I get the following error when I try to retrieve AccessToken.
/MicrosoftGraph/Authorise?error=access_denied&error_description=AADSTS65005%3a+The+client+application+has+requested+access+to+resource+%27https%3a%2f%2fgraph.microsoft.com%2f%27.+This+request+has+failed+because+the+client+has+not+specified+this+resource+in+its+requiredResourceAccess+list.%0d%0aTrace+ID%3a+7cd46ad3-d294-41ad-98ec-6ef06db7a0db%0d%0aCorrelation+ID%3a+4e2a6d3b-b3dd-4a98-b36d-550d8f8c3382%0d%0aTimestamp%3a+2016-01-27+10%3a40%3a12Z
Which is... graph.microsoft.com This request has failed because the client has not specified this resource in its requiredResourceAccess list
It is a multitenant application in Azure Active Directory. I am able to login successfully with one of my email Ids but not with another one.
Where am I going wrong? What am I missing?
Code Snippet:
public ActionResult Login() {
....
Uri authUri = authContext.GetAuthorizationRequestURL(
MicrosoftGraphSettings.O365UnifiedAPIResource,
MicrosoftGraphSettings.ClientId,
loginRedirectUri,
UserIdentifier.AnyUser,
null);
string authUriAsString = authUri.ToString();
return Redirect(authUriAsString);
}
public async Task<ActionResult> Authorise()
{
Uri loginRedirectUri = new Uri(Url.Action("Authorise", "MicrosoftGraph", null, Request.Url.Scheme));
var authContext = new AuthenticationContext(MicrosoftGraphSettings.AzureADAuthority);
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
Request.Params["code"],
loginRedirectUri,
new ClientCredential(MicrosoftGraphSettings.ClientId, MicrosoftGraphSettings.ClientSecret),
MicrosoftGraphSettings.O365UnifiedAPIResource);
}
I have tried the following
public static string O365UnifiedAPIResource = @"https://graph.microsoft.com/";
//public static string O365UnifiedAPIResource = @"https://graph.windows.net/";
Using the second one, the authentication succeeds but whenever I use my existing code to access list of files in OneDrive for business account or create a text file, it throws an Unauthorized exception while making an API call.
That error message indicates that your application doesn't have delegated permissions for the "Microsoft Graph" (https://graph.microsoft.com/) resource.
Please use the Azure Management Portal (https://manage.windowsazure.com) to configure delegated permissions for that resource. Find the app -> Configure -> "permissions to other applications" -> "Add application" -> select "Microsoft Graph".
Since you're able to get a token for "https://graph.windows.net/" your application already has permissions configured for the "Windows Azure Active Directory" resource, but that is a different resource than "Microsoft Graph".