Authorization error trying to connect to Azure Web App

Question

I have a Web App running in Azure. The Web App is configured to use Azure AD from the Authentication/Authorization blade inside the Portal. I've created a new guest user in the Azure AD and connected to the Web App without issue (and also gave consent to access profile information).

I'm trying to get access to the Web App now using a console app with the following bit of code; where clientId and clientSecret are obtained from the App Registration blade in the Azure AD.

var client = new HttpClient();
var loginuri = $"https://login.microsoftonline.com/{tenantId}/oauth2/token?api-version=1.0";
var content = new FormUrlEncodedContent(new Dictionary<string, string>
{
    ["grant_type"] = "password",
    ["resource"] = clientId,
    ["client_id"] = clientId,
    ["client_secret"] = clientSecret,
    ["username"] = username,
    ["password"] = password,
});

var tokenResponse = client.PostAsync(loginuri, content).Result;
var tokenJson = tokenResponse.Content.ReadAsStringAsync().Result;
var token = JsonConvert.DeserializeObject<AzureTokenResponse>(tokenJson);

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token.token_type, token.access_token);
var imgResponse = client.GetAsync("https://<hidden>.azurewebsites.net/images/banner3.svg").Result;

public class AzureTokenResponse
{
    public string token_type { get; set; }
    public string expires_in { get; set; }
    public string access_token { get; set; }
}

From the first response I get a Bearer token back, where token.token_type="Bearer" and token.access_token=eA1.... Although in my 2nd request all I get back is a status 401 (unauthorized) back.

Answer 1

You need to delete api-version=1.0 when get the token.