It appears that some of the samples such as updating user, creating application, and etc in the code now are not working because of "Insufficient privileges to complete the operation."

Anyway, my question is that is there code sample to assign or unassign users to application?

Thanks

Should one use User.SetExtendedProperty? 1.2 had this?

Why this cast is not possible anymore?

and how I can do it?

I have no success in setting extended property whatever I do. I have isolated the reproducible piece of code:

      public async Task CleanTest(string extName)
      {
         ExtensionProperty ep = new ExtensionProperty
         {
            Name = extName,
            DataType = "String",
            TargetObjects = { "User" }
         };

         App app = (App)(await _client.Applications.Where(a => a.AppId == _managementAppClientId).ExecuteSingleAsync());
         app.ExtensionProperties.Add(ep);
         await app.UpdateAsync();

         GraphUser user = (GraphUser)(await _client.Users.Where(u => u.UserPrincipalName.Equals("email")).ExecuteSingleAsync());
         string propName = FormatExtensionPropertyName(extName); //formats properly as extesion_xxx_name
         user.SetExtendedProperty(propName, "testvalue");
         //user.SetExtendedProperty(extName, "testvalue");
         await user.UpdateAsync(); // fails here
      }

user.UpdateAsync() according to Fiddler doesn't even go out and application fails with an exception:

"The property 'extension_e206e28ff36244b19bc56c01160b9cf0_UserEEEqdbtgd3ixx2' does not exist on type 'Microsoft.Azure.ActiveDirectory.GraphClient.Internal.User'. Make sure to only use property names that are defined by the type."

I created an Azure account using my gmail address, so tenant is daxfohlgmail. But I'm not able to sign in using that address. Rather the sign-in screen validates my password and appears to sign me in but then takes me right back to the sign-in after all is done. If I manually close the sign-in screen, the GetTokenForUser just returns null and nothing works.

I manually created another admin user in the web portal. When I use this user to log in, everything works.

I should be able to log in as the original user too though, right? What am I doing wrong?

Currently the sample code creates an app with a symmetric key secret. If you try and use that app to acquire a token, that would fail. Only password and X509 certs are supported secrets.

This bit me for a little while so I feel it might help others as well...

It is tempting to this at Step-16 in the instructions "Why don't I just used the client app I just created?". After making various 'hacky' changes in the code, I realized that it won't work because two different OAuth flows are involved in the first (read access only) part of the sample and the subsequent (read-write / admin) access part. Hence creation of two different clients (one a web application and the other one a native app type) is important for the sample to work. This may be useful to mention in the prelude part and then, again, between Step-15 and Step-16. (To keep things simple, a "Note: This part of the sample requires the client app to be of type Native Client" or something like that might suffice.)

Hi
I am https://graphexplorer.azurewebsites.net/ and I have logged in with user having directory role as global administrator in my Azure AD b2c directory.

I have registered an app there and provide it Direcory reaad and write persmissions in Application permission section.Below is screenshot of permissions configured.
I am using https://graph.windows.net/me with api_version=1.6 to partially update the user
say

{
"displayName": "new display name"
}

But it returns with error

{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}

It is working with B2C console app i have downloaded from their repository and configured with my registered app settings.

What i am missing here ?

I am trying to create and list users in Azure AD, however I do not get any proper error messages, however if I turn on fiddler and debug the interaction with the webservice I get the following:

When listing users, it calls https://graph.windows.net/users()?$orderby=userPrincipalName&$top=4&api-version=1.5 which is redirected to https://graphregistry.cloudapp.net/GraphRegistry.svc/users()/?$orderby=userPrincipalName&$top=4&api-version=1.5

on the redirect it fails with the following HTML content:

HTTP/1.1 307 Temporary Redirect
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: https://graphregistry.cloudapp.net/GraphRegistry.svc/users()/?$orderby=userPrincipalName&$top=4&api-version=1.5
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Tue, 04 Nov 2014 10:07:45 GMT
Content-Length: 2149

