stackoom
  简体   繁体   中英

Azure Graph API : Error 403 Forbidden with Azure AD B2C

 原文  2017-09-25 09:52:38       c#/ azure/ azure-ad-graph-api

Question

I have an Azure AD B2C. Since Azure Active Directory has been migrated to new portal, I have a problem to read and write tenant users data with the Azure Graph API. Before, I had an application which was created from the old portal and which doesn't work now.

So, I created a new application from the new portal, as following :

  • Open "Azure Active Directory" tab
  • Open "App registrations"
  • Click "New application registration"

  • "Properties" tab with :

  • "Reply URLs" tab with :

    • https:// graph.windows.net/winbizdev.onmicrosoft.com

  • "Required permissions" tab with :

    • Windows Azure Active Directory -> Check 3 elements which don't require admin

  • "Keys" tab with :

    • CLIENT_SECRET which never expires

Here is now my C# code to access user data from Azure Graph API :

      _authContext = new AuthenticationContext("https://login.microsoftonline.com/myTenant.onmicrosoft.com");
      _credential = new ClientCredential("<Application Client Guid>", "<Client secret which I created in "Keys" tab");
      var result = await _authContext.AcquireTokenAsync("https://graph.windows.net/", _credential);          
      var http = new HttpClient();
      var graphUrl = "https://graph.windows.net/myTenant.onmicrosoft.com/users/<My User Guid>?api-version=1.6";    
      var request = new HttpRequestMessage(new HttpMethod("GET"), graphUrl);
      request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);      
      var response = await http.SendAsync(request);
      return response;

And I always obtain a 403 error Forbidden. The version of the assembly "Microsoft.IdentityModel.Clients.ActiveDirectory" is 3.13.8.99.

So, what is wrong in my configuration? What I have to do to read and write user tenant users data again with Azure Graph API?

Thanks for your help!

Alex

1 answers

solution1
 2 ACCPTED  2017-09-26 02:18:39

You are acquiring acess token using client credential flow . That means you need add related Application Permissions in Required permissions blade .

All application permissions of azure ad graph api need admin consent . Please click Grant Permissions button(login with admin's account) after adding application permissions .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Graph with B2C AD Receiving 403 error when accessing Azure function app locked down by Azure AD B2C Azure AD B2C and Graph: cannot list users with memberOf Create user with Custom Attributes in Azure AD B2C with Graph API Access Azure AD B2C with MS Graph API using User-Assigned Managed Identity How to use graph api for social login in Azure AD B2C without using Microsoft page? Cant create user over Graph API in Azure AD B2C property not present Can't create custom attributes in Azure AD B2C with asp.net core Graph API Azure AD B2C custom policies, securing an API connector Configure Azure AD B2C as a AWS API Gateway Authorizer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM