i am fatching for access to change password operation is denied in Asp.net C#

Sodvadiya, Suryadeep 1 Reputation point
2022-12-29T09:23:09.923+00:00

Every Time i am faching same error any suggestion for me how can i solve this error using ASP .NET API.274764-microsoftteams-image-2.png

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,715 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 37,296 Reputation points
    2022-12-30T08:58:52.163+00:00

    Hi @Sodvadiya, Suryadeep

    If modifying the password for a user in the application-only context, the calling app must be assigned the User.ReadWrite.All application permission and at least the User Administrator Azure AD role.

    275017-image.png

    Sign in to Azure AD as a global administrator>Roles and administrators> find User Administrator >Add assignments> enter your application ID to search and add.

    274976-image.png 

    using Azure.Identity;   
using Microsoft.Graph;  
  
  
var scopes = new[] { "https://graph.microsoft.com/.default" };  
  
var tenantId = "{tenant id}";  
  
// Values from app registration  
var clientId = "{client id}";  
var clientSecret = "{client secret}";  
  
// using Azure.Identity;  
var options = new TokenCredentialOptions  
{  
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud  
};  
  
// https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential  
var clientSecretCredential = new ClientSecretCredential(  
    tenantId, clientId, clientSecret, options);  
  
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);  
  
var user = new User  
{  
      PasswordProfile = new PasswordProfile  
      {  
            ForceChangePasswordNextSignIn = false,  
            Password = "xxxxxxxxxxxxx"  
      }  
};  
  
await graphClient.Users["{user id}"]  
      .Request()  
      .UpdateAsync(user);

    275043-image.png

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.
  2. Shweta Mathur 27,936 Reputation points Microsoft Employee
    2022-12-30T04:39:15.147+00:00

    Hi @Sodvadiya, Suryadeep ,

    Thanks for reaching out.

    I understand you are trying to update the password using ROPC flow and getting unauthorized error.

    To update the password, you need to assign Directory.AccessAsUser.All delegated permissions to your application. This permission needs to provide admin consent to update the password.

    Reference: https://learn.microsoft.com/en-us/graph/api/user-changepassword?view=graph-rest-1.0&tabs=http#permissions

    Hope this will help.

    Thanks,
    Shweta

    ----------------------------------

    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.