0

I have a simple ASP.Net web application consist of .aspx web from hosted on azure as cloud service. In my application there is no user login. I want to connect with Microsoft Graph API and and to use Microsoft Bookings API to get the BookingBusiness collection on my home page load without user login. I am currently debugging my web app on my desktop using Azure emulator. I have the ofiice 365 premium account access assoiciated with my microsoft account (v-sheeal@microsoft.com) and I had created a Booking business using my v- alias through Booking tools (https://outlook.office.com/owa/?path=/bookings). I registered an app in AAD in the same tenant with all required permission and provided the Cliend Id and secret in the code to get the access token. I am using Client credentials Grant flow to get the access token and try to invoke the booking API. I am able to get the access token, but when the code try to get the the list of booking businesses it is giving below exception.

DataServiceClientException: { "error": { "code": "", "message": "Authorization has been denied for this request.", "innerError": { "request-id": "d0ac6470-9aae-4cc2-9bf3-ac83e700fd6a", "date": "2018-09-03T08:38:29" } } }

The code and registered app setting details are in below screen shot. .aspx.cs 

private static async Task<AuthenticationResult> AcquireToken()
    {
        var tenant = "microsoft.onmicrosoft.com"; 
      //"yourtenant.onmicrosoft.com";
        var resource = "https://graph.microsoft.com/";
        var instance = "https://login.microsoftonline.com/";
        var clientID = "7389d0b8-1611-4ef9-a01f-eba4c59a6427";
        var secret = "mxbPBS10|[#!mangJHQF791";
        var authority = $"{instance}{tenant}";
        var authContext = new AuthenticationContext(authority);
        var credentials = new ClientCredential(clientID, secret);           

        var authResult = await authContext.AcquireTokenAsync(resource, 
     credentials);

        return authResult;
    }

     protected void MSBooking()
    {               
        var authenticationContext = new 
  AuthenticationContext(GraphService.DefaultAadInstance, 
  TokenCache.DefaultShared);
        var authenticationResult =  AcquireToken().Result;


    var graphService = new GraphService(
        GraphService.ServiceRoot,
        () => authenticationResult.CreateAuthorizationHeader());

       // Get the list of booking businesses that the logged on user can see.

        var bookingBusinesses = graphService.BookingBusinesses; ----- this 
       line throwing an exception "Authorization has been denied        for 
      this request."
    }

GraphService.cs

namespace Microsoft.Bookings.Client
{
    using System;
    using System.Net;

    using Microsoft.OData;
    using Microsoft.OData.Client;

    public partial class GraphService
    {
        /// <summary>
        /// The resource identifier for the Graph API.
        /// </summary>
        public const string ResourceId = "https://graph.microsoft.com/";

        /// <summary>
        /// The default AAD instance to use when authenticating.
        /// </summary>
        public const string DefaultAadInstance = 
       "https://login.microsoftonline.com/common/";

        /// <summary>
        /// The default v1 service root
        /// </summary>
        public static readonly Uri ServiceRoot = new 
       Uri("https://graph.microsoft.com/beta/");

        /// <summary>
        /// Initializes a new instance of the <see 
       cref="BookingsContainer"/> class.
        /// </summary>
        /// <param name="serviceRoot">The service root.</param>
        /// <param name="getAuthenticationHeader">A delegate that returns 
  the authentication header to use in each request.</param>
        public GraphService(Uri serviceRoot, Func<string> 
  getAuthenticationHeader)
            : this(serviceRoot)
        {
            this.BuildingRequest += (s, e) => e.Headers.Add("Authorization", 
      getAuthenticationHeader());
        }


  }

enter image description here enter image description here

enter image description here

Darrel Miller
  • 139,164
  • 32
  • 194
  • 243
sheeraz
  • 21
  • 3

1 Answers1

0

According to your description, I assume you want to use the Microsoft Bookings API.

Base on the images you’ve provided, You are missing define scope in your code and the Authority is incorrectly.

We can review document to get an Access Token without a user.

Keen Jin
  • 1,060
  • 1
  • 6
  • 8
  • Thanks for your response. Could you please let me know what value should be for Scope and Authority? i gone through the document you refer, but i am not able to found which correct value i need to set. – sheeraz Sep 06 '18 at 11:57
  • As the document, the scope should be 'https://graph.microsoft.com/.default'. And This value informs the v2.0 endpoint that of all the application permissions you have configured for your app – Keen Jin Sep 10 '18 at 01:38
  • Thanks, I change scope to 'graph.microsoft.com/.default' and 'graph.microsoft.com/beta' but it is still failing authentication and giving below error as seen in Fiddler. – sheeraz Sep 12 '18 at 14:36
  • {"error":"invalid_resource","error_description":"AADSTS50001: The application named https://graph.microsoft.com/beta/ was not found in the tenant named microsoft.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: edc54570-5-f14a00\r\nCorrelation ID: 8d81c1e8-035878657\r\nTimestamp: 2018-09-12 07:29:18Z","error_codes":[501],"timestamp":"2018-09-12 07:29:18Z","trace_id":"edc-fcfa00","correlation_id":"8d1e88657"}. – sheeraz Sep 12 '18 at 14:47
  • Now I changed the coding approach and using native app approach, but yes we need to login. Now I am able to connect Booking API, and the next problem came to me is, How to convert OData JSON in to Microsoft.Bookings.Client BookingBusiness class object? My Json PayLoad is. – sheeraz Sep 12 '18 at 14:48
  • {"@odata.context":"https://graph.microsoft.com/beta/$metadata#bookingBusinesses/$entity","id":"SheerazHCL@microsoft.onmicrosoft.com","displayName":"SMB Scheduler-Bing Ads","businessType":"Bing Support Agent","phone":"+91 12345670","email":"v-sheeal@microsoft.com","webSiteUrl":"https://bingads.microsoft.com/","isPublished":true,"publicUrl":"https://outlook.office365.com/owa/calendar/SheerazHCL@microsoft.onmicrosoft.com/bookings/","address":{"type":"home","postOfficeBox":"","street":"1 Microsoft Way","city":"Redmond","state":"WA","countryOrRegion":"United States","postalCode":"98052"}} – sheeraz Sep 12 '18 at 14:51
  • Sorry, it's my fault, the scope should be `https://graph.microsoft.com/.default`, you can get it in [this document](https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service#4-get-an-access-token) – Keen Jin Sep 13 '18 at 01:27