Microsoft graph get access without a user to get calendar events

1
votes

I create ASP.Net MVC application that use "get access without a user" scenario and I have granted all needed permission as application permission(Calendars.Read) using admin consent. I can already get token and can use that token to get user profile successfully. But, when I try to get calendar events data it get error code "AuthenticationError" and error message "Error authenticating with resource". I use C# code like this:

var events = await graphClient.Users[principalName].Events
            .Request()
            .GetAsync();

Can Anyone suggest What things I missed or What permission I should use?

My code to get authentication is like this, finally I added "WithExtraQueryParameters" to ensure that I use grant_type is client_credentials

private static GraphServiceClient GetAuthenticated()
    {
        AuthenticationResult result = null;

        var query = new Dictionary<string, string>();
        query.Add("grant_type", "client_credentials");
        var idClient = ConfidentialClientApplicationBuilder
                            .Create(appId)
                            .WithAuthority(AzureCloudInstance.AzurePublic, $"{tenantId}")
                            .WithClientSecret(appSecret)
                            .WithExtraQueryParameters(query)
                            .Build();

        string[] scopes = new string[] { "https://graph.microsoft.com/.default" };

        ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(idClient);

        return new GraphServiceClient(new DelegateAuthenticationProvider(
            async (requestMessage) => {
                var accounts = await idClient.GetAccountsAsync();
                if (accounts.Any())
                {
                    result = await idClient.AcquireTokenSilent(graphScopes?.Split(','), accounts.FirstOrDefault()).ExecuteAsync();
                }
                else {
                    result = await idClient.AcquireTokenForClient(scopes).ExecuteAsync();
                }

                requestMessage.Headers.Authorization =
                    new AuthenticationHeaderValue("Bearer", result.AccessToken);
            }
        ));
    }
3
c#asp.net-mvcmicrosoft-graph-apimicrosoft-graph-calendar
Which provider do you use?Martin.Martinsson
I use ClientCredentialProvider @Martin.MartinssonSyarif
it seems that error comes from your provider initialization. Please, share a code where you create auth provider (which you pass to the constructor of your graphClient)Serenkiy
Do you use a tenant-id? (.WithTenantId(tenantId))Martin.Martinsson
I update my code, how I get my access token from AD Azure @SerenkiySyarif

3 Answers

0
votes

Please try adding permissions: Calendars.ReadWrite, OnlineMeetings.Read.All, OnlineMeetings.ReadWrite.All

0
votes

Don't know what's wrong with your code. I can suggest you to use Microsoft graph SDK. Have a look at Microsoft graph auth. And don't forget about Microsoft Identity client. Combining these two packages will simplify auth process and prevent you from such bugs.

If you decide to use them. Your auth would look like this:

var app = ConfidentialClientApplicationBuilder.Create("client id")
                    .WithClientSecret("client secret")
                    .WithTenantId("your tenant id")
                    .WithAuthority(AadAuthorityAudience.AzureAdMyOrg)
                    .Build();
var authProvider = new ClientCredentialProvider(app);
var graphClient = new GraphServiceClient(authProvider);

And then use graphClient for creating requests to the microsoft graph. Let me know if anything go wrong.

0
votes
var confidentialClient = ConfidentialClientApplicationBuilder
                .Create(clientId)
                .WithTenantId(tenantId)
                .WithClientSecret(clientSecret)
                .Build();

                var graphClient = new GraphServiceClient(new ClientCredentialProvider(confidentialClient));

                var evnts = await graphClient.Users["coyote@acme.com"].Events.Request().GetAsync();

This works when your client secret, tenant matches and you have set application permissions.

What does not work is this (ticket pending by me @MS):

    var tasks = await graphClient.Users["coyote@acme.com"].Outlook.Tasks
.Request()
.GetAsync();

Regards