1

Scope value = "https://graph.microsoft.com/.default" OR "https://graph.microsoft.com/beta"

gives below err in asp.net c#.

MsalServiceException: AADSTS500011: The resource principal named https://graph.microsoft.com/v1.0 was not found in the tenant named 'xxxxxxxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

code:

string clientId = AppClientID;
        string clientSecret = Secret;
        string redirectUri =`enter code here` System.Configuration.ConfigurationManager.AppSettings["redirectUri"]; 
        string authority = "https://login.microsoftonline.com/" + tenantID;              
        string[] scopes = new string[] { "https://graph.microsoft.com/.default" };        
        //string[] scopes = new string[] { "https://graph.microsoft.com/beta/.default" };        
        IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
            .Create(clientId)
            .WithRedirectUri(redirectUri)
            .WithClientSecret(clientSecret)
            .WithAuthority(authority)
            .Build();
        AuthorizationCodeProvider auth = new AuthorizationCodeProvider(app, scopes);
        GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
        {           
            var authResult = app.AcquireTokenForClient(scopes).WithAuthority(authority, true).ExecuteAsync().Result.AccessToken.ToString();
            requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult);
        }));      
        var onlineMeeting = new OnlineMeeting
        {
            StartDateTime = DateTimeOffset.Parse("2021-07-12T21:30:34.2444915+00:00"),
            EndDateTime = DateTimeOffset.Parse("2021-07-12T22:00:34.2464912+00:00"),
            Subject = "My First MS Teams Meeting"
        };
        await graphServiceClient.Me.OnlineMeetings.Request().AddAsync(onlineMeeting);
Allen Wu
  • 15,529
  • 1
  • 9
  • 20
anu
  • 45
  • 1
  • 12
  • Please change the `scope` to: `https://graph.microsoft.com/.default` – Carl Zhao Sep 08 '20 at 07:23
  • using scope = https://graph.microsoft.com/.default .posted code in question.plz check. – anu Sep 08 '20 at 07:37
  • Still get the same error? I didn't see `https://graph.microsoft.com/v1.0` is put anywhere in your code. – Allen Wu Sep 08 '20 at 07:51
  • I am new here so thanx for formatting @Allen.When i tried 'https://graph.microsoft.com/v1.0' i got parameter 'scope' is not valid. The scope https://graph.microsoft.com/v1.0 is not valid. – anu Sep 08 '20 at 08:14
  • Don't use `https://graph.microsoft.com/v1.0` or `https://graph.microsoft.com/v1.0/.default`. Just as Carl suggested, use `https://graph.microsoft.com/.default`. I think the error you posted here won't occur if you set the scope as `https://graph.microsoft.com/.default`. – Allen Wu Sep 08 '20 at 09:02
  • OK.I tried https://graph.microsoft.com/.default as per both of u then i am getting err 'Code: NotImplemented.Message: Create online meeting with application permission is only supported in beta.'To resolve this err when i tried scope "https://graph.microsoft.com/beta/.default" again i getting err MsalServiceException: AADSTS500011: The resource principal named https://graph.microsoft.com/beta was not found in the tenant.so need guidance. – anu Sep 08 '20 at 09:19

1 Answers1

2
  1. If I set "scope" to https://graph.microsoft.com/v1.0/.default, your problem can be reproduced, so please make sure to set "scope" to https://graph .microsoft.com/.default.

enter image description here

  1. You cannot use the [AcquireTokenForClient][2] function in the auth code flow to obtain a token. It is generally applied to the client credential flow. This flow does not require user login, so even if you use this function to obtain a token, it is not correct. You can parse the To view the token, it does not have the permissions you added in the portal. For the auth code flow, you should use AcquireTokenByAuthorizationCode to obtain the token, as Pamela mentioned.

Use AcquireTokenByAuthorizationCode to obtain the token and parse:

enter image description here enter image description here

3.Code:

            string clientId = "{clientId}";
            string clientSecret = "{clientSecret}";
            string redirectUri = "{redirectUri}";
            string authority = "https://login.microsoftonline.com/{tenant id}";
            string authorizationCode = "code";

            string[] scopes = new string[] { "https://graph.microsoft.com/.default" };

            IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
                .Create(clientId)
                .WithRedirectUri(redirectUri)
                .WithClientSecret(clientSecret)
                .WithAuthority(authority)
                .Build();

            AuthorizationCodeProvider auth = new AuthorizationCodeProvider(app, scopes);

            GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {

                // Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
                var authResult = await app.AcquireTokenByAuthorizationCode(scopes, authorizationCode).ExecuteAsync();

                // Add the access token in the Authorization header of the API request.
                requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);

            })
            );

            var onlineMeeting = new OnlineMeeting
            {
                StartDateTime = DateTimeOffset.Parse("2021-07-12T21:30:34.2444915+00:00"),
                EndDateTime = DateTimeOffset.Parse("2021-07-12T22:00:34.2464912+00:00"),
                Subject = "My First MS Teams Meeting"
            };

            await graphServiceClient.Me.OnlineMeetings.Request().AddAsync(onlineMeeting);
Carl Zhao
  • 8,543
  • 2
  • 11
  • 19
  • Thanx for such a detail explanation @Carl.For using AcquireTokenByAuthorizationCode() i dont know how to get authorizationCode shown by u below:'var authResult = await app.AcquireTokenByAuthorizationCode(scopes, authorizationCode).ExecuteAsync();'.plz provide a code to get authorizationCode . – anu Sep 08 '20 at 10:54
  • Hi @Carl,@Allen,@Pamela,,I tried using app.AcquireTokenByAuthorizationCode(scopes, authorizationCode) to get access token.and scope graph.microsoft.com/OnlineMeetings.ReadWrite suggested by you.I am able to create a meeting successfully.But concern is i am unable to get AuthorizationCode pro-grammatically so i take it manually from browser.so plz proved code to get AuthorizationCode pro-grammatically.Thanx a lot. – anu Sep 08 '20 at 16:11
  • @sdsUser You cannot obtain the `code` in a pro-grammatically manner, because obtaining the `code` is an interactive process. You must first log in to the user, and the `code` needs to be dynamically obtained in the browser. – Carl Zhao Sep 09 '20 at 01:46