Connecting with ADAL to Microsoft Graph gives 406 error

Question

I am trying to get a ActiveDirectoryClient in a C# client, like this:

 Uri servicePointUri = new Uri("https://graph.microsoft.com/v1.0/me/messages");
 Uri serviceRoot = new Uri(servicePointUri, <OUR-AZURE-TENANT-ID>);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
                    async () => await AcquireTokenAsyncForUser());

With this AcquireTokenAsyncForUser() method:

public static async Task<string> AcquireTokenAsyncForUser()
    {
        return await GetTokenForUser();
    }


    public static async Task<string> GetTokenForUser()
    {
        if (TokenForUser == null)
        {

            AuthenticationContext authenticationContext = new AuthenticationContext("https://login.microsoftonline.com/common/v2.0");
            UserPasswordCredential userCredential = new UserPasswordCredential("<USERNAME>@outlook.com", <PASSWORD>);

            AuthenticationResult userAuthnResult = await authenticationContext.AcquireTokenAsync("https://graph.microsoft.com/v1.0/me/messages",
                <AZURE AD APP CLIENT ID>, userCredential);

            TokenForUser = userAuthnResult.AccessToken;
            Console.WriteLine("\n Welcome " + userAuthnResult.UserInfo.GivenName + " " +
                              userAuthnResult.UserInfo.FamilyName);
        }
        return TokenForUser;
    }

I keep getting this error:

Error getting signed in user accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed-

Response status code does not indicate success: 406 (NotAcceptable).-

It does not matter if I use correct or incorrect credentials.

Answer 1

AAD does not support WS-Trust sign in for MSA accounts. You have to sign in the user via webview by calling

AcquireTokenAsync("https://graph.microsoft.com/v1.0/me/messages",
                <AZURE AD APP CLIENT ID>, new Uri("<your redirect uri>", new PlatformParameters(PromptBehavior.Auto{or whatever you want}, null));