication clientApplication = AuthorizationCodeProvider.CreateClientApplication(clientId, redirectUri, clientCredential);
AuthorizationCodeProvider authenticationProvider = new AuthorizationCodeProvider(clientApplication, scopes);