CODEWITHSUNDEEP
asp.netauthenticationgraphazure-active-directorymicrosoft-graph-api
bschne11
bschne11

Reputation: 43

Using GraphServiceClient to retrieve group info of Azure Ad members

i want to retrieve all members of a Azure Ad group within my backend application. I followed the steps here and here and here is my code: enter image description here

But I always get this error when using the method: Microsoft.Graph.ServiceException: Code: generalException Message: An error occurred sending the request.

---> Microsoft.Graph.Auth.AuthenticationException: Code: authenticationChallengeRequired Message: Authentication challange is required.

Can someone help me with that? I didn't find this specific error.

Upvotes: 2

Views: 2244

Answers (2)

alphaz18
alphaz18

Reputation: 2766

did you register an app registration in azure ad, create a secret, set the proper api permissions? there are even quickstarts in the app registration portal that helps you configure the code and give you a pre set up project that you can experiment with.

Also your code seems to be missing scopes, you need to request the appropriate scopes for graph api token to access groups.

I think the documentation here is better: https://github.com/microsoftgraph/msgraph-sdk-dotnet-auth

and if you check the unit tests here for authorization code flow: https://github.com/microsoftgraph/msgraph-sdk-dotnet-auth/blob/dev/tests/Microsoft.Graph.Auth.Test/ConfidentialClient/AuthorizationCodeProviderTests.cs

gives you a good example of how to make it work.

Upvotes: 1

unknown
unknown

Reputation: 7483

Obviously these parameters(clientId/tenantId/clientSecret/groupId) need to be replaced with specific strings.

You could find clientId and tenantId via App registrations-> Overview:

enter image description here

clientSecret via App registrations-> Certificates & secrets:

enter image description here

groupId via Azure Active Directory -> Groups:

enter image description here

You could also store the specific strings in a profile and read the strings in the file. And the sample will help you to understand it.

AccountController.cs :

IConfidentialClientApplication daemonClient;
                daemonClient = ConfidentialClientApplicationBuilder.Create(Startup.clientId)
                    .WithAuthority(string.Format(AuthorityFormat, tenantId))
                    .WithRedirectUri(Startup.redirectUri)
                    .WithClientSecret(Startup.clientSecret)
                    .Build();

Web.config :

  <add key="ida:ClientId" value="[Enter your client ID]" />
  <add key="ida:ClientSecret" value="[Enter your client secret]" />

Startup.Auth.cs :

public static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
public static string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
public static string redirectUri = "https://localhost:44316/";

Upvotes: 3

Related Questions