I am trying to authenticate against a standard ASP.NET web application API using Azure AD authentication.
I am able to get a token from the Azure application using the clientId and secret, but when I try to create a GET request in powershell i get a 401 unauthorized.
Shouldn't the token for the application that was created with the web application grant access to the API?
This is the script used to produce the result.
$postParams = @{
grant_type='client_credentials';
client_id=$clientId;
client_secret=$clientSecret;
resource='https://graph.microsoft.com';
}
$token = Invoke-WebRequest -Uri "https://login.microsoftonline.com/$($tenantId)/oauth2/token" -Method
Post -Body $postParams | select -expand content | convertfrom-json | select -expand access_token
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "bearer $token")
Invoke-WebRequest -Uri "https://localhost:32775/weatherforecast" -Method Get -Headers $headers -ContentType "application/json"
Which returns.
Invoke-WebRequest : The remote server returned an error: (401) Unauthorized.
bearer
should beBearer
with a capitalB
– Theo