0

I have created a .net core console application to access the graph api. I created a authentication by using clientId and clientSecret of the Azure AD application

        string tenantName = "MY.TENANT";
        string authUrl = "https://login.microsoftonline.com/" + tenantName;
        var clientId = "MYID";
        var clientSecret = "MYSECRET";
        AuthenticationContext authenticationContext = new AuthenticationContext(authUrl, false);

        ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
        AuthenticationResult authenticationResult;

        authenticationResult = await authenticationContext.AcquireTokenAsync("https://graph.microsoft.com/", clientCred);
        return authenticationResult.AccessToken;

After I get a valid token the call do a sharepoint list works fine and I get some data

using var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, $"{graphUrl}/sites/{siteId}/lists/MYLISTGUID/items?expand=fields");
        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

        var response = await client.SendAsync(request);
        if (response.IsSuccessStatusCode)
        {
            var responseString = response.Content.ReadAsStringAsync().Result;
            return responseString;
        }

But if I call the Search API I get the following error: SearchRequest Invalid (Region is required when request with application permission.)

using var client = new HttpClient();
            var request = new HttpRequestMessage(HttpMethod.Post, $"{graphUrl}/search/query/");
            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

            var filter = new
            {
                Requests = new[] { 
                    new {
                        EntityTypes = new[] { "listItem" },
                        Query = new
                        {
                            QueryString = "Pio*"
                        }
                    }
                }
            };

            request.Content = new StringContent(JsonConvert.SerializeObject(filter), Encoding.UTF8, "application/json");

            var response = await client.SendAsync(request);
            if (response.IsSuccessStatusCode)
            {
                var responseString = response.Content.ReadAsStringAsync().Result;
            }

The same query by using the Graph Explorer works fine. I found some posts around that tells something, that you can not call the search API by using the application credential but only by using delegation. In my case the api call is made by a service user and not by the user directly. I have to migrate a Sharepoint on Premise solution which access the search in that way. Thanks for any input

cpiock
  • 1,275
  • 2
  • 17
  • 44

1 Answers1

0

You can get the region value by calling the following URL

https://yourtenant.sharepoint.com/_api/GeoTenantInstanceInformationCollection

Note: your tenant admin needs to call (copy&paste in the browser) this URL otherwise you will receive UnauthorizedAccessException with the message Current user is not a tenant administrator.

Then add region property with the value from the request above to your filter:

var filter = new
{
    Requests = new[] { 
        new {
            EntityTypes = new[] { "listItem" },
            Query = new
            {
                QueryString = "Pio*"
            },
            Region = "guid"
        }
    }
};

Resources:

Search content with application permissions

user2250152
  • 14,658
  • 4
  • 33
  • 57
  • Now error changed but I get ContentSources is empty. Did you have any idea? – cpiock Oct 21 '22 at 15:03
  • It's weird. ContentSource is only applicable when entityType=externalItem and, it's optional. Respects the following format: /external/connections/connectionid where connectionid is the ConnectionId defined in the Connectors Administration. – user2250152 Oct 22 '22 at 12:29
  • Strang I don't use any external source in our search – cpiock Oct 24 '22 at 07:14