Azure AD Protected Web API calls failed with Consent error

0
votes

I have an application(WebApp) which calls external API(WebApi1) and WebApi1 calls Another external Api WebApi2.

I have given application permission to WebApi1 from WebApp Similarly application permission to WebApi2 from WebApi1

I got consent page for WebApi1 and accepted it, it works fine for WebApi1. But when I tried to call WebApi2 with on behalf of user from WebApi1, it throws consent page error.

AADSTS65001: The user or administrator has not consented to use the application with ID

1
azure-api-appsazure-active-directory
To confirm, do you integrate the AAD in your web api applications in your own code logic? Or config in portal? And have you tried config the knownClientApplications in AAD application's manifest as mentioned at docs.microsoft.com/en-us/azure/active-directory/…Gary Liu
I have tried with KnownClientApplications, but still issue with code blog - Thanks Gary, I have tried with KnownClientApplications in manifest. When I tried the below code blog it throwing that exception - AuthenticationContext authContext = new AuthenticationContext(authority); var result = authContext.AcquireTokenAsync(webApi2ResourceId, clientCred, userAssertion).Result;malay mandal
Also all azure applications are single tenantmalay mandal
Have you fixed this issue?Fei Xue - MSFT
Not fixed, the same code worked in one machine, but in my machine and some others. not sure, what went wrong!malay mandal

1 Answers

0
votes

If you register the app from Azure portal, there is no need to config the knownClientApplications since it already give the consent when we register the app.

And if you register from other portal, after you config the KnownClientApplications you need to grant the permission again to use the parameter prompt=consent. In this time, the web app will also require you to give the consent to the web api2. After you grant the consent, the issue should be fixed.