microsoft-graph-apiazure-ad-graph-apimicrosoft-graph-mail
Error Message: "Authorization_RequestDenied","Insufficient privileges to complete the operation
I am creating a console c# app and using below code to access my email object. This is my first application. I am able to generate Token but after that I am getting insufficient permission error.
{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"aa24be4b-9d63-4460-83ef-9095d21fb483","date":"2019-06-16T10:07:06"}}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Globalization;
using System.Net.Http;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.Threading.Tasks;
namespace ConsoleTestApp
{
class Program
{
private const string _clientId = "hiddenforprivacy";
public const string _aadInstance = "https://login.microsoftonline.com/{0}";
public const string _tenantId = "hiddenforprivacy";
public const string _resource = "https://graph.windows.net";
public const string _appKey = "hiddenforprivacy";
static string authority = string.Format(CultureInfo.InvariantCulture, _aadInstance, _tenantId);
private static HttpClient _httpClient = new HttpClient();
private static AuthenticationContext _context = null;
private static ClientCredential _credential = null;
static void Main(string[] args)
{
_context = new AuthenticationContext(authority);
_credential = new ClientCredential(_clientId, _appKey);
Task<string> _token = GetToken();
_token.Wait();
Console.WriteLine(_token.Result);
Task<string> _users = GetUsers(_token.Result);
_users.Wait();
Console.WriteLine(_users.Result);
Console.ReadLine();
}
private static async Task<string> GetUsers(string result)
{
string _users1 = null;
string _queryString = "api-version=1.6";
var _uri = "https://graph.windows.net/TENANT-ID/users?" + _queryString;
_httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result);
var _getResult = await _httpClient.GetAsync(_uri);
if (_getResult != null)
{
_users1 = await _getResult.Content.ReadAsStringAsync();
}
return _users1;
}
private static async Task<string> GetToken()
{
AuthenticationResult _result = null;
string _token2 = null;
_result = await _context.AcquireTokenAsync(_resource, _credential);
_token2 = _result.AccessToken;
return _token2;
}
}
}
Solution
You are using client credentials flow, so you need to grant application type permission. It seems that you granted delegated permissions, you need to grant application permissions.
By the way, we strongly recommend that you use Microsoft Graph instead of Azure AD Graph API to access Azure Active Directory resources.
- How to find owners of applications
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- MS Graph messages are stuck in draft after sending them in under 0.2% of all deliveries
- Microsoft Graph API Error: 'Request payload cannot be null' when Creating Online Meeting"
- Microsoft Dynamics Business Central Integration
- Trouble obtaining access token for managed identity with application role
- Display Image stored in a sharepoint Site, on a pdf that i want to export
- Connect C# ASP.NET Core web app to Microsoft Graph calendar
- How to retrieve day-wise working hours set in Outlook using Microsoft Graph API or PowerShell cmdlet?
- How to empty the "Deleted Items" folder, including non-mail items, using Microsoft Graph API?
- Microsoft Graph API: 'ItemNotFound' Error When Accessing Excel File in OneDrive with Python in personal account
- How to list shared folders?
- Microsoft Graph API - error on getting shares
- Missing methods for working with app folder
- Unable to Retrieve Hidden MailFolders (isHidden = true) with Microsoft Graph API
- Display all the user's files using Microsoft Graph API not working
- How to Accurately Retrieve Deleted Items Folder Size and Count via Microsoft Graph API?
- OneDrive GRAPH API - 400 when copying file inside OneDrive
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- How to use OdataNextLink in Microsoft Graph API Beta 5
- MSgraph Java SDK, retrieve well-know folder
- How to send email from any one email using Microsoft Graph
- How to read S/MIME mails and their attachements
- How to call Microsoft Graph API from ASP.NET Core Web API that is called by SPA
- Authenticating to Microsoft 365 SMTP servers via OAuth2 only works for users without MFA
- HTTP request to update Service Principal Entra
- MSGraph Query Not returning group info
- How to move a Mail with the Microsoft Graph API after sending it
- How can my registered app get Microsoft Graph access for SharePoint file of a different organization?
- Could not obtain a WAC Access Token while trying to access excel file on SharePoint