8

Getting exception while trying to access token from Azure AD by using ADAL from Console client.

Steps:

  1. I have configured Azure AD with my Web API application localhost:44307.
  2. Added the required configuration for Client Id, Client Key.
  3. Followed the work around by changing manifest suggested in this link. https://www.google.com/search?q=AADSTS50001+%2B+azure+AD+athentication&oq=AADSTS50001+%2B+azure+AD+athentication&aqs=chrome..69i57.10202j0j7&sourceid=chrome&espv=210&es_sm=93&ie=UTF-8#q=AADSTS50001&safe=active

ADAL Version Using: Microsoft.IdentityModel.Clients.ActiveDirectory 2.6.0-alpha

Console App Code:

void GetToken()
{
    clientId = "be6b055a-4efc-222a-2187-49657e6f4f1b";
    string ClientKey = "c/uIMlsqn9SzJLKKyBle42Ym+tgcaC2tbMlWxJQawE";
    string ClientCredential clientCred = new ClientCredential(clientId, ClientKey);

    authenticationContext = new AuthenticationContext("https://login.windows.net/MyDevAD.onmicrosoft.com");                
    authenticationResult = authenticationContext.AcquireToken("https://mylocalwebapiapp.com/", clientCred);
    ....
}

Fiddler Input:

POST https: //login.windows.net/MyDevAD.onmicrosoft.com/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
client-request-id: 53262b17-1234-4ed9-bdb3-748d332eb44b
return-client-request-id: true
x-client-SKU: .NET
x-client-Ver: 2.6.0.0
x-client-CPU: x64
x-client-OS: Microsoft Windows NT 6.3.9600.0
Host: login.windows.net
Content-Length: 185
Expect: 100-continue
Connection: Keep-Alive

grant_type=client_credentials&resource=https%3A%2F%2Flocalhost%3A44307%2F&client_id=be6b055a-4efc-408a-8187-42137e6f4f1b&client_secret=c%2FuIMlsqn9SzJLKKyBle123Ym%2BtgcaC3tbMlWxJQawE%3D

Fiddler Output:

HTTP/1.1 400 Bad Request
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Set-Cookie: x-ms-gateway-slice=ProductionB; path=/
x-ms-request-id: e89741b2-570d-44f6-9e71-6533b083abcd
client-request-id: 35262b17-4771-4ed9-bdb3-748d332eb33b
X-Content-Type-Options: nosniff
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Date: Tue, 01 Apr 2014 19:05:51 GMT
Content-Length: 438

{"error":"invalid_resource","error_description":"AADSTS50001: Resource 'https://mylocalwebapiapp.com/' is not registered for the account.\r\nTrace ID: e89741b2-570d-44f6-9e71-6533b083cdad\r\nCorrelation ID: 35262b17-4771-4ed9-cddb3-748d332eb44b\r\nTimestamp: 2014-04-01 19:05:53Z","error_codes":[50001],"timestamp":"2014-04-01 19:05:53Z","trace_id":"e89741b2-570d-44f6-9e71-6533b083cdad","correlation_id":"35262b17-4771-4ed9-bdb3-748d332eb44b"}

Note: Posted URLS and ID's are faked ones.

H. Pauwelyn
  • 13,575
  • 26
  • 81
  • 144
Sai
  • 1,376
  • 2
  • 15
  • 25
  • Have you registered the app you are calling for your account? – aevitas Apr 02 '14 at 17:19
  • Yes, Aeviats, I did that.It was working fine with Microsoft.IdentityModel.Clients.ActiveDirectory 1.3. Seems to be there are some breaking changes in Microsoft.IdentityModel.Clients.ActiveDirectory 2.6.0-Alpha. – Sai Apr 23 '14 at 19:21

1 Answers1

2

We should not have introduced any changes. I would recommend to double check that you assigned to your client app the correct permissions for accessing your web API. Please note that your app is getting a token with its own credentials, hence you need to assign app permissions directly (as opposed to delegated permissions). HTH V.

vibronet
  • 7,364
  • 2
  • 19
  • 21
  • Thank you for confirming that Vittorio. I'm sure I made all necessary settings from all required places (Client, Service, Azure AD). Just to confirm, from NuGet package manager if I just change the DLL to 1.3 the code runs fine and if I change the DLL to 2.6.0-Alpha the code fails. Correct me if I'm missing something. Also now 2.6.2 Alpha is available for download I will try with that and see. https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/1.0.0 – Sai Jun 24 '14 at 12:20
  • 1
    Thank you! I notified some colleagues about the issue you described in the thread, they will contact you soon (if they haven't already) to get more details on the failure. – vibronet Jun 25 '14 at 21:04
  • 3
    What was the result of that private discussion? I have the exact same problem here. Would love to know how to fix this. – Maxime Rouiller Nov 18 '14 at 19:14
  • Sorry for delayed response Maxime, I was done with project in Microsoft and no one has contacted me though. Team said they will follow up on that issue. After that I didn't get chance to play around with it. – Sai Jan 10 '15 at 05:54
  • 2
    HTH, Here's another interested user. During our experimentations we also get the same message "AADSTS50001: Resource '###' is not registered for the account". We did not realize we would have to register each individual account for the resource. And if so : how is taht accomplished? – Peter Klein Jan 12 '15 at 09:46