Suddenly I got an error when getting a token to access SharePoint from the azure ad.
private async Task<string> AcquireTokenAsync(Uri resourceUri, string username, string password)
{
string resource = $"{resourceUri.Scheme}://{resourceUri.DnsSafeHost}";
var clientId = defaultAADAppId;
var body = $"resource={resource}&client_id={clientId}&grant_type=password&username={HttpUtility.UrlEncode(username)}&password={HttpUtility.UrlEncode(password)}";
using (var stringContent = new StringContent(body, Encoding.UTF8, "application/x-www-form-urlencoded"))
{
var result = await httpClient.PostAsync(tokenEndpoint, stringContent).ContinueWith((response) =>
{
return response.Result.Content.ReadAsStringAsync().Result;
}).ConfigureAwait(false);
var tokenResult = JsonSerializer.Deserialize<JsonElement>(result);
var token = tokenResult.GetProperty("access_token").GetString();
return token;
}
}
ValueKind = Object : "{"error":"interaction_required","error_description":"AADSTS530031: Access policy does not allow token issuance.\r\nTrace ID: 823cd416-a194-41b9-a7f7-3b00c33aca00\r\nCorrelation ID: 4c304826-338b-46d7-986c-f7cc5d78820a\r\nTimestamp: 2022-03-10 11:50:20Z","error_codes":[530031],"timestamp":"2022-03-10 11:50:20Z","trace_id":"823cd416-a194-41b9-a7f7-3b00c33aca00","correlation_id":"4c304826-338b-46d7-986c-f7cc5d78820a","error_uri":"https://login.microsoftonline.com/error?code=530031","suberror":"message_only"}"
This is the token result I got. This was working perfectly.Can someone help me to figure this out?
CodePudding user response:
As you said it worked perfectly earlier,It looks like , the access maybe blocked by conditional access set to sharepoint. According to Troubleshooting sign-in problems with Conditional Access - Azure Active Directory | Microsoft Docs, an admin might have set Conditional Access policies . Try to contact admin in your Microsoft 365 tenant to confirm what is the criteria you have not met to access and adjust the condition accordingly to avoid from being blocked.
Please review the CA policies . If admin has set Azure AD tenant to block access from untrusted sites or untrusted devices.It may be due to different location or device you are signed into as it might have been registered from different location initially.If not these , check for other conditions.
References:
- c# - Token access blocked when posting request from published Azure function - Stack Overflow
- access-token-request-with-a-certificate
CodePudding user response:
As error message says, one or more conditional access policy is not satisfied for the user in question. If you have Security Reader role in Azure AD, you can look at the sign-in activities for the user. Go to Conditional Access Policy tab and see which policies are blocking. You can click on the policy to see the details- condition(s) not satisfied.
If you don't have the privilege to read sign-in info, you will have to contact Azure AD admin which can look up the info for you.