'One or more errors occurred. (ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for details. )

I invited some users to use my Web API.

The invitation mails were sent successfully and the users are shown in the users list in Azure AD.

When users try to login to my Web API they receive the following error:

One or more errors occurred. (ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for details. )

The code below sends the invitations

[EnableCors("CorsPolicy")]
[HttpPost, Route("invite")]
[AllowAnonymous]
[ProducesResponseType(200)]
[ProducesResponseType(400)]
[Produces("application/json")]
public ActionResult SendInvitation(UserModel user)
{
    try
    {
        string clientId = Configuration["AzureAd:ClientId"];
        string tenantID = Configuration["AzureAd:TenantId"];
        string authority = Configuration["AzureAd:Authority"];

        IPublicClientApplication app = PublicClientApplicationBuilder
            .Create(clientId)
            .WithTenantId(tenantID)
            .WithAuthority(authority)
            .Build();

        string[] scopes = new string[] { "User.Invite.All" }; 

        // Build the Microsoft Graph client. As the authentication provider, set an async lambda
        // which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
        // and inserts this access token in the Authorization header of each API request. 
        GraphServiceClient graphServiceClient =
            new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
            {

                var securePassword = new SecureString();
                foreach (char c in user.Password.ToCharArray()) // you should fetch the password
                    securePassword.AppendChar(c);               // keystroke by keystroke

                // Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
                var authResult = await app
                        .AcquireTokenByUsernamePassword(scopes, user.UserName, securePassword).ExecuteAsync();

                // Add the access token in the Authorization header of the API request.
                requestMessage.Headers.Authorization =
                        new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
            })
            );

        var invitation = new Invitation
        {
            InvitedUserEmailAddress = "[email protected]",
            InviteRedirectUrl = "https://webapi.azurewebsites.net",
            SendInvitationMessage = true
        };

        graphServiceClient.Invitations
            .Request()
            .AddAsync(invitation);
        return Ok("Invitation sent.");
    }
    catch (Exception ex)
    {
        return BadRequest(ex.Message);
    }
}
c++sharpazure-active-directorymicrosoft-graph-api


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions