CODEWITHSUNDEEP
azureasp.net-coreazure-active-directorymicrosoft-graph-api
Niranjan Godbole Hosmar
Niranjan Godbole Hosmar

Reputation: 135

Microsoft graph unable to get required data from .Net core application

Net core application and I am trying to do some operation based groups and users. Below code I have

public  async Task<GraphServiceClient> GetGraphApiClient()
        {

            var credentials = new ClientCredential(_authenticationConfig.ClientId, _authenticationConfig.ClientSecret);
            var authContext = new AuthenticationContext("https://login.microsoftonline.com/mytenantid");
            var token = await authContext.AcquireTokenAsync("https://graph.microsoft.com/", credentials);
            var accessToken = token.AccessToken;

            var graphServiceClient = new GraphServiceClient(
                new DelegateAuthenticationProvider((requestMessage) =>
                {
                    requestMessage
                .Headers
                .Authorization = new AuthenticationHeaderValue("bearer", accessToken);

                    return Task.CompletedTask;
                }));
          
            return graphServiceClient;
        }

I am trying to query as below

 GraphServiceClient graphClient = await _myRepository.GetGraphApiClient();
 var user = await graphClient.Me.Request().GetAsync();

This is throwing exception.

  "code": "Authorization_RequestDenied",
  "message": "Insufficient privileges to complete the operation.",

I have set required permission in my azure ad app also. I have attached screenshot. Also I have granted Admin consent also. Can someone help me what I am missing here? Any help would be greatly appreciated. Thank you

Azure ad app permissions

Upvotes: 0

Views: 466

Answers (1)

Shiva Keshav Varma
Shiva Keshav Varma

Reputation: 3595

As you are using Client Credential Flow you will be getting an App token and the Application will act as a daemon application. So you need to make sure that you use Application permission. Here /me doesn't mean anything if there is no user to authenticate right?. So you need to use the code as below to get a particular user details.

var user = await graphClient.Users["userid/UPN"].Request().GetAsync();

You can get all users UPN/userid using the below code.

var users = await graphClient.Users
    .Request()
    .GetAsync();

Upvotes: 1

Related Questions