I have problem while trying to acquire the ms graph access token without a user.

I login from code using the quickstart provided settings

    IConfidentialClientApplication app;
    app = ConfidentialClientApplicationBuilder.Create("<application client ID>")
                                              .WithClientSecret("<application secret>")
                                              .WithAuthority(new Uri("https://login.microsoftonline.com/<tenant ID>"))
                                              .Build();
    
    var result = await app.AcquireTokenForClient(new List<string>() { "https://graph.microsoft.com/.default" })
                      .ExecuteAsync();

    HttpClient sender = new HttpClient();
    sender.DefaultRequestHeaders.Add(
              "Authorization",
               String.Format("Bearer "   result.AccessToken)
               );
    HttpResponseMessage meResult = await sender.GetAsync("https://graph.microsoft.com/v1.0/users/<email adress>/photo/$value");
    string context =await  meResult.Content.ReadAsStringAsync();
    Console.WriteLine("WAAA");

Basically the problem is that I can aquire a token before creating the HTTP client, but when I would like to use it to get the user photo the response is 401 :( With the message: 401 - Unauthorized: Access is denied due to invalid credentials The Azure application has these permissions granted to them.

Can anybody spot what am I missing?

CodePudding user response：

Which permission do you have on your Azure portal? I guess you have now Delegated permission only.

You should have User.Read.All Application permission and afterwords need to add Grant admin consent. It should be like below:

You can get details here in our

Once you set the permission you can get below output:

Output:

Postman Test Result:

Azure profile Pciture:

Note: Your context required Application permission but seems you have Delegated Permission only.

Hope that would help.