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Service</title>
    <style>BODY { ...}</style>
  </head>
  <body>
    <div id="content">
      <p class="heading1">Service</p>
      <p xmlns="">There is no operation listening for <a href="https://rd00155d31f52e/GraphRegistry.svc/users()?$orderby=userPrincipalName&amp;$top=4&amp;api-version=1.5">https://rd00155d31f52e/GraphRegistry.svc/users()?$orderby=userPrincipalName&amp;$top=4&amp;api-version=1.5</a>, but there is an operation listening for <a href="https://graphregistry.cloudapp.net/GraphRegistry.svc/users()/?$orderby=userPrincipalName&amp;$top=4&amp;api-version=1.5">https://graphregistry.cloudapp.net/GraphRegistry.svc/users()/?$orderby=userPrincipalName&amp;$top=4&amp;api-version=1.5</a>, so you are being redirected there.</p>
    </div>
  </body>
</html>

and finally on cloudapp with this json:

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 661
Content-Type: application/octet-stream
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=rufgqy43sb0i3gibnp1i2qoe; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 04 Nov 2014 10:07:52 GMT

{
   "name" : "users()",
   "services" : [
      "https://graph.windows.net/users()/users",
      "https://graph.windows.net/users()/applications",
      "https://graph.windows.net/users()/contacts",
      "https://graph.windows.net/users()/groups",
      "https://graph.windows.net/users()/roles",
      "https://graph.windows.net/users()/servicePrincipals",
      "https://graph.windows.net/users()/tenantDetails",
      "https://graph.windows.net/users()/devices",
      "https://graph.windows.net/users()/subscribedSkus",
      "https://graph.windows.net/users()/permissions",
      "https://graph.windows.net/users()/directoryObjects"
   ]

When creating users it calls: https://graph.windows.net/users?api-version=1.5 which redirects to: https://graphregistry.cloudapp.net/GraphRegistry.svc/users/?api-version=1.5

and fails with the following HTML content:

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Service</title>
    <style>BODY {...}</style>
  </head>
  <body>
    <div id="content">
      <p class="heading1">Service</p>
      <p>Method not allowed.</p>
    </div>
  </body>
</html>

The offending line of code is:

var tenantsList = (await activeDirectoryClient.TenantDetails
        .Where(tenantDetail => tenantDetail.ObjectId.Equals(TENANT_ID))
        .ExecuteAsync())
    .CurrentPage.ToList();

It works however when I downgrade to 2.0.0 version of the NuGet package!

The exception is thrown of type InvalidOperationException with an error message: A value without a type name was found and no expected type is available. When the model is specified, each value in the payload must have a type which can be either specified in the payload, explicitly by the caller or implicitly inferred from the parent.

The stack trace is:
at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.TryRead()
at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.TryStartReadFeedOrEntry()
at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.TryReadFeedOrEntry(Boolean lazy, ODataFeed& feed, MaterializerEntry& entry)
at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.Read()
at System.Data.Services.Client.Materialization.ODataReaderEntityMaterializer.ReadNextFeedOrEntry()
at System.Data.Services.Client.Materialization.ODataEntityMaterializer.ReadImplementation()
at System.Data.Services.Client.Materialization.ODataMaterializer.Read()
at System.Data.Services.Client.MaterializeAtom.MoveNextInternal()
at System.Data.Services.Client.MaterializeAtom.MoveNext()
at System.Linq.Enumerable.d__b11.MoveNext() at System.Collections.Generic.List1..ctor(IEnumerable1 collection) at System.Linq.Enumerable.ToList[TSource](IEnumerable1 source)
at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.PagedCollection2..ctor(DataServiceContextWrapper context, QueryOperationResponse1 qor)
at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.DataServiceContextWrapper.<>c__DisplayClass4b2.<ExecuteAsync>b__49(IAsyncResult r) at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()
at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.DataServiceContextWrapper.d__4d2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()
at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.ReadOnlyQueryableSet2.<<ExecuteAsync>b__0>d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()
at Common.BLL.Accounts.d__eb.MoveNext() in [..].cs:line 1118

The AuthenticationHelper in this sample is using AcquireToken instead of AcquireTokenAsync. This is not a high priority issue but given that this is a sample that many people use as reference I believe it's worth fixing.
I'm planning to submit a pull request with a proposed fix soon.

