Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi all,
We're investigating the user of Power BI embedded for our SaaS app. In our scenario, we own the data and our end users would be utilizing the reports as non-power-bi users.
I've been struggling for a few days now to craft a working sample. Some samples I've found are no longer working or are for the old power bi azure implementation that's led to dead ends; however, I've gotten to the point where I'm very close to simply embedding a report in our Power BI setup.
Below is a simple console app I've come up with, many parts are from various documentation articles. The token is obtained fine, but when the request is submitted, I recieve HttpOperationException: Operation returned an invalid status code 'Forbidden'
private static string clientId = "----"; private static string secretKey = "----"; private static string groupId = "----"; static void Main(string[] args) { string resourceUri = "https://analysis.windows.net/powerbi/api"; string authorityUri = "https://login.windows.net/common/oauth2/authorize"; ClientCredential credential = new ClientCredential(clientId, secretKey); AuthenticationContext authContext = new AuthenticationContext(authorityUri); string token = authContext.AcquireTokenAsync(resourceUri, credential).Result.AccessToken; var tokenCredentials = new TokenCredentials(token, "Bearer"); using (var client = new PowerBIClient(new Uri("https://api.powerbi.com/"), tokenCredentials)) { var reports = client.Reports.GetReportsInGroupWithHttpMessagesAsync(groupId); var faulted = reports.IsFaulted; // Here's where the exception is thrown var report = reports.Result.Body.Value; } }
Any ideas why?
Here's what we've validated/tried:
Thank you in advance!
Solved! Go to Solution.
You are mixing the directions for user versus app authentication. If you plan on the users not having accounts you don't need to pass in or use a clientID and SecretKey. Here is a code example. You will just need a username, password and clientID to login. If you want to opena report and/or dashboard you also need a workspace guid. Let me know if you have any questions.
var credential = new UserPasswordCredential(Username, Password); // Authenticate using created credentials var authenticationContext = new AuthenticationContext(AuthorityUrl); var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential); if (authenticationResult == null) { return View(new EmbedConfig() { ErrorMessage = "Authentication Failed." }); } var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer"); // Create a Power BI Client object. It will be used to call Power BI APIs. using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials)) { // Get a list of reports. var reports = await client.Reports.GetReportsInGroupAsync(GroupId); // Get the first report in the group. var report = reports.Value.FirstOrDefault();
You are mixing the directions for user versus app authentication. If you plan on the users not having accounts you don't need to pass in or use a clientID and SecretKey. Here is a code example. You will just need a username, password and clientID to login. If you want to opena report and/or dashboard you also need a workspace guid. Let me know if you have any questions.
var credential = new UserPasswordCredential(Username, Password); // Authenticate using created credentials var authenticationContext = new AuthenticationContext(AuthorityUrl); var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential); if (authenticationResult == null) { return View(new EmbedConfig() { ErrorMessage = "Authentication Failed." }); } var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer"); // Create a Power BI Client object. It will be used to call Power BI APIs. using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials)) { // Get a list of reports. var reports = await client.Reports.GetReportsInGroupAsync(GroupId); // Get the first report in the group. var report = reports.Value.FirstOrDefault();
Everything works fine when authenticating using user + pass but when I'm trying the auth using client secret I get the "unauthorized" message. Hints?
Thx,
Paul
@jamesyoung I tried your snippet below and getting this exception:
AdalException: {"error":"invalid_client","error_description":"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\r\nTrace ID: 030b56e4-a488-406d-becc-742e836c1800\r\nCorrelation ID: fb6c997d-5324-4255-ab36-53743bd29c95\r\nTimestamp: 2017-11-13 03:59:19Z","error_codes":[70002],"timestamp":"2017-11-13 03:59:19Z","trace_id":"030b56e4-a488-406d-becc-742e836c1800","correlation_id":"fb6c997d-5324-4255-ab36-53743bd29c95"}: Unknown error
Here's what I tried:
static async void GetEmbedToken() {
// took out actual values for these
var aadUserEmail="";
var aadPassword = "";
var groupId = "";
var clientId = "";
var credential = new UserPasswordCredential(aadUserEmail, aadPassword); // Authenticate using created credentials var authenticationContext = new AuthenticationContext("https://login.windows.net/common/oauth2/authorize/"); var authenticationResult = await authenticationContext.AcquireTokenAsync("https://analysis.windows.net/powerbi/api", clientId, credential); if (authenticationResult != null) { var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer"); // Create a Power BI Client object. It will be used to call Power BI APIs. using (var client = new PowerBIClient(new Uri("https://api.powerbi.com/"), tokenCredentials)) { // Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(groupId); // Get the first report in the group. var report = reports.Value.FirstOrDefault(); } } }
Are you trying to use the App method or the User method to login? The user method just reuqires you have an account in Power BI and only allows users with Power BI accounts to access the report/dashboard. The APP login method allows you to share your reports/dashboards with users who do not have a Power BI account but requires setup in Azure.
Jim
Hi,
Even i am facing the same issue.
My setup is similar to @Junilo's setup.
I have registered my Web App in Azure and noted the ClientID and Client Secret.
I am not passing any user name and password so we are not using User Login authentication.
I have pro license trial in powerBI and I have access to many dashboards.
When we do App authentication, the app must have access to Dashboard or Workspace?
Regards,
Yasotha
Same for me if I try to run the App Owns Data sample
@Yaostha and everyone having same issue, I have fixed mine. The key is to register the Azure AD app as a "Native" app, not "Server-side..."
See my post here: http://community.powerbi.com/t5/Developer/Obtain-Access-Token-C-App-Owns-Data-Error/m-p/301881#M8884
Small update:
The token we obtain is correct. We've confirmed the token used at powerbi.com matches the token we obtain for use in the API example above while observing the requests.
Fiddler isn't of much help with the sample app from the first post, the raw request output is below:
HTTP/1.1 403 Forbidden Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff RequestId: 1bcbd00c-e552-46f6-9d8e-81acd7534710 Date: Thu, 07 Sep 2017 18:18:39 GMT
Any help is much appreciated.
Did you ever find a resolution for this? I am encountering the same issue. Please let me know.
Did you ever find a resolution for this? I am encountering the same issue. Please let me know.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
12 | |
2 | |
2 | |
1 | |
1 |