C#•3y ago

❔ ASP.NET Core WebAPI - Cannot choose the AuthenticationScheme for MicrosoftGraphs?

So I am using the Microsoft.Identity.Web Package to get the access token for a user. This works perfectly fine in Swagger.
AppSettings.Json

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "ClientId": "<id>",
    "ClientSecret": "<secret>",
    "TenantId": "common",
    "Scopes": "openid User.Read Calendar.ReadWrite"
  },
  "DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "openid User.Read Calendar.ReadWrite"
  },

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "ClientId": "<id>",
    "ClientSecret": "<secret>",
    "TenantId": "common",
    "Scopes": "openid User.Read Calendar.ReadWrite"
  },
  "DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "openid User.Read Calendar.ReadWrite"
  },

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "ClientId": "<id>",
    "ClientSecret": "<secret>",
    "TenantId": "common",
    "Scopes": "openid User.Read Calendar.ReadWrite"
  },
  "DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "openid User.Read Calendar.ReadWrite"
  },

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "ClientId": "<id>",
    "ClientSecret": "<secret>",
    "TenantId": "common",
    "Scopes": "openid User.Read Calendar.ReadWrite"
  },
  "DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "openid User.Read Calendar.ReadWrite"
  },

Startup.cs

            services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), OpenIdConnectDefaults.AuthenticationScheme)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
                .AddDistributedTokenCaches();

            services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), OpenIdConnectDefaults.AuthenticationScheme)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
                .AddDistributedTokenCaches();

            services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), OpenIdConnectDefaults.AuthenticationScheme)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
                .AddDistributedTokenCaches();

            services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), OpenIdConnectDefaults.AuthenticationScheme)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
                .AddDistributedTokenCaches();

The problem is when I try to access The Graph in a Get Method in the controller

        [HttpGet]
        [Route("microsoftgraphauth")]
        [AuthorizeForScopes(AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme)]
        public async Task<ActionResult> MicrosoftGraphAuth()
        {
            CalendarCollectionResponse calendars = await graphServiceClient.Me.Calendars.GetAsync();

            return Ok();
        }

        [HttpGet]
        [Route("microsoftgraphauth")]
        [AuthorizeForScopes(AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme)]
        public async Task<ActionResult> MicrosoftGraphAuth()
        {
            CalendarCollectionResponse calendars = await graphServiceClient.Me.Calendars.GetAsync();

            return Ok();
        }

        [HttpGet]
        [Route("microsoftgraphauth")]
        [AuthorizeForScopes(AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme)]
        public async Task<ActionResult> MicrosoftGraphAuth()
        {
            CalendarCollectionResponse calendars = await graphServiceClient.Me.Calendars.GetAsync();

            return Ok();
        }

        [HttpGet]
        [Route("microsoftgraphauth")]
        [AuthorizeForScopes(AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme)]
        public async Task<ActionResult> MicrosoftGraphAuth()
        {
            CalendarCollectionResponse calendars = await graphServiceClient.Me.Calendars.GetAsync();

            return Ok();
        }

I get an error on "CalendarCollectionResponse calendars = await graphServiceClient.Me.Calendars.GetAsync();"

System.InvalidOperationException: IDW10503: Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Bearer' as the authentication scheme. Available authentication schemes are 'Cookies,OpenIdConnect,Bearer'. See https://aka.ms/id-web/authSchemes.

System.InvalidOperationException: IDW10503: Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Bearer' as the authentication scheme. Available authentication schemes are 'Cookies,OpenIdConnect,Bearer'. See https://aka.ms/id-web/authSchemes.

System.InvalidOperationException: IDW10503: Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Bearer' as the authentication scheme. Available authentication schemes are 'Cookies,OpenIdConnect,Bearer'. See https://aka.ms/id-web/authSchemes.

System.InvalidOperationException: IDW10503: Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Bearer' as the authentication scheme. Available authentication schemes are 'Cookies,OpenIdConnect,Bearer'. See https://aka.ms/id-web/authSchemes.

I have come across this post

https://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes

to help me but in the latest version .Request() was removed.

Any Ideas?

CutterOP•7/26/23, 8:26 AM

Looking into the Release Notes shows me the new correct way
https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web.GraphServiceClient/Readme.md

However now the error is

TypeError: NetworkError when attempting to fetch resource.

TypeError: NetworkError when attempting to fetch resource.

Accord•7/27/23, 8:30 AM

Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.

❔ ASP.NET Core WebAPI - Cannot choose the AuthenticationScheme for MicrosoftGraphs?

Similar Threads

Similar Threads

Similar Threads