azure active directory - Resource <Random Guid> does not exist or one of its queried reference-property objects are not present -


i'm trying basic call microsft graph.

https://graph.microsoft.com/v1.0/me/

i've done through c# sdk , directly using rest , on both calls, i'm getting following error

message = "resource 'f9d58168-4b3e-4948-9133-6c978d1ab18a' not exist or 1 of queried reference-property objects not present."

full error message returned in error response content stream

{   "error": {     "code": "request_resourcenotfound",     "message": "resource 'f9d58168-4b3e-4948-9133-6c978d1ab18a' not exist or 1 of queried reference-property objects not present.",     "innererror": {       "request-id": "80af6aec-5052-49ab-890c-273fea5c65ba",       "date": "2017-07-31t06:08:37"     }   } } 

the guid can different.

when through graph explorer works ok.

this code i'm using credentials app

private clientcredential getcredentials() {   return new clientcredential(_azureadoptions.clientid, _azureadoptions.clientsecret); }  private authenticationcontext getcontext(string userobjectid) {   return new authenticationcontext($"{_azureadoptions.aadinstance}{_azureadoptions.tenant}", gettokencache(userobjectid)); }  private distributedtokencache gettokencache(string userobjectid) {   return new distributedtokencache(userobjectid, _azureadoptions.clientid, _distributedcache, _loggerfactory); }  public async task<authenticationresult> gettoken(string userobjectid, string resourceid)         {             authenticationresult result;              var authcontext = getcontext(userobjectid);             var credential = getcredentials();              try             {                 result = await authcontext.acquiretokensilentasync(resourceid, credential, new useridentifier(userobjectid, useridentifiertype.uniqueid));             }             catch (adalsilenttokenacquisitionexception astae)             {                 result = await authcontext.acquiretokenasync(resourceid, credential);             }              return result;         } 

i've debugged through code , it's authenticating , acquiring token ok.

have copied , pasted request url app graph explorer , works.

have setup permissions through azure , same ones setup graph explorer.

this configuration i'm using in startup setup openid

var openidconnectoptions = new openidconnectoptions             {                 clientid = azureadoptions.clientid,                 scope =                 {                     "openid",                     "email",                     "profile",                     "offline_access",                     "user.read",                     "user_impersonation"                 },                 authority = $"{azureadoptions.aadinstance}{azureadoptions.tenant}",                 signinscheme = cookieauthenticationdefaults.authenticationscheme,                 authenticationscheme = openidconnectdefaults.authenticationscheme,                 postlogoutredirecturi = azureadoptions.postlogoutredirecturi,                 responsetype = openidconnectresponsetype.codeidtoken,                 usetokenlifetime = true,                 getclaimsfromuserinfoendpoint = false,                 events = new openidconnectevents                 {                     onredirecttoidentityprovider = onredirecttoidentityprovider,                     onremotefailure = onauthenticationfailed,                     onauthorizationcodereceived = onauthorizationcodereceived,                     onuserinformationreceived = onuserinformationreceived                 }             }; 

i'm using code in differnt application calls microsoft graph , have not had problems that.

update

i able user id claims principal (http://schemas.microsoft.com/identity/claims/objectidentifier) , used id call "https://graph.microsoft.com/v1.0/users('') same error. guid in error message guid of user claims principal.

so why user id in claims principal not being set correctly?

further update

it looks object identifier set in claims principal different 1 in azure active directory.

hard coding object identifier users endpoint works.

further further update

this seems access token being returned. after decrypting token can see object id of registered application , being used when calling "me" in office graph. shouldn't oid of token being returned of user. app has user.read in active directory.

error being returned acquiretokensilentasync

microsoft.identitymodel.clients.activedirectory.adalsilenttokenacquisitionexception:    @ microsoft.identitymodel.clients.activedirectory.acquiretokensilenthandler.sendtokenrequestasync (microsoft.identitymodel.clients.activedirectory, version=3.14.1.10, culture=neutral, publickeytoken=31bf3856ad364e35: c:\workspace\azure-activedirectory-library-for-dotnet-v3-master-vs2017\src\adal.pcl\flows\acquiretokensilenthandler.cs: 61)    @ microsoft.identitymodel.clients.activedirectory.acquiretokenhandlerbase+<runasync>d__55.movenext (microsoft.identitymodel.clients.activedirectory, version=3.14.1.10, culture=neutral, publickeytoken=31bf3856ad364e35: c:\workspace\azure-activedirectory-library-for-dotnet-v3-master-vs2017\src\adal.pcl\flows\acquiretokenhandlerbase.cs: 198)    @ system.runtime.exceptionservices.exceptiondispatchinfo.throw (system.private.corelib, version=4.0.0.0, culture=neutral, publickeytoken=7cec85d7bea7798e)    @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification (system.private.corelib, version=4.0.0.0, culture=neutral, publickeytoken=7cec85d7bea7798e)    @ microsoft.identitymodel.clients.activedirectory.authenticationcontext+<acquiretokensilentcommonasync>d__55.movenext (microsoft.identitymodel.clients.activedirectory, version=3.14.1.10, culture=neutral, publickeytoken=31bf3856ad364e35: c:\workspace\azure-activedirectory-library-for-dotnet-v3-master-vs2017\src\adal.pcl\authenticationcontext.cs: 618)    @ system.runtime.exceptionservices.exceptiondispatchinfo.throw (system.private.corelib, version=4.0.0.0, culture=neutral, publickeytoken=7cec85d7bea7798e)    @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification (system.private.corelib, version=4.0.0.0, culture=neutral, publickeytoken=7cec85d7bea7798e)    @ microsoft.identitymodel.clients.activedirectory.authenticationcontext+<acquiretokensilentasync>d__41.movenext (microsoft.identitymodel.clients.activedirectory, version=3.14.1.10, culture=neutral, publickeytoken=31bf3856ad364e35: c:\workspace\azure-activedirectory-library-for-dotnet-v3-master-vs2017\src\adal.pcl\authenticationcontext.cs: 415)    @ system.runtime.exceptionservices.exceptiondispatchinfo.throw (system.private.corelib, version=4.0.0.0, culture=neutral, publickeytoken=7cec85d7bea7798e)    @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification (system.private.corelib, version=4.0.0.0, culture=neutral, publickeytoken=7cec85d7bea7798e)    @ system.runtime.compilerservices.taskawaiter`1.getresult (system.private.corelib, version=4.0.0.0, culture=neutral, publickeytoken=7cec85d7bea7798e)    @ insite.security.authenticationservice+<gettoken>d__5.movenext (insite.security, version=1.0.0.0, culture=neutral, publickeytoken=null: c:\users\tobystatham\documents\visual studio 2017\projects\insite\insite.security\authenticationservice.cs: 47) 

in graph, /me/ endpoint alias signed in user (based on token). check this, decode jwt , see if there user information associated token. application without user present not able query /me/, , should instead specify user id of user of interest (/users/user id).


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -