DEVHIDE
Login Or Sign up

Implement flow to allow Power BI to authenticate into my .NET 6 WebAPI

283 Views Asked by At

I have implemented a Web API with .NET 6, hosted in an Azure App Service, with an Enterprise App and App Registration setup to allow users in the org to authenticate to it.

My React front-end authenticates nicely to the Web API and everything works. But now the users would like to use Power BI to call some of the same API methods, which I gotta say I thought wasn't going to be a problem!

I previously had my Program.cs setup its authentication like so:

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));

With that in place, when the user tries to sign in to the API as an Organizational Account, they get the error

We were unable to connect because this credential type isn't supported for this resource. Please choose another credential type.

I've seen mention that the problem could be that the unauthenticated API doesn't respond with a Bearer authorization_uri value, so I tried to add one.

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(options =>
{
    builder.Configuration.Bind("AzureAd", options);

    options.Events = new JwtBearerEvents
    {

        OnChallenge = async context =>
        {
            context.HttpContext.Response.StatusCode = 401;
            context.HttpContext.Response.Headers.Add("WWW-Authenticate", $"Bearer authorization_uri=\"https://login.microsoftonline.com/{TENANT_ID}/oauth2/authorize?client_id={APP_ID}\"");
        }
    };
},
    options => { builder.Configuration.Bind("AzureAd", options); }
);

This is slightly promising; in Power BI when trying to sign in I now get the error:

invalid_resource: AADSTS500011: The resource principal named https://{WEBAPI_URL}.azurewebsites.net was not found in the tenant named {TENANT NAME}. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

This is of course incorrect, the app service exists and has been installed by the admins!
We've played with all the settings in the Azure Portal to no avail.
Something must be missing.

.net powerbi adal
Original Q&A
0

There are 0 best solutions below

Related Questions in .NET

Related Questions in POWERBI

Related Questions in ADAL

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.