Querying the Windows Azure Active Directory Graph Api by Rest Call

9
votes

According to this: http://msdn.microsoft.com/en-us/library/windowsazure/dn424880.aspx and this http://msdn.microsoft.com/en-us/library/windowsazure/hh974467.aspx

I should be able to do a get request

https://graph.windows.net/<my-object-guid>/tenantDetails?api-version=0.9

and I am using Fiddler just get started. Setting this in the composer: User-Agent: Fiddler Host: graph.windows.net Authorization: Bearer eyJ0eXA .... (My Token, used some c# from WAAL to get the token).

This is what is returned

HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer realm="<my-object-guid>", error="invalid_token", error_description="Access Token missing or malformed.", authorization_uri="https://login.windows.net/<my-object-guid>/oauth2/authorize", client_id="00000002-0000-0000-c000-000000000000"
ocp-aad-diagnostics-server-name: 11iIdMb+aPxfKyeakCML7Tenz8Kyy+G8VG19OZB/CJU=
request-id: 99d802a3-0e55-4018-b94d-a8c00ec8f171
client-request-id: 7ed93efd-86c5-4900-ac1f-747a51fe1d8a
x-ms-dirapi-data-contract-version: 0.9
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jan 2014 00:13:27 GMT
Content-Length: 129

{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."}}}

The token is accepted when I do some stuff in my application so I dont belive its malformed.

1
c#.netazureazure-active-directory
Did you ever get this resolved? I'm running into the exact same errorrwisch45
i dont think so, never tried it again after i ran into the issue here.Poul K. Sørensen

1 Answers

18
votes

I kept running into this problem. I was using the following code to get a bearer token for my native app:

        var authContext = new AuthenticationContext("AUTHORITY");
        string token;
        try
        {
            var authresult = authContext.AcquireToken("MYAPP_ID","MYAPP_CLIENTID","MYAPP_REDIRECTURI");
            token = authresult.AccessToken;
        }

Using that token worked fine for authorizing actions within my own app, but I'd get the same error as the OP when trying to use the same token as authorization for the Graph API.

What I had to do was get a new token specifically for the Graph API - I used the same code as above but I used "https://graph.windows.net" instead of "MYAPP_ID". So, to be clear, the following code gave me the correct OAuth token for the Graph API:

        var authContext = new AuthenticationContext("AUTHORITY");
        string token;
        try
        {
            var authresult = authContext.AcquireToken("https://graph.windows.net","MYAPP_CLIENTID","MYAPP_REDIRECTURI");
            token = authresult.AccessToken;
        }

Just make sure that your application registered in Azure has the necessary permissions to access your Azure domain's directory.