Hi,
I am facing this issue when I run the application on my tenant. I login using my username and password (of a user who is configured as global admininstrator) and then I get the following exception on my console..(I have changed values as per the instructions given for various fields with appropriate values)

AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
Trace ID: 75170573-effd-4601-9eb2-c920bca44c22
Correlation ID: 2995cd67-9c40-45b7-9a5f-501976ed210f
Timestamp: 2014-06-06 09:28:05ZInnerException : The remote server returned an error: (400) Bad Request.

I've been trying to UnitTest the SDK and using nsubstitute.

Have not found a way to return something i want out of the client.Users object.

The client.Users returns an IUserCollection object which I cannot create a fake object to return in the unit tests.

Hi.
Seems that some recent updates break application clients.
The code that was working perfectly is now broken, all user update\delete operations are returning
Error creating new user. One or more errors occurred. Insufficient privileges to complete the operation.

This happens even if I'll grant all possible permissions to my registered Native Client application (as per readme.md guide).
This is pretty bad problem, as we can't create\register users from native client anymore

Have all right to do edits in azure. Only problem which I come into is I can't update an thumbnailphoto.

This is the code I use:

 var imageBytes = Convert.FromBase64String(imageData);
 var stream = new MemoryStream(imageBytes);
 user.ThumbnailPhoto.UploadAsync(stream, "image/jpeg", false, true).Wait();

and my datastring is something like a huge base64 string as you can image.

I tried several times. One time I saw the image in Azure, but I wasnt able to do the trick again :(

I followed every steps in https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-graphapi-console/

I can successfully try the step 2, using the demo tenant.

But while running the sample on my own AAD by following step 3, it prompts for my credential again & again without success (Refer to below pic).
Seems the sign in/out page has my infor stored in cookies, so I don't have to provide the password.
But the sign in/out page just restarts over & over again.
Any hints or advice ?

Can't remove a user from a group, although add works fine.

        User oUser = FindUser(UserUPN);
        Group oGroup = FindGroup(GroupName);

        await RemoveUserFromGroup(oGroup, oUser);

The sample takes a short cut that assumes that the extension property name comes from a property on the application. This won't always be accessible. We should show a different way to "build" the extension property name.

Hi, When i create the application using code. I can't able to generate token which shows me error message like Invalid client secret is provided. I checked the created application in azure portal there is now marks for previously saved credential. But password credentials works well. Can you please help me as soon as possible.

I did all the steps from samples description: registered an app, gave it Read Directory permission, put client secret in configuration along with other actual values etc. However, starting with accessing tenant info I get famous "Insufficient privileges" error:

DataServiceClientException: {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}

I even tried to give the app all permissions possible - no luck. Any ideas how to make it working?

The Readme.md file states, "updating a User's thumbnailPhoto". But I see no such thing in the code.

Hello

I could not find the attribute 'company' on the user entity reference, i wonder why is this not available on the user entity from the azure graph api?

Hi,

Can I have details on how to delete an user and what the "clientIdForUserAuthn" is, how to get/generate it? I set everything up but if I try a delete operation without using the "OAuth Authorization Code Grant" I am getting an "Insufficient privileges to complete the operation" error.

Thanks!

Hi I tried to example however i receive "Insufficient privileges to complete the operation."
I have set the the web application to have different type of permission even to have all of them(both read and write directory data). I can create user however can not delete the user. Any help is much appreciated. The code is original from the example

//*********************************************************************************************
// Delete the user that we just created
//*********************************************************************************************
if (userToBeAdded.ObjectId != null)
{
try
{
userToBeAdded.DeleteAsync().Wait();
Console.WriteLine("\nUser {0} was deleted", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting User failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
if (newUser.ObjectId != null)
{
try
{
newUser.DeleteAsync().Wait();
Console.WriteLine("\nUser {0} was deleted", newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting User failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}

Is there a way to clear the manager field of a user?
(Workaround bypassing the GraphClient wrapper: http://stackoverflow.com/a/36598494/3393258)

https://msdn.microsoft.com/en-us/library/azure/jj134103.aspx

"Directory roles cannot be added or deleted using the Graph API. Updates are supported on the members navigation property only. Both add and remove are supported on this property."

According to this article, it is possible to add and remove the members navigation property of the role. I have tested Add user to role works. but Remove user from role does not work.

Code sample please?

Hi,
I'm trying to add some license to my user, but I always get this message.

Open navigation properties are not supported on OpenTypes. Property name: 'DirectoryDataService.assignLicense'.

AssignedLicense addLicense = new AssignedLicense
{
SkuId = new Guid("some guid")
};
IList licensesToAdd = new[] { addLicense };
IList licensesToRemove = new Guid[] { };

var retrievedUsers = activeDirectoryClient.Users
.Where(user => user.UserPrincipalName.Equals("some user"))
.ExecuteAsync().Result.CurrentPage.First();
retrievedUsers.AssignLicenseAsync(licensesToAdd, licensesToRemove).Wait();

Have any idea what's wrong ?

Tks

The sample makes use of the roleId on the newly created application object. However in multi-tenant apps, that app is not accessible, and so the sample sets a bad and confusing example. The roleId should be coming from the service principal (resource).

In 1.0 version of the library these were available, but now they are not. The fields "password" and "forceChangePasswordNextLogin" used in the example are marked as deprecated. This broke some of the older code which doesn't compile anymore.

I'm trying SKU Transition.
When act AssignLicenseAsync method, I get error "Insufficient privileges to complete the operation"
and I dont know what should redo.

After act PlaceOrder, we implement below code.
AssignLicenseAsync(new []{new AssignedLicense{ SkuId = newSkuId}},new Guid[]{oldSkuId})

I expect that AssignLicenseAsync method can activate new Subscription and remove old Subscription.

What I wrong?

Can't build solution as checked in. Get following error:

This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is D:\GitRepos\active-directory-dotnet-graphapi-console\.nuget\NuGet.targets. GraphConsoleAppV3 D:\GitRepos\active-directory-dotnet-graphapi-console\GraphConsoleAppV3\GraphConsoleAppV3.csproj 94

I need to know how to get a user Graph token without prompting the user to enter credentials in the browser window. any ideas?

Add this to the sample.

I am trying to run this code (below) and it never completes the job. I am authorized to create a user and I tested my authorization by receiving all the users in my active directory using the same Active Directory Client.

        User newAzureUser = new User();
        newAzureUser.GivenName = "John";
        newAzureUser.Surname = "Smith";
        newAzureUser.UserPrincipalName = "John" + "." + "Smith"+ "@" + tenantName;
        newAzureUser.DisplayName = "John";
        newAzureUser.AccountEnabled = true;

        newAzureUser.PasswordProfile = new PasswordProfile
        {
            Password = "Test!354",
            ForceChangePasswordNextLogin = false,
        };

        try
        {
            await ActiveDirectoryClient.Users.AddUserAsync(newAzureUser);
        }
        catch (Exception e)
        {
            Console.WriteLine("\nError creating new user {0} {1}", e.Message,
                e.InnerException != null ? e.InnerException.Message : "");
        }

Hi Guys,

     I am not sure if this is the right place for a query about Quota limit: what kinds of directory object will hit the quota limit.

     I have an Azure AD, at moment there are: 
     User:  63
     Applications: 592
     Groups: 336
     Service Principles: 400

     During my application running, about 800 new objects(most of them are groups) will be created,  but it will occasionally raise the exception when I tried to create group.  Be noted that after running, those newly objected will be deleted.

     Here are few questions to be clarified:
    1. How can I know the quota limit for an AD tenant?
    2. What else object types would count to the quota limit besides object types above?

