Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Anonymous
Not applicable

Obtain Access Token C# App Owns Data Error

Hello,

 

I have a web application that uses a .NET API backend and am trying to connect to PowerBI Premium to obtain the token, but every time I do I get the same error.

 

AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.

 

What I am essentially wanting to do is hit my .NET API Controller, and pass in a selected PBIX file, and then use the Power Bi SDK to upload and publish the file to the Power Bi Premium App Workspace.  Then, after this part is finished, I will then be building out another section of my application where the users can go to view these power bi reports.  In my application the App Owns the data, and I have bought the license and set up the user properly.  I have also set up the App Workspace and set that to be Premium workspace.  

I have also registered my app at https://dev.powerbi.com/apps as a Serve-side web app.  The redirect URL I was confused about as I dont need it to redirect my app anywhere, as the user should not be entering credentials, but it says to just use any valid url, so I put the homepage of my app.  I then gave it all permissions and got the ClientId and Secret.

Then I tried to use the same 3 or 4 lines of code that I see as exmaples in almost every site.  It is a little confusing because I dont see a place to enter the Client Secret that I just obtained in registering my app, so I am not sure if that is just for viewing the reports in the app, or this too, but here are the lines of code I used that give me that error I posted above....

// Create a user password cradentials.
var credential = new UserCredential(Username, Password);

// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential);
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");

 

These are the URLs I am using in the above code....

<add key="authorityUrl" value="https://login.windows.net/common/oauth2/authorize" />
<add key="resourceUrl" value="https://analysis.windows.net/powerbi/api" />

 

Once I have the token, I plan to use the PowerBI SDK to upload the report like this....

var client = new Microsoft.PowerBI.Api.V2.PowerBIClient(credentials, handler);
client.Imports.PostImportWithFileInGroup(GroupId, file1Stream, "importedreport", "Abort");

 

If anyone can help me understand what I am doing wrong, I would be very thankful. I am on a time crunch to get this done, and am at a point where I am not sure how to proceed.  Thanks.

1 ACCEPTED SOLUTION
Eric_Zhang
Employee
Employee

@Anonymous

For App Owns data scenario, register a Native application instead. Then everything shall work.

View solution in original post

4 REPLIES 4
Eric_Zhang
Employee
Employee

@Anonymous

For App Owns data scenario, register a Native application instead. Then everything shall work.

Anonymous
Not applicable

To me that does not make sense. My app is not a Native Client.  It is a web app with a .NET API.  So I guess this leaves me with one question.  I was able to find some code that did actually work and give me the token.  I will paste that below.  However, what would you sugges is the better approach?  To re-register it as a Native Client, or use the code I am using currently.

 

PS I now have the token, but every time I try to use it to read reports or anything, it gives me a 403 Forbidden Errror.  Could this have anythihng to do with the app not being registerd as a Native Client?

 

Thanks,

Steven 

 

// setup app info for AuthenticationContext
var clientCredential = new ClientCredential(ClientId, ClientKey);
// create auth context (note: no token cache leveraged)
AuthenticationContext authContext = new AuthenticationContext(AuthorityUrl);
// get access token for Power BI
token = authContext.AcquireToken(ResourceUrl, clientCredential).AccessToken;


var tokenCredentials = new TokenCredentials(token, "Bearer");

Anonymous
Not applicable

The reason I was getting the 403 Forbidden was because I was actually getting a token, but it was the wrong token.  I was getting it the wrong way.  Once I switched to doing it like below, with the app registered as a Native Client, all worked great.

 

// Create a user password cradentials.
var credential = new UserCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId2, credential);
token = authenticationResult.AccessToken;
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");

 

Thanks for all your help.


Stizz001

I should have PAID ATTENTION to 'register a Native AAD app' everything works well after I did that (after setting the app permissions on Azure Portal).

 

But note to Power BI Team - IMHO, that's a bit confusing. 'Native' as we defined it, are those running on Android, iOS, ...  My C# code running on a backend service, I don't call it 'Native'

 

Anyway.

 

For those still struggling, pulling their hairs out (if you still have some, save them)...

 

To get that Embed Token - this piece of code works for me now

 

 

var embedToken = "";
var ClientId = "your-client-id-here-generated-when-after-you-registered-a-native-app";
var credential = new UserPasswordCredential("AADUserNameHere", "ADDUserPasswordHere");

var groupId = "Your-App-Workspace-GroupId-Here";
var reportId = "Your-ReportId-Here";

// Authenticate using created credentials
var authenticationContext = new AuthenticationContext("https://login.windows.net/common/oauth2/authorize/");
var authenticationResult = authenticationContext.AcquireTokenAsync("https://analysis.windows.net/powerbi/api", ClientId, credential).Result;

if (authenticationResult != null)
{
    var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");

    // Create a Power BI Client object. It will be used to call Power BI APIs.
    using (var client = new PowerBIClient(new Uri("https://api.powerbi.com/"), tokenCredentials))
    {
        // Generate Embed Token.
        var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
        var tokenResponse = client.Reports.GenerateTokenInGroup(groupId, reportId, generateTokenRequestParameters);

        if (tokenResponse == null)
        {
            throw new Exception("No token response");
        }

        embedToken = tokenResponse.Token;
    }
}

 

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.