Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!
Hello,
I have a web application that uses a .NET API backend and am trying to connect to PowerBI Premium to obtain the token, but every time I do I get the same error.
AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.
What I am essentially wanting to do is hit my .NET API Controller, and pass in a selected PBIX file, and then use the Power Bi SDK to upload and publish the file to the Power Bi Premium App Workspace. Then, after this part is finished, I will then be building out another section of my application where the users can go to view these power bi reports. In my application the App Owns the data, and I have bought the license and set up the user properly. I have also set up the App Workspace and set that to be Premium workspace.
I have also registered my app at https://dev.powerbi.com/apps as a Serve-side web app. The redirect URL I was confused about as I dont need it to redirect my app anywhere, as the user should not be entering credentials, but it says to just use any valid url, so I put the homepage of my app. I then gave it all permissions and got the ClientId and Secret.
Then I tried to use the same 3 or 4 lines of code that I see as exmaples in almost every site. It is a little confusing because I dont see a place to enter the Client Secret that I just obtained in registering my app, so I am not sure if that is just for viewing the reports in the app, or this too, but here are the lines of code I used that give me that error I posted above....
// Create a user password cradentials.
var credential = new UserCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential);
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
These are the URLs I am using in the above code....
<add key="authorityUrl" value="https://login.windows.net/common/oauth2/authorize" />
<add key="resourceUrl" value="https://analysis.windows.net/powerbi/api" />
Once I have the token, I plan to use the PowerBI SDK to upload the report like this....
var client = new Microsoft.PowerBI.Api.V2.PowerBIClient(credentials, handler);
client.Imports.PostImportWithFileInGroup(GroupId, file1Stream, "importedreport", "Abort");
If anyone can help me understand what I am doing wrong, I would be very thankful. I am on a time crunch to get this done, and am at a point where I am not sure how to proceed. Thanks.
Solved! Go to Solution.
@Anonymous
For App Owns data scenario, register a Native application instead. Then everything shall work.
@Anonymous
For App Owns data scenario, register a Native application instead. Then everything shall work.
To me that does not make sense. My app is not a Native Client. It is a web app with a .NET API. So I guess this leaves me with one question. I was able to find some code that did actually work and give me the token. I will paste that below. However, what would you sugges is the better approach? To re-register it as a Native Client, or use the code I am using currently.
PS I now have the token, but every time I try to use it to read reports or anything, it gives me a 403 Forbidden Errror. Could this have anythihng to do with the app not being registerd as a Native Client?
Thanks,
Steven
// setup app info for AuthenticationContext
var clientCredential = new ClientCredential(ClientId, ClientKey);
// create auth context (note: no token cache leveraged)
AuthenticationContext authContext = new AuthenticationContext(AuthorityUrl);
// get access token for Power BI
token = authContext.AcquireToken(ResourceUrl, clientCredential).AccessToken;
var tokenCredentials = new TokenCredentials(token, "Bearer");
The reason I was getting the 403 Forbidden was because I was actually getting a token, but it was the wrong token. I was getting it the wrong way. Once I switched to doing it like below, with the app registered as a Native Client, all worked great.
// Create a user password cradentials.
var credential = new UserCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId2, credential);
token = authenticationResult.AccessToken;
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
Thanks for all your help.
Stizz001
I should have PAID ATTENTION to 'register a Native AAD app' everything works well after I did that (after setting the app permissions on Azure Portal).
But note to Power BI Team - IMHO, that's a bit confusing. 'Native' as we defined it, are those running on Android, iOS, ... My C# code running on a backend service, I don't call it 'Native'
Anyway.
For those still struggling, pulling their hairs out (if you still have some, save them)...
To get that Embed Token - this piece of code works for me now
var embedToken = ""; var ClientId = "your-client-id-here-generated-when-after-you-registered-a-native-app"; var credential = new UserPasswordCredential("AADUserNameHere", "ADDUserPasswordHere"); var groupId = "Your-App-Workspace-GroupId-Here"; var reportId = "Your-ReportId-Here"; // Authenticate using created credentials var authenticationContext = new AuthenticationContext("https://login.windows.net/common/oauth2/authorize/"); var authenticationResult = authenticationContext.AcquireTokenAsync("https://analysis.windows.net/powerbi/api", ClientId, credential).Result; if (authenticationResult != null) { var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer"); // Create a Power BI Client object. It will be used to call Power BI APIs. using (var client = new PowerBIClient(new Uri("https://api.powerbi.com/"), tokenCredentials)) { // Generate Embed Token. var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view"); var tokenResponse = client.Reports.GenerateTokenInGroup(groupId, reportId, generateTokenRequestParameters); if (tokenResponse == null) { throw new Exception("No token response"); } embedToken = tokenResponse.Token; } }
User | Count |
---|---|
14 | |
2 | |
1 | |
1 | |
1 |
User | Count |
---|---|
16 | |
11 | |
5 | |
4 | |
3 |