0

I have been trying to get the members of a specific securitygroup from Azure AD with the following code from Graph api

var members = await graphClient.Groups["{group-id}"].Members
    .Request()
    .GetAsync();

I followed the following link which says to give the following permission to the registered app link: https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=csharp and the permission for the application has been granted by the Admin;

But I keep getting the following error

ServiceException: Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation

Milad Ild
  • 23
  • 5
  • Please edit your question and include code for creating graph client. Are you getting the token for the user or the application? – Gaurav Mantri Sep 27 '21 at 03:41

2 Answers2

0

I Using a client secret to create graphClient. And I grant permission like below, it works for me. You also can use other provider to do that.

enter image description here

My test code

    public async Task<JsonResult> test()
    {
        // Values from app registration
        var clientId = "fb2****-29ee-****-ab90-********0c7e1";
        var clientSecret = "w7N*******........***yO8ig";

        var scopes = new[] { "https://graph.microsoft.com/.default" };

        // Multi-tenant apps can use "common",
        // single-tenant apps must use the tenant ID from the Azure portal
        var tenantId = "e4c9ab4e-****-40d5-****-230****57fb";

        var options = new TokenCredentialOptions
        {
            AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
        };

        // https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
        var clientSecretCredential = new ClientSecretCredential(
            tenantId, clientId, clientSecret, options);

        var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

        try
        {
            var members = await graphClient.Groups["13ad4665-****-43e9-9b0f-ca****eb"].Members.Request().GetAsync();
            return Json(members);
        }
        catch (Exception e)
        {
            return Json("");
            throw;
        }
    }

My test result

enter image description here

Jason Pan
  • 15,263
  • 1
  • 14
  • 29
0

1st step : you will have to register an AD app and give permission on graph to read users and groups, please check this stackoverflow answer

Sarang Kulkarni
  • 367
  • 2
  • 6
  • Link only answers are generally discouraged. If you think that the question has been answered here before, you can always mark the question as a duplicate. Thanks. – Gaurav Mantri Sep 27 '21 at 15:14