Microsoft.Azure.ActiveDirectory.GraphClient: 2.1.1
AD Tenant: 464b54f9-3dcb-4e4a-a619-fe3511dc9f83

Thanks
Hotants

Hello

While adding user to Role "Company Administrator" works, but Removing that role from the user does not work. I have tried with DirectoryRole, but same behaviour with Group. Add works, but remove does not work.

//WORKS
if (retrievedRoles != null && retrievedRoles.Count == 1)
{
retrievedRole = (DirectoryRole)retrievedRoles.First();
retrievedRole .Members.Add(retrievedUser);
retrievedRole .UpdateAsync().Wait();
roleOperationStatus = "Updated" + retrievedUser.ObjectId;
}

// DOES_NOT_WORK

if (retrievedRoles != null && retrievedRoles.Count == 1)
{
retrievedRole = (DirectoryRole)retrievedRoles.First();
retrievedRole.Members.Remove(retrievedUser as DirectoryObject);
retrievedRole.UpdateAsync().Wait();
roleOperationStatus = "Updated:" + retrievedUser.ObjectId;
}

Followed all steps. Everything seems to work !!
Some more documentation on the user mode and app mode would be even more great.

I get an exception at the second part of the app, after a request for my credentials.

An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll

Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.

I am getting a JSON parsing error only in one Azure tenant. I've tested the same code in 3 other tenants.

Calling code:
activeDirectoryClient.Users.Where(x=>x.LastDirSyncTime >= lastSyncDateOnly).ExecuteAsync();

Error that occurs during paging through results:
pagedCollection = await pagedCollection.GetNextPageAsync();

Invalid JSON. A colon character ':' is expected after the property name 'usageLocation', but none was found. ---> Microsoft.Data.OData.ODataException: Invalid JSON. A colon character ':' is expected after the property name 'usageLocation', but none was found.

