❔ Can't access Microsoft Graph. What part am I not understanding clearly?
I will give my steps. The code. and the problem.
Step 1. Login using Swagger UI [See Images]
Step 2. Run My Get Method to get the User.
My Problem
I receive this error [See Images]
My Code
StartUp.cs - Swagger UI
Startup.cs - Add Microsoft Web Identity I Have multiple authentication Schemes
My Controller Method Called
I do not get it. I have signed the user in and asking for permission for the scope User.Read? What am I missing? I am very fustrated and have been at this for a week straight. Thank you for your time
Step 1. Login using Swagger UI [See Images]
Step 2. Run My Get Method to get the User.
My Problem
I receive this error [See Images]
Microsoft.Identity.Web.MicrosoftIdentityWebChallengeUserException: 'IDW10502: An MsalUiRequiredException was thrown due to a challenge for the user. See https://aka.ms/ms-id-web/ca_incremental-consent. 'Microsoft.Identity.Web.MicrosoftIdentityWebChallengeUserException: 'IDW10502: An MsalUiRequiredException was thrown due to a challenge for the user. See https://aka.ms/ms-id-web/ca_incremental-consent. 'My Code
StartUp.cs - Swagger UI
scopes.Add($"user.read", "Access application on user behalf");
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Name = "oauth2",
Scheme = OpenIdConnectDefaults.AuthenticationScheme,
BearerFormat = "JWT",
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri("https://login.microsoftonline.com/common/oauth2/v2.0/authorize"),
TokenUrl = new Uri("https://login.microsoftonline.com/common/common/v2.0/token"),
Scopes = scopes
},
},
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement() {
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "oauth2"
},
Name = "oauth2",
In = ParameterLocation.Header,
},
new List <string> ()
}
}); scopes.Add($"user.read", "Access application on user behalf");
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Name = "oauth2",
Scheme = OpenIdConnectDefaults.AuthenticationScheme,
BearerFormat = "JWT",
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri("https://login.microsoftonline.com/common/oauth2/v2.0/authorize"),
TokenUrl = new Uri("https://login.microsoftonline.com/common/common/v2.0/token"),
Scopes = scopes
},
},
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement() {
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "oauth2"
},
Name = "oauth2",
In = ParameterLocation.Header,
},
new List <string> ()
}
});Startup.cs - Add Microsoft Web Identity I Have multiple authentication Schemes
services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAd", OpenIdConnectDefaults.AuthenticationScheme)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(Configuration.GetSection("DownstreamAPI"))
.AddInMemoryTokenCaches(); services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAd", OpenIdConnectDefaults.AuthenticationScheme)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(Configuration.GetSection("DownstreamAPI"))
.AddInMemoryTokenCaches();My Controller Method Called
[HttpGet]
[Route("microsoftgraphauth")]
[AuthorizeForScopes(AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme, Scopes = new string[] { "microsoftgraphauth" })]
public async Task<ActionResult> MicrosoftGraphAuth()
{
try
{
var accessToken = Request.Headers[HeaderNames.Authorization];
User user = await graphServiceClient.Me.GetAsync(r => r.Options.WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme));
}
catch (Exception ex)
{
if (ex.InnerException is MsalUiRequiredException challengeException)
{
tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(new string[] { "User.Read" }, challengeException, authenticationScheme: OpenIdConnectDefaults.AuthenticationScheme, Response);
}
}
return Ok();
} [HttpGet]
[Route("microsoftgraphauth")]
[AuthorizeForScopes(AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme, Scopes = new string[] { "microsoftgraphauth" })]
public async Task<ActionResult> MicrosoftGraphAuth()
{
try
{
var accessToken = Request.Headers[HeaderNames.Authorization];
User user = await graphServiceClient.Me.GetAsync(r => r.Options.WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme));
}
catch (Exception ex)
{
if (ex.InnerException is MsalUiRequiredException challengeException)
{
tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(new string[] { "User.Read" }, challengeException, authenticationScheme: OpenIdConnectDefaults.AuthenticationScheme, Response);
}
}
return Ok();
}I do not get it. I have signed the user in and asking for permission for the scope User.Read? What am I missing? I am very fustrated and have been at this for a week straight. Thank you for your time
