Search code examples
azureazure-active-directorymicrosoft-graph-apiadalazure-ad-b2c

How to connect Azure ad on behalf of user with appid?

I need to create schema extension.

Following: Create schemaExtension - Microsoft Graph v1.0 | Microsoft Docs

enter image description here

Code is :

  var authenticationContext = new AuthenticationContext(authString, false);     
  ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
  AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(resourceId, clientCred);
  string token = authenticationResult.AccessToken;     
  var responseString = String.Empty;   

  using (var client = new HttpClient())
  {

    string requestUrl = "https://graph.microsoft.com/beta/schemaExtensions";        
    string postJson = "{\"id\":\"graphlearn_courses\",\"description\": \"Graph Learn training courses extensions\", \"targetTypes\":[\"Group\"], \"properties\": [{ \"name\": \"courseId\",\"type\": \"Integer\"},  {\"name\": \"courseName\",\"type\": \"String\"},  {\"name\": \"courseType\", \"type\": \"String\"}]}";

    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
    request.Content = new StringContent(postJson, Encoding.UTF8, "application/json");
    Debug.WriteLine(request.ToString());

    HttpResponseMessage response = client.SendAsync(request).Result;
    responseString = response.Content.ReadAsStringAsync().Result;
  }

Token :

"roles": [
"User.ReadWrite.All",
"Group.Read.All",
"Directory.ReadWrite.All",
"User.Read.All"
],

Not getting : Directory.AccessAsUser.All

User Credentials :

  UserPasswordCredential userCred = new UserPasswordCredential(userId, userPassword);
  var authenticationContext = new AuthenticationContext(authString, false);
  ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
  AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(resourceId, clientId, userCred);      
  string token = authenticationResult.AccessToken;

Error:

AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'

Any ideas on how to connect Azure ad on behalf of user with appid?

Solution

  • Found the solution here.

    You should change the "Application Type" to "NATIVE CLIENT APPLICATION" while creating the application in the Azure portal