System.InvalidOperationException: Invalid JSON. A colon character ':' is expected after the property name 'usageLocation', but none was found. ---> Microsoft.Data.OData.ODataException: Invalid JSON. A colon character ':' is expected after the property name 'usageLocation', but none was found.
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.Json.JsonReader.ParseProperty()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.Json.JsonReader.Read()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.Json.BufferingJsonReader.ReadInternal()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.Json.BufferingJsonReader.ReadNextAndCheckForInStreamError()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.Json.BufferingJsonReader.ReadInternal()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.Json.BufferingJsonReader.Read()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.Json.ODataJsonReaderCoreUtils.TryReadNullValue(BufferingJsonReader jsonReader, ODataInputContext inputContext, IEdmTypeReference expectedTypeReference, Boolean validateNullValue, String propertyName)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightPropertyAndValueDeserializer.ReadNonEntityValueImplementation(String payloadTypeName, IEdmTypeReference expectedTypeReference, DuplicatePropertyNamesChecker duplicatePropertyNamesChecker, CollectionWithoutExpectedTypeValidator collectionValidator, Boolean validateNullValue, Boolean isTopLevelPropertyValue, Boolean insideComplexValue, String propertyName, Boolean readRawValueEvenIfNoTypeFound)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightEntryAndFeedDeserializer.ReadEntryDataProperty(IODataJsonLightReaderEntryState entryState, IEdmProperty edmProperty, String propertyTypeName)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightEntryAndFeedDeserializer.ReadEntryPropertyWithValue(IODataJsonLightReaderEntryState entryState, String propertyName)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightEntryAndFeedDeserializer.<>c__DisplayClass2.b__0(PropertyParsingResult propertyParsingResult, String propertyName)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightDeserializer.ProcessProperty(DuplicatePropertyNamesChecker duplicatePropertyNamesChecker, Func2 readPropertyAnnotationValue, Action2 handleProperty)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightEntryAndFeedDeserializer.ReadEntryContent(IODataJsonLightReaderEntryState entryState)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightReader.ReadEntryStart(DuplicatePropertyNamesChecker duplicatePropertyNamesChecker, SelectedPropertiesNode selectedProperties)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightReader.ReadAtEntryEndImplementationSynchronously()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.JsonLight.ODataJsonLightReader.ReadAtEntryEndImplementation()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.ODataReaderCore.ReadImplementation()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.ODataReaderCore.ReadSynchronously()
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.ODataReaderCore.InterceptException[T](Func1 action) [06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Data.OData.ODataReaderCore.Read() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.ODataReaderWrapper.Read() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.TryRead() [06/30/2016 12:30:47 > 573298: INFO] --- End of inner exception stack trace --- [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.TryRead() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.TryStartReadFeedOrEntry() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.TryReadEntry(MaterializerEntry& entry) [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.<LazyReadEntries>d__0.MoveNext() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.FeedAndEntryMaterializerAdapter.Read() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.ODataReaderEntityMaterializer.ReadNextFeedOrEntry() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.Materialization.ODataEntityMaterializer.ReadImplementation() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.MaterializeAtom.MoveNextInternal() [06/30/2016 12:30:47 > 573298: INFO] at System.Data.Services.Client.MaterializeAtom.MoveNext() [06/30/2016 12:30:47 > 573298: INFO] at System.Linq.Enumerable.<CastIterator>d__941.MoveNext()
[06/30/2016 12:30:47 > 573298: INFO] at System.Collections.Generic.List1..ctor(IEnumerable1 collection)
[06/30/2016 12:30:47 > 573298: INFO] at System.Linq.Enumerable.ToList[TSource](IEnumerable1 source) [06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.PagedCollection2..ctor(DataServiceContextWrapper context, QueryOperationResponse1 qor) [06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.PagedCollection2.d__0.MoveNext()
[06/30/2016 12:30:47 > 573298: INFO] --- End of inner exception stack trace ---
[06/30/2016 12:30:47 > 573298: INFO] at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
[06/30/2016 12:30:47 > 573298: INFO] at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
[06/30/2016 12:30:47 > 573298: INFO] at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.TranslatingPagedCollection2.<GetNextPageAsync>b__0() [06/30/2016 12:30:47 > 573298: INFO] at System.Threading.Tasks.Task1.InnerInvoke()
[06/30/2016 12:30:47 > 573298: INFO] at System.Threading.Tasks.Task.Execute()
[06/30/2016 12:30:47 > 573298: INFO] --- End of stack trace from previous location where exception was thrown ---
[06/30/2016 12:30:47 > 573298: INFO] at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
[06/30/2016 12:30:47 > 573298: INFO] at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
[06/30/2016 12:30:47 > 573298: INFO] at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
[06/30/2016 12:30:47 > 573298: INFO] at Core.UserProfiles.Sync.Repositories.AzureAdRepository.d__0.MoveNext() in

Is there a way, when logged in in app mode, to add a user to app? I tried the following and got an error:

var roleAssignment= new AppRoleAssignment() {
Id = Guid.Empty,
ObjectId = user.ObjectId,
ResourceId = Guid.Parse(AppModeConstants.ServicePrincipalObjectId),
PrincipalId = Guid.Parse(user.ObjectId),
PrincipalType = "User"
};
	
user.AppRoleAssignments.Add(roleAssignment);
await user.UpdateAsync();

Error:

{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"One or more properties are invalid."},"date":"2017-12-19T18:57:45","requestId":"b2e61bc7-bbe1-4a7f-9f9d-3ce405b418a1","values":null}}

The instructions in the sample have some errors. These need fixing and updating

Hi all,

when running the demo (great example btw) one extended property is created on the app level and added to a new user. The issue is that when you rerun the demo and doing a appObject.GetExtendedProperties() it returns 0 properties. Adding this same extended property will throw an exception then.

The same goes for retrievedUser.GetExtendedProperties() getting all the extendedproperties for a user.

thanks!

I was trying to update an user using this application, but I started receiving the exception saying Insufficient privileges to complete the operation, access_denied.

{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}

It looks very strange though am able to create user, only the update is troubling.

In fact its blocking the production, we are not able to update existing users profile thus blocking user from accessing the underlying application.