How can I use my Azure AD app from another tenant?
I am developing a native app that has to display the Office 365 groups the user is a member of. For this, I call the Microsoft Graph API which requires authentication. I'm using the ADAL library.
The permissions needed require admin consent. Everything works fine for users from my tenant, but when I try to authenticate with an account of another tenant it doesn't work. It keeps giving this result:
Correlation ID: 9780ed24-9d24-4604-b8bf-28a02c2ea580
Timestamp: 2017-04-14 12:05:45Z
AADSTS70001: Application with identifier 'xxxxxxxx-xxx-xxx-xxxx-xxxxxxxxxxxx' was not found in the directory XXXXXXX.onmicrosoft.com
even if I use an admin account on first connection. I am never asked for consent and the app is not registered on the other tenant.
The app is registered as Native so it should be multi-tenant and I pass "/common" as the tenant in the authority.
I also tried to register an app with the same specifications on the other tenant, gave admin consent on the permissions and it worked as well.
Here is how I retrieve the access token:
private static string GetAccessToken()
{
AuthenticationContext authContext = new AuthenticationContext(authority);
AuthenticationResult authResult = authContext.AcquireToken(graphResource, clientID, redirectURI, PromptBehavior.RefreshSession);
var accessToken = authResult.AccessToken;
return accessToken;
}
Is it a problem within the code? The parameters? Do the other tenants need some 'special azure subscription' I'm not aware of?
In short: How do I get it to work for other tenants?
Edit: I tried to manually add the "prompt=admin_consent" to the request, like this:
AuthenticationResult authResult = authContext.AcquireToken(graphResource, clientID, redirectURI,PromptBehavior.RefreshSession, UserIdentifier.Any, "prompt=admin_consent");
But it triggers an error saying that there is a "Duplicate query parameter 'prompt' in extraQueryParameters"
This is a known issue in the new Azure portal when registering native client applications.
These are currently (as of 2017-04-14) being created as single-tenant applications. Since the Azure portal doesn't expose the "multi-tenant" toggle for native client applications, you need to update the app manifest or use Azure AD PowerShell to do this.
Making an app multi-tenant from the manifest
In the Azure portal, from the settings blade for your native client application, click the Manifest option.
Update the
availableToOtherTenantsvalue totrue.
Save the manifest.
Making an app multi-tenant with Azure AD PowerShell
- Download the Azure AD PowerShell v2 module (AzureAD): https://learn.microsoft.com/en-us/powershell/azure/install-adv2?view=azureadps-2.0
Run the following:
$appId = "<app ID>" $app = Get-AzureADApplication -Filter "appId eq '$appId'" Set-AzureADApplicatoin -ObjectId $app.ObjectId -AvailableToOtherTenants $true
That should patch it up. Wait a bit, then try again.
- Possible to Compile ASP.NET to Machine Code?
- Run a C# Program without having .NET Framework
- Differences Between .NET vs .NET Core vs .NET Standard vs .NET Framework and Resolving The Confusion
- Resource Compiler question (initially posed as "UAC together with Subst don't work well together")
- Does NGEN'ing a .NET application help protect it from reverse engineering? If not when would I use it?
- MS C# compiler and non-optimized code
- Fire comboBox SelectedIndexChanged only from user click
- Upgrading my Azure function to .net8 fails with the error Could not load file or assembly 'System.Linq, Version=8.0.0.0
- How to authenticate and consume Sonarcloud API with .NET
- Why and how does C# allow accessing private variables outside the class itself when it's within the same containing class?
- Using f suffix for numeric literals
- ONNX model is not returning predictions in C#
- How to convert string to code in vb.net and to view static or public variables of main project
- How can I draw multi-colored text using graphics class on panel?
- Updating WPF list when item changes
- WPF ScrollViewer horizontal scrolling with buttons
- How to align datagrid elements to the right in MudBlazor
- Local development with Azure SignalR Service and Azure Functions
- How can I get a StackPanel-like layout in WinForms
- JsonConverter. VS.net does not allow implementation of abstract class / NewtonsoftJson
- Making C# Class Library COM-Visible in Visual Studio 2022
- Detecting and casting Linq expressions accordingly
- Textbox padding
- System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred
- Azure Pipeline - How to execute .exe file via cmd
- ASP.Net Core Background Service with Task Queue, does it need a Task.Delay?
- How to implement a singleton in C#?
- TargetedPatchingOptOut: "Performance critical to inline across NGen image boundaries"?
- Is this valid C# code?
- Type checking fun with function interfaces parameters in VB.Net