i am fatching for access to change password operation is denied in Asp.net C#

Sodvadiya, Suryadeep 1 Reputation point
2022-12-29T09:23:09.923+00:00

Every Time i am faching same error any suggestion for me how can i solve this error using ASP .NET API.274764-microsoftteams-image-2.png

Microsoft Graph Users API
Microsoft Graph Users API
A Microsoft API that allows you to build compelling app experiences based on users, their relationships with other users and groups, and the resources they access for example their mails, calendars, files, administrative roles, group memberships.
551 questions
Microsoft Graph SDK
Microsoft Graph SDK
A Microsoft software developer kit designed to simplify building high-quality, efficient, and resilient applications that access Microsoft Graph.
739 questions
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,765 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Shweta Mathur 11,166 Reputation points Microsoft Employee
    2022-12-30T04:39:15.147+00:00

    Hi @Sodvadiya, Suryadeep ,

    Thanks for reaching out.

    I understand you are trying to update the password using ROPC flow and getting unauthorized error.

    To update the password, you need to assign Directory.AccessAsUser.All delegated permissions to your application. This permission needs to provide admin consent to update the password.

    Reference: https://learn.microsoft.com/en-us/graph/api/user-changepassword?view=graph-rest-1.0&tabs=http#permissions

    Hope this will help.

    Thanks,
    Shweta

    ----------------------------------

    Please remember to "Accept Answer" if answer helped you.

    No comments

  2. Carl Zhao_MSFT 18,301 Reputation points Microsoft Employee
    2022-12-30T08:58:52.163+00:00

    Hi @Sodvadiya, Suryadeep

    If modifying the password for a user in the application-only context, the calling app must be assigned the User.ReadWrite.All application permission and at least the User Administrator Azure AD role.

    275017-image.png

    Sign in to Azure AD as a global administrator>Roles and administrators> find User Administrator >Add assignments> enter your application ID to search and add.

    274976-image.png

    using Azure.Identity;   
    using Microsoft.Graph;  
      
      
    var scopes = new[] { "https://graph.microsoft.com/.default" };  
      
    var tenantId = "{tenant id}";  
      
    // Values from app registration  
    var clientId = "{client id}";  
    var clientSecret = "{client secret}";  
      
    // using Azure.Identity;  
    var options = new TokenCredentialOptions  
    {  
        AuthorityHost = AzureAuthorityHosts.AzurePublicCloud  
    };  
      
    // https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential  
    var clientSecretCredential = new ClientSecretCredential(  
        tenantId, clientId, clientSecret, options);  
      
    var graphClient = new GraphServiceClient(clientSecretCredential, scopes);  
      
    var user = new User  
    {  
          PasswordProfile = new PasswordProfile  
          {  
                ForceChangePasswordNextSignIn = false,  
                Password = "xxxxxxxxxxxxx"  
          }  
    };  
      
    await graphClient.Users["{user id}"]  
          .Request()  
          .UpdateAsync(user);  
    

    275043-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.