0

Im am working with a REST service deployed in an azure environment. I want to run some integration testing by calling various API functions from a separate (console) application. But the REST api uses bearer token authentication. Im a total noob with azure authentications, so i don't even know if it should be possible.

I've tried to use the example found here but no luck yet.

In anycase, I have two applications. One is the console app that is running the code, and the other is the Rest service for which i need to use the bearer token to access the API calls. I will call them the ConsoleApp and RestService.

The code I run is as following:

HttpClient client = new HttpClient();
string tenantId = "<Azure tenant id>";
string tokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/token";
string resourceUrl = "<RestService app id url>";
string clientId = "<azure id of the ConsoleApp>";
string userName = "derp@flerp.onmicrosoft.com";
string password = "somepassword";

string tokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/token";
var body = $"resource={resourceUrl}&client_id={clientId}&grant_type=password&username={userName}&password={password}";
var stringContent = new StringContent(body, Encoding.UTF8, "application/x-www-form-urlencoded");

var result=await client.PostAsync(tokenEndpoint, stringContent).ContinueWith<string>((response) =>
{
    return response.Result.Content.ReadAsStringAsync().Result;
});

JObject jobject = JObject.Parse(result);

The Json message I get back:

error: invalid_grant, error_description: AADSTS50105: The signed in user is not assigned to a role for the application "RestService azureid"

What does that mean, and how what needs to be done to get a bearer token out of this?

Community
  • 1
  • 1
martijn
  • 1,417
  • 1
  • 16
  • 26

1 Answers1

1

Please firstly check whether you enabled the User assignment required of console application :

In your azure ad blade ,click Enterprise applications ,search your app in All applications blade ,click Properties : enter image description here

If enabled that , and your account not assigned access role in your app , then you will get the error . Please try to assign access role in your app :

In your azure ad blade ,click Enterprise applications ,search your console app in All applications blade ,click Users and groups , click Add User button , select your account and assign role(edit user and ensure select role is not None Selected):

enter image description here

Please let me know whether it helps.

Nan Yu
  • 26,101
  • 9
  • 68
  • 148
  • The console app has the user assignment switched off, the service has it switched on. I'm gonna see if i can do something with this information – martijn May 09 '17 at 07:26
  • So I added the permission to the service and that managed to solve my issue. Thanks a lot! – martijn May 09 '17 at 08:20