Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
syedaliammar
Frequent Visitor

403 Forbidden error when creating Dataset using REST API

‎08-23-2016 04:50 AM

Hi,

I have an ASP.NET web app that would push data to a PowerBI real-time dashboard. Following the steps of "Push data into dashboard", I registered my web-app and got a client id and secret.

The following code gets me the token:

AuthenticationContext authContext = new AuthenticationContext(authorityUri);
ClientCredential cc = new ClientCredential(clientID, clientSecret);
Task<AuthenticationResult> task = authContext.AcquireTokenAsync(resourceUri, cc);
AuthenticationResult ar = task.Result;
string token = ar.AccessToken;

I use this since I do not want an interactive logon. The web-app will just keep pushing data to the dashboard every time it has something new. The token is successfully received and is then used to create a dataset.

 

The server responds with a 403 Forbidden error message. The only reason that comes to my mind is that it might be because I have two Active Directories. My web-app is in AAD 1 (the corporate AAD) while the dev.powerbi.com/apps page registers the application to AAD 2.

I unfortunately do not have access to add applications to AAD1 and hence must wait for the admin to respond.

 

My question: Have I correctly identified the root cause of the problem or is it something else that I might have completely left out?

Labels:
Message 1 of 3
1,225 Views
0
2 REPLIES 2
Eric_Zhang
Employee
Employee

‎08-24-2016 02:14 AM

@syedaliammar

 

@syedaliammar wrote:

Hi,

I have an ASP.NET web app that would push data to a PowerBI real-time dashboard. Following the steps of "Push data into dashboard", I registered my web-app and got a client id and secret.

The following code gets me the token:

AuthenticationContext authContext = new AuthenticationContext(authorityUri);
ClientCredential cc = new ClientCredential(clientID, clientSecret);
Task<AuthenticationResult> task = authContext.AcquireTokenAsync(resourceUri, cc);
AuthenticationResult ar = task.Result;
string token = ar.AccessToken;

I use this since I do not want an interactive logon. The web-app will just keep pushing data to the dashboard every time it has something new. The token is successfully received and is then used to create a dataset.

 

The server responds with a 403 Forbidden error message. The only reason that comes to my mind is that it might be because I have two Active Directories. My web-app is in AAD 1 (the corporate AAD) while the dev.powerbi.com/apps page registers the application to AAD 2.

I unfortunately do not have access to add applications to AAD1 and hence must wait for the admin to respond.

 

My question: Have I correctly identified the root cause of the problem or is it something else that I might have completely left out?

@syedaliammar

 

I got confused by the bold part, isn't the web-app regisitered  on the dev.powerbi.com/apps? if the same thing, how come two AAD invloved in this case?

Message 2 of 3
1,194 Views
0
syedaliammar
Frequent Visitor
In response to Eric_Zhang

‎08-24-2016 08:24 AM

@Eric_Zhang Honestly, I am also a bit confused here. Let me try to provide you further details that might help you identify the problem.

I have a corporate Azure account (ending with "...onmicrosoft.com") that I use for PowerBI as well as the Azure Portal. The portal shows me two directories when I login, AD1 and AD2.

 

All work is done in the company's globally managed Azure AD1 and this is where the web-app also exists. Following the steps, I then added this web-app to the Azure AD by going to https://dev.powerbi.com/apps, logging in with my onmicrosoft.com account, filling the details in and clicking on the "Register App" button.

 

However, this registers the web-app in AD2. My concerns here:

  1. Is it because AD1 is managed by global admins and I don't have permissions to add apps to it?
  2. I can see it listed in the list of applications under AD2. How did it choose AD2 and not AD1 when I clicked the Register App button?

Moving on, I attempted to create the dataset using the snippet provided here with the token received and failed by getting the 403 Forbidden error response.

 

If I Create a dataset using Apiary, it is created without any problems which is again confusing to me. Do I need to authenticate the web-app first and then use the following?

AuthenticationResult AR = AC.AcquireTokenByAuthorizationCode(code, new Uri(redirectUri), cc);

I'd really appreciate any help you could provide. 

Message 3 of 3
1,186 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All