Connecting Excel to a WebAPI in Azure

Question

I have a backend in Azure (.NET 7 Api App) secured by Azure AD and organizational accounts. To access this backend with a, say, web application is fairly straight forward and I understand that flow.

But how do I access the API from Excel ("Import Data from Web")?

I have added the challenge to the JWT bearer in the application (options.Challenge=$"Bearer authorization_uri=\"https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/v2.0/authorize\"";)

I enter the URL to the API in Excel and then select "Organizational account" in the next step. When I try to log in to my account in that step, Excel queries my API and accepts the challenge, but then I get the dreadful AADSTS500011 message

invalid_resource: AADSTS500011: The resource principal named https://... was not found in the tenant named (Directory ID).

I guess this is a matter of how I configure my "App registration" in Azure AD, but I can't figure out how...

Answer 1

The error "invalid_resource: AADSTS500011: The resource principal named https://... was not found in the tenant named (Directory ID)." usually occurs if the Application ID is not been added as a verified ID in the Azure AD Application.

I tried to reproduce the same in my environment and got the results like below:

I created an Azure Web App and registered an Azure AD Application.

To resolve the error, Configure the Azure AD Application like below:

Grant the admin consent for user.read API permission:

Expose an API and add a scope like below:

Now add an Authorized Client Application (ID of MS Office) like below:

After making the above changes I am able to connect to Excel using web app successfully like below:

If still the issue persists, grant O365 API permissions like below:

Reference:

Connecting Excel to OAuth API on Azure by ARN