Search code examples
c#powerbi.net-6.0azure-service-principal

Power BI Embedded - .net 6

We are in the process of upgrading our web application to .net 6 and Power BI embedded is an issue. We had this previously working with a master username / password but this is no longer supported.

I've followed the steps outlined here to create app registration and service principal. https://learn.microsoft.com/en-us/power-bi/developer/embedded/embed-customer-app

As well as created something similar to this source code: https://github.com/microsoft/PowerBI-Developer-Samples/tree/master/.NET%20Core/Embed%20for%20your%20customers

I am able to authenticate and receive an access token but when I use the power bi client to get groups or reports it always returns 0 records. I am not receiving any errors. Am I missing a setting in Power BI? The security group we created has access to the workspaces.

Code to authenticate - Working without error

 AuthenticationResult authenticationResult = null;

        // Create a confidential client to authorize the app with the AAD app
        IConfidentialClientApplication clientApp = ConfidentialClientApplicationBuilder
            .Create(clientId)
            .WithClientSecret(clientSecret)
            .WithAuthority(authorityUrl)
            .Build();
        // Make a client call if Access token is not available in cache
        authenticationResult = clientApp.AcquireTokenForClient(scopeBase).ExecuteAsync().Result;

        return authenticationResult;

Getting Access Token and creating power bi client

var authenticationResult = GetAuthenticationResult(clientId, clientSecret, scopeBase, authorityUrl);

        if (authenticationResult != null)
        {
            var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
            var client = new PowerBIClient(new Uri(apiUrl), tokenCredentials);

            client.HttpClient.Timeout = TimeSpan.FromMinutes(200);
            client.HttpClient.DefaultRequestHeaders.Add("ActivityId", Guid.NewGuid().ToString());

            return client;
        }

        return null;

Then when I try to get groups, it returns 0 records

var workspaces = (await client.Groups.GetGroupsAsync()).Value;

When I try to get reports it shows forbidden on the first call and unauthenticated on the 2nd call. What permissions am I missing?

var reports = (await client.Reports.GetReportsAsync()).Value;
var report = (await client.Reports.GetReportsInGroupAsync(new Guid(powerBiWorkspace.WorkspaceId))).Value;

Thank you for your help

Solution

  • The issue ended up being that I did not have the service principal assigned to the new security group. Once that was done, I was able to successfully use the API calls.