Skip to main content

Azure Active Directory GraphClient AuthorizationException


Error : Microsoft.Azure.ActiveDirectory.GraphClient.AuthorizationException Insufficient privileges to complete the operation

Solution:

Under Configure
under Permissions to other applications

Add application - Windows Azure Active Directory
Give the following permissions

Read directory data
Sign in and read user profile


Stack Trace : 

Microsoft.Azure.ActiveDirectory.GraphClient.AuthorizationException was unhandled by user code
  HResult=-2146233088
  Message=Insufficient privileges to complete the operation.
  Source=Microsoft.Azure.ActiveDirectory.GraphClient
  Code=Authorization_RequestDenied
  ErrorMessage=Insufficient privileges to complete the operation.
  ResponseUri=https://graph.windows.net//users/?api-version=2013-11-08
  StackTrace:
       at Microsoft.Azure.ActiveDirectory.GraphClient.ConnectionWrapper.InvokeNetworkOperation[T](Func`1 action)
       at Microsoft.Azure.ActiveDirectory.GraphClient.ConnectionWrapper.DownloadData(String address, WebHeaderCollection additionalHeaders)
       at Microsoft.Azure.ActiveDirectory.GraphClient.ConnectionWrapper.DownloadData(Uri address, WebHeaderCollection additionalHeaders)
       at Microsoft.Azure.ActiveDirectory.GraphClient.GraphConnection.GetCore(Type objectType, String objectId, FilterGenerator filterGenerator, Uri& requestUri)
       at Microsoft.Azure.ActiveDirectory.GraphClient.GraphConnection.Get(Type objectType, String objectId, LinkProperty expandProperty)
       at Microsoft.Azure.ActiveDirectory.GraphClient.GraphConnection.Get(Type objectType, String objectId)
       at Microsoft.Azure.ActiveDirectory.GraphClient.GraphConnection.Get[T](String objectId)
       at Readify.Sudo.Web.Infrastructure.Identity.GraphClaimsAuthenticationManager.Authenticate(String resourceName, ClaimsPrincipal incomingPrincipal) in
       at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)
       at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
  InnerException:


Comments

Popular posts from this blog

SharePoint 2013 workflow : The server was unable to process the request

Here, I received another SharePoint 2013 workflow error.
This time the workflow was not able to send emails and the following error was being shown

Retrying last request. Next attempt scheduled in less than one minute. Details of last request: HTTP Unauthorized to http://sitename/_vti_bin/client.svc/web/lists/getbyid(guid'guid') Correlation Id: id Instance Id: id

Fortunately I came across this post which gave me the answer
http://sharepoint.stackexchange.com/questions/89101/failed-to-retrieve-the-com-class-factory-for-component-with-clsid-sp-sprequest

Solution 1:
In InetMgr, go to advanced settings for Security Token Service Application Pool and change "Load User Profile" to true. Recycle application pool.

Reason 2 and Solution 2 : There could be another reason for this error. The workflow authentication can fail if the user executing the workflow (this will be the user initiating the workflow) is given permission through active directory group and the container for t…

OWA not working after security update

Office web apps for SharePoint 2013 not working after security updates / server patching.

After installation of the following security patches, OWA stopped working there by causing issues with SharePoint 2013.

Details of ULS logs are provided below.

FarmStateReplicator.exe (0x0CD8)
Office Web Apps
Farm State

Error when trying to connect to Farm State Manager service: System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at http:///farmstatemanager/FarmStateManager.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.ServicePoint.ConnectSocketInternal(Boolean con…

Sharepoint 2013 Workflow - something went wrong

When I try to run a worflow created using SharePoint 2013 designer, I get the following error:

"Something went wrong. To try again, reload the page and then start the workflow."





Resolution:

Restart these services:

Service Bus GatewayService Bus Message Broker

Edit the workflow in designer and republish.


ULS logs for reference:

Request ManagementHighReached maximum number of failed machines based on ping results for this routing groupRequest ManagementMediumMapping URI from 'http://siteCollection:80/_vti_bin/client.svc/ProcessQuery' to 'http://<SPAppServer>_vti_bin/client.svc/ProcessQuery'Logging Correlation DataMediumName=Request (POST:http://siteCollection/_vti_bin/client.svc/ProcessQuery)Authentication AuthorizationMediumNon-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|<userLoginName>, ClaimsCount=25CSOMMediumBegin CSOM Request ManagedThreadId=103, NativeThreadId=11660Logging Correlation DataMediumSite=/MicrofeedsHighserviceHost_Req…