none
Blockchain WorkBench C# SDK API RRS feed

  • Question

  • We have been trying to use the WorkBench C# SDK. Our BlockChain instance is up and running fine and we have several applications running under it. We have followed the C#/.NET REST API interface sample.

    In the example below:

    BlockchainappName  = name of the blockchain app as shown in the Enterprise applications list in Azure Active Directory.

    ClientId     = Application ID of the Blockchain instance running under Azure Active Dir.

    At the login prompt we enter an admin account and then select the account type.
    After which we always get an error  AADSTS50001; Application name not found in the tenant named "our tenant name".

    [The admin account used is one that we use to add applications and user to them.]

    The code is  :

    tenantname  = "our tenant name"

    authority   = “https://login.microsoftonline.com/tenantname.onmicrosoft.com "

    clientId = "10494cda-2aad-4449-b813-dd17ae8500bb";  // (Blockchain AppID)

    redirectUri =  new Uri("https://tenantname.onmicrosoft.com/BlockchainappName");

    resId  = "https :\\BlockChainappName.azurewebsites.net" 

    authContext = new AuthenticationContext(authority, new FileCache());

    result = await authContext.AcquireTokenAsync(resId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Always));

    How should resId be set, are there an examples ?

    Thanks

    Sunday, July 8, 2018 3:19 PM

All replies

  • I recommend referencing the following article and sample to get the right bearer token for making API calls:

    https://github.com/Azure-Samples/blockchain/tree/master/blockchain-workbench/rest-api-samples/dotnet


    Zeyad Rajabi (MS)

    Tuesday, July 10, 2018 5:30 PM
  • Hi  

    Thank you for your response. We did follow the C# example and ran the code in a console app, but without success. What we find is as follows. If we call:

    var cr = new ClientCredential("APP_ID", "SECRET_KEY");  // ap-id, and key from Blockchain Instance

    AuthenticationContext ct = new AuthenticationContext("APP_ID",  cr);

    We get a token returned that can be used to call the BlockChain Api endpoint via the C# Lib

    GatewayApi.Instance.SetAuthToken(ar.AccessToken);

    GatewayApi.SiteUrl = "https://blockchain-ty6nnz-api.azurewebsites.net";

    var k = await GatewayApi.Instance.GetAllUsersAsync();

             

    We receive a list of users in “k”, as expected, we can make a few other calls to the API e.g. GetLedgersAsync(),  but that is all. Other calls return nothing.

    So the library works, as expected but we are unable to get information from the API endpoint which require security, e.g. calls to GetApplicationsAsync() fail to return anything            

    We then try to login with a valid account, calling the following:

    var ad = "https://login.windows.net/andyfazhotmail.onmicrosoft.com/oauth2/authorize"

    AuthenticationContext ct = new AuthenticationContext(ad, true);

    Uri redirectUri = new Uri("https://tenant.onmicrosoft.com/blockchainapp/");

    string ResourceId = "https://tenant.onmicrosoft.com/blockchainapp";

    AuthenticationResult ar = await ct.AcquireTokenAsync(ResourceId, "APP_ID”, redirectUri, new PlatformParameters(PromptBehavior.Always));

    We get the login prompt and when we try to login with an account registered as an admin on our Blockchain Enterprise Instance (e.g. one who can create accounts and add applications) we always get the following error message:

    Message: AADSTS50001: The application named https://*****.onmicrosoft.com/blockchainapp was not found in the tenant named *****.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Note: We login as "Personal" and not "School or Work".

    Any ideas as to what the issue might be would be most welcome . Thank you.


    Thursday, July 12, 2018 2:17 PM
  • Hi,

    If you are getting proper responses to one of the endpoints (/api/v1/users and /api/v1/ledgers, in your example), then your bearer token should be correct for all endpoints - we are not using different authentication schemes for different endpoints.

    One important point is that your user will need to be in the admin role to see all applications in the system. Please see the documentation here to add your user to the admin role.

    Thanks,


    Microsoft Azure Blockchain Team

    Friday, July 13, 2018 5:43 PM
    Owner
  • Thank you for the response.

    Yes, the account we use is an Admin in the BC instance and a Global Admin the AD Tenancy  .. we use the account to access the BC instance's URL Application page, to load BC app's and to assign users to roles in within those apps.

    In the first instance where we aquired a token by calling: 
    var cr = new ClientCredential("APP_ID", "SECRET_KEY");  // ap-id, and secret key
    AuthenticationContext ct = new AuthenticationContext("APP_ID",  cr);

    We'd assumed that as there is no "user", and thus role, we only have access to limited API info.  Our problem is to define a configuration whereby we can pass Admin details (username / password ) to a login without it erroring and then flagging the "app not found in tenancy" error. 

    Is there an example of this for a "real" BC workbench app? 

    As we note we login using  "Personal" and not "School or Work", should that make any difference?

    Thanks

    It's very frustratiing since, for us at least, most other things on the BC WorkBench are working fine.


    Monday, July 16, 2018 11:22 AM