locked
Authentication using a registered app RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Community,

    My end goal is to be able to connect to PowerBI REST APIs and to that end, I have created an app in Azure. 

    I have an Azure Function App which does that for me, but I first need to be able to log in using the registered app.

    I have tried all ( or most of the solutions available) that teach us how to log in using a user name and password, and I see that there are 2 errors that are thrown, depending on what sample I try out:

    1. 

    Failed to call the Web Api: Forbidden
Content: {
  "error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "d426325e-fae3-4da1-978e-18f4c4dcf689",
      "date": "2019-05-02T09:20:47"
    }
  }
}

    2. 

      Federated service at https://opal.abcd.com/adfs/services/trust/2005/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized.
{Microsoft.Identity.Client.MsalClientException: Federated service at https://opal.abcd.com/adfs/services/trust/2005/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized. ---> Microsoft.Identity.Client.MsalServiceException: Federated service at https://opal.abcd.com/adfs/services/trust/2005/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized.
   at Microsoft.Identity.Client.WsTrust.WsTrustWebRequestManager.GetWsTrustResponseAsync(WsTrustEndpoint wsTrustEndpoint, String wsTrustRequest, RequestContext requestContext)
   at Microsoft.Identity.Client.WsTrust.CommonNonInteractiveHandler.GetWsTrustResponseAsync(UserAuthType userAuthType, String cloudAudienceUrn, WsTrustEndpoint endpoint, String username, SecureString securePassword)
   --- End of inner exception stack trace ---
   at Microsoft.Identity.Client.WsTrust.CommonNonInteractiveHandler.GetWsTrustResponseAsync(UserAuthType userAuthType, String cloudAudienceUrn, WsTrustEndpoint endpoint, String username, SecureString securePassword)
   at Microsoft.Identity.Client.WsTrust.CommonNonInteractiveHandler.PerformWsTrustMexExchangeAsync(String federationMetadataUrl, String cloudAudienceUrn, UserAuthType userAuthType, String username, SecureString password)
   at Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest.FetchAssertionFromWsTrustAsync()
   at Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenByUsernamePasswordParameters usernamePasswordParameters, CancellationToken cancellationToken)
   at up_console.PublicAppUsingUsernamePassword.GetTokenForWebApiUsingUsernamePasswordAsync(IEnumerable`1 scopes, String username, SecureString password) in C:\Users\dpradh1\Desktop\active-directory-dotnetcore-console-up-v2-master\active-directory-dotnetcore-console-up-v2-master\up-console\PublicAppUsingUsernamePassword.cs:line 96

    A few of the samples that I have tried are:

    Documented sample 1

    Documented Sample 2



    Can someone please help ! 

    TheStarSailor


    • Edited by TheStarSailor Thursday, May 2, 2019 11:28 AM Provided samples which I tried
    Thursday, May 2, 2019 10:43 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Yep...

    So apparently, I have to use a service principle account for this to work.

    Thanks ! 

    TheStarSailor

    Monday, May 6, 2019 10:25 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    You may be get this error when you have not provided proper permissions to PowerBI APIs when registering your application.  In order to user Power BI Rest API's you need to register your application and provide permissions to PowerBI API's.  You can use the PowerBI App registration Tool (dev.powerbi.com/apps) for the same.   Refer to PowerBI documentation for the same.

    Also, you can get the access tokens either using User Owns Data or Application Owns Data process flow. User Owns Data is used when embedding content for Power BI users that access content has access to the Power BI service.  In Application Owns Data Users aren't necessarily Power BI users.  Please refer to Get an Azure AD access token for your Power BI application for details. Also, refer to What Developers Can Do with Power BI to get the core concepts.

    Thursday, May 2, 2019 12:56 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Saurabh,

    I've pretty much given all the permissions to the app.

    I have attached an image with the current permissions. Can you please tell me which one I am missing?

    Thanks so much in advance !

    TheStarSailor

    Thursday, May 2, 2019 1:39 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Have you used the grant permissions using the Grant button on Azure portal.  Also, if you have provide consent using a master account which isn't a Global admin the grant permissions is only for the master account of this application.  When you consent using Global admin you grant permissions to all users in your organization. Refer to Apply permissions to your application within Azure AD.


    Thursday, May 2, 2019 5:17 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Yep...

    So apparently, I have to use a service principle account for this to work.

    Thanks ! 

    TheStarSailor

    Monday, May 6, 2019 10:25 AM