0

I am trying to Authenticate using Postman to obtain Azure AD bearer token, then send token to my local WebApi .net Core server, which should validate the token and send request to Graph API. But for last couple of hours I am stuck at this error.

Microsoft.Identity.Client.MsalUiRequiredException: AADSTS65001: The user or administrator has not consented to use the application with ID 'b6590b93-aeba-45e1-b337-f52695e3647e' named 'RegistryCrawlePublicWebApi'. Send an interactive authorization request for this user and resource.

enter image description here

enter image description here

Azure Portal API Permissions:

enter image description here

namespace WebApiUsingGraphApi.Controllers
{
    [Authorize]
    [ApiController]
    [Route("[controller]")]
    public class GraphCallsController : ControllerBase
    {
        private readonly GraphApiClientDirect _graphApiClientDirect;

        public GraphCallsController(GraphApiClientDirect graphApiClientDirect)
        {
            _graphApiClientDirect = graphApiClientDirect;
        }

        [HttpGet]
        public async Task<string> Get()
        {
            var user = await _graphApiClientDirect.GetGraphApiUser()
                .ConfigureAwait(false);

            // var photo = await _graphApiClientDirect.GetGraphApiProfilePhoto();
            // var file = await _graphApiClientDirect.GetSharepointFile();
            return user.DisplayName;
        }

    }
}

Startup.cs

services.AddMicrosoftIdentityWebApiAuthentication(Configuration)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddInMemoryTokenCaches();

enter image description here

marhyno
  • 677
  • 1
  • 8
  • 20
  • Could you please refer this https://techcommunity.microsoft.com/t5/azure-active-directory-identity/aadsts65001-the-user-or-administrator-has-not-consented-when/m-p/832187 – AjayKumarGhose Oct 18 '21 at 10:59

1 Answers1

0

Microsoft.Identity.Client.MsalUiRequiredException: AADSTS65001

For above error in .net , Based on the MS DOC

Get user consent first. If you aren't using .NET Core (which doesn't have any Web UI), call (once only) AcquireTokeninteractive. If you are using .NET core or don't want to do an AcquireTokenInteractive, the user can navigate to a URL to give consent: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={clientId}&response_type=code&scope=user.read. to call AcquireTokenInteractive: app.AcquireTokenInteractive(scopes).WithAccount(account).WithClaims(ex.Claims).ExecuteAsync();

For more information please refer this SO THREAD : AADSTS65001: The user or administrator has not consented to use the application with ID '

AjayKumarGhose
  • 4,257
  • 2
  • 4
  • 15