CODEWITHSUNDEEP
asp.net-coreazure-active-directorymicrosoft-graph-apiblazor-server-sidemicrosoft-identity-web
Babar Khalid
Babar Khalid

Reputation: 1

Unable to make Microsoft Graph API request in ASP.NET Core with Microsoft Identity for authentication

I am working on an ASP.NET Core application using Microsoft Identity for authentication. The application is configured with both cookie authentication and Microsoft Identity Web for Azure AD authentication. However, when I attempt to make a request to Microsoft Graph API using the following code:

var res = await GraphClient.Me.Events.Request().GetAsync();

I encounter the following exception:

Code: generalException Message: An error occurred sending the request.

Upon further investigation, the inner exception provides the following information:

IDW10503: Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Cookies' as the authentication scheme. Available authentication schemes are 'Cookies,AzureAd'. See https://aka.ms/id-web/authSchemes.

Here is the relevant part of my Startup.cs authentication configuration:

var authentication = services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
    options.LoginPath = "/LoginPage";
    options.ExpireTimeSpan = new TimeSpan(7, 0, 0, 0);
});

authentication
    .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), Microsoft.Identity.Web.Constants.AzureAd, null)
    .EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue("DownstreamApi:Scopes")?.Split(' '))
    .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
    .AddInMemoryTokenCaches();

It seems like there is an issue with the authentication scheme. I have both 'Cookies' and 'AzureAd' schemes configured. I would appreciate any insights or suggestions on how to resolve this issue and successfully make requests to Microsoft Graph API.

What I've Tried:

Ensured that both 'Cookies' and 'AzureAd' authentication schemes are properly configured in the Startup.cs file.

Checked and confirmed that the GraphClient is properly initialized and authenticated with the required scopes.

Reviewed the Microsoft Identity for Web documentation and related issues on GitHub to see if there are any known solutions or workarounds.

Verified that the 'DownstreamApi: Scopes' configuration in Startup.cs matches the required scopes for Microsoft Graph API.

Expected Outcome:

I expect that the authentication process should successfully determine the cloud instance and allow me to make requests to Microsoft Graph API without encountering the 'IDW10503' error.

Upvotes: 0

Views: 503

Answers (1)

Tiny Wang
Tiny Wang

Reputation: 15971

Try this code pls:

[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
public async Task<IActionResult> PrivacyAsync()
{
    var me = await _graphServiceClient.Me.Request()
        .WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme).GetAsync();
    return View();
}

It worked in my side.

enter image description here

In my program.cs, I defined the 2 authentication schemes like below. Just like you see, I defined the openIdConnectScheme as OpenIdConnectDefaults.AuthenticationScheme so that I also need to clearify it in my graph client.

builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(x => x.LoginPath = "/account/login");
    
    builder.Services.AddAuthentication()
        .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"), OpenIdConnectDefaults.AuthenticationScheme, "ADCookies")
        .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "user.read" })
        .AddMicrosoftGraph(builder.Configuration.GetSection("DownstreamApi"))
        .AddInMemoryTokenCaches();   
    // Add services to the container.
    builder.Services.AddControllersWithViews().AddMicrosoftIdentityUI();

Upvotes: 0

Related Questions