"ErrorAccessDenied Message: Access is denied. Check credentials and try again." When I try to get events in my email

Anson Tsang 30 Reputation points
2023-01-17T06:13:29.1266667+00:00

I encounter error message "ErrorAccessDenied Message: Access is denied. Check credentials and try again." When I try to get calendar events in my email. 


var options = new TokenCredentialOptions
{
	AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};

var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);

var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

graphClient.BaseUrl = "https://graph.microsoft.com/beta";
		
var result = await graphClient.Users[{myEmail}].Events.Request().GetAsync();

At the mean time, it works to get calendar, add/delete a calendar event using same setting. It cannot read calendar event or make a webhook subscription for the calendar event updates.

I am using Azure AD to build clientSecretCredential for my web API.

Azure AD API permission:

User's image

Any configuration that I need to add?

Please let me know if you need more information to repro this issue.

Outlook
Outlook
A family of Microsoft email and calendar products.
3,009 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,645 questions
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,901 questions
Microsoft Exchange
Microsoft Exchange
Microsoft messaging and collaboration software.
392 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,559 questions
0 comments
Accepted answer
  1. Gopinath Chennamadhavuni 2,431 Reputation points
    2023-01-17T10:43:26.02+00:00

    Hi Anson Tsang

    Thanks for reaching out.

    I can reproduce your issue in my test tenant, and I have resolved this issue with below approach.

    Try to remove & revoke all permission of the specific app and grant the required permissions again. Then execute the Graph API: await graphClient.Users[{myEmail}].Events.Request().GetAsync().

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 95,666 Reputation points MVP
    2023-01-17T07:07:50.5633333+00:00

    You are using application permissions, thus there is no such thing as "my email" - you need to provide the user's objectID/UPN. The /me endpoint only works for delegate permissions.

  2. Stijn Vandenbroucke 0 Reputation points
    2023-02-23T20:27:01.3333333+00:00

    Hi, is there somewhere a complete answer? I have exactly the same issue, and I see different forums with all the same questions....

                var options = new TokenCredentialOptions
            {
                AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
            };

            var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
            GraphServiceClient graphServiceClient = new GraphServiceClient(clientSecretCredential, scopes);

            try
            {
                IGraphServiceUsersCollectionPage users = graphServiceClient.Users.Request().GetAsync().Result;
                Console.WriteLine($"Found {users.Count()} users in the tenant");

                User user = null;

                foreach (User loopUser in users)
                {
                    if (loopUser.Mail.ToLower().Contains("car"))
                    {
                        user = loopUser;
                        break;
                    }
                }

                if (user == null) return;

                Console.WriteLine("User: "+ (user.Id + " - " + user.DisplayName));

                IUserRequestBuilder iUserRequestBuilder = graphServiceClient.Users[user.Mail];

                Calendar userCalendar = iUserRequestBuilder.Calendar.Request().GetAsync().Result;
                Console.WriteLine("Calendar: "+ (userCalendar.Id + " - " + userCalendar.Name));

                ICalendarEventsCollectionPage events = iUserRequestBuilder.Calendar.Events.Request().GetAsync().Result;
                Console.WriteLine($"Found {events.Count()} events in the calendar");
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception: " + $"{e}");
            }
    0 comments
  3. rumaana begum 1 Reputation point
    2024-04-23T05:18:48.4766667+00:00

    any update on this, im stuck with this error now,

    curl --location 'https://graph.microsoft.com/v1.0/users/If@p.eu.g/calendar/events' \

    --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IlYxTlZ2bFlQczhRcUdIcF9Xcnh3ZFBOYXd6TmtZYkQwa0Zzc0pNUFZHV00iLCJhbGciOiJSUzI1NiIsIng1dCI6InEtMjNmYWxldlpoaEQzaG05Q1Fia1A1TVF5VSIsImtpZCI6InEtMjNmYWxldlpoