Share via

"ErrorAccessDenied Message: Access is denied. Check credentials and try again." When I try to get events in my email

Anson Tsang 30 Reputation points
2023-01-17T06:13:29.1266667+00:00

I encounter error message "ErrorAccessDenied Message: Access is denied. Check credentials and try again." When I try to get calendar events in my email. 


var options = new TokenCredentialOptions
{
	AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};

var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);

var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

graphClient.BaseUrl = "https://graph.microsoft.com/beta";
		
var result = await graphClient.Users[{myEmail}].Events.Request().GetAsync();

At the mean time, it works to get calendar, add/delete a calendar event using same setting. It cannot read calendar event or make a webhook subscription for the calendar event updates.

I am using Azure AD to build clientSecretCredential for my web API.

Azure AD API permission:

User's image

Any configuration that I need to add?

Please let me know if you need more information to repro this issue.

Outlook Windows Classic Outlook for Windows For business
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Graph
Exchange Other
0 comments
Accepted answer
  1. Gopinath Chennamadhavuni 2,446 Reputation points
    2023-01-17T10:43:26.02+00:00

    Hi Anson Tsang

    Thanks for reaching out.

    I can reproduce your issue in my test tenant, and I have resolved this issue with below approach.

    Try to remove & revoke all permission of the specific app and grant the required permissions again. Then execute the Graph API: await graphClient.Users[{myEmail}].Events.Request().GetAsync().

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 119.5K Reputation points MVP Volunteer Moderator
    2023-01-17T07:07:50.5633333+00:00

    You are using application permissions, thus there is no such thing as "my email" - you need to provide the user's objectID/UPN. The /me endpoint only works for delegate permissions.

  2. Stijn Vandenbroucke 0 Reputation points
    2023-02-23T20:27:01.3333333+00:00

    Hi, is there somewhere a complete answer? I have exactly the same issue, and I see different forums with all the same questions....

                var options = new TokenCredentialOptions
            {
                AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
            };

            var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
            GraphServiceClient graphServiceClient = new GraphServiceClient(clientSecretCredential, scopes);

            try
            {
                IGraphServiceUsersCollectionPage users = graphServiceClient.Users.Request().GetAsync().Result;
                Console.WriteLine($"Found {users.Count()} users in the tenant");

                User user = null;

                foreach (User loopUser in users)
                {
                    if (loopUser.Mail.ToLower().Contains("car"))
                    {
                        user = loopUser;
                        break;
                    }
                }

                if (user == null) return;

                Console.WriteLine("User: "+ (user.Id + " - " + user.DisplayName));

                IUserRequestBuilder iUserRequestBuilder = graphServiceClient.Users[user.Mail];

                Calendar userCalendar = iUserRequestBuilder.Calendar.Request().GetAsync().Result;
                Console.WriteLine("Calendar: "+ (userCalendar.Id + " - " + userCalendar.Name));

                ICalendarEventsCollectionPage events = iUserRequestBuilder.Calendar.Events.Request().GetAsync().Result;
                Console.WriteLine($"Found {events.Count()} events in the calendar");
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception: " + $"{e}");
            }
    0 comments
  3. rumaana begum 1 Reputation point
    2024-04-23T05:18:48.4766667+00:00

    any update on this, im stuck with this error now,

    curl --location 'https://graph.microsoft.com/v1.0/users/******@p.eu.g/calendar/events' \

    --header 'Authorization: Bearer eyJ0eXAiOiJKV1...' \

    --header 'Prefer: outlook.timezone="Pacific Standard Time"' \

    --header 'Content-Type: application/json' \

    --data-raw '{

    "subject": "Let'''s go for lunch",

    "body": {

    "contentType": "HTML",

"content": "Does noon work for you?"
```  },

  "start": {

```sql
  "dateTime": "2017-04-15T12:00:00",

  "timeZone": "Pacific Standard Time"
```  },

  "end": {

```sql
  "dateTime": "2017-04-15T14:00:00",

  "timeZone": "Pacific Standard Time"
```  },

  "location":{

```sql
  "displayName":"Harry'\''s Bar"
```  },

  "attendees": [

```ruby
{

  "emailAddress": {

    "address":"******@gmail.com",

    "name": "Rumaana"

  },

  "type": "required"

}
```  ],

  "allowNewTimeProposals": false,

  "isOnlineMeeting": true

  

}'

this is an example body only but in both original and example i get this 

{

```scala
"error": {

    "code": "ErrorAccessDenied",

    "message": "Access is denied. Check credentials and try again."

}
```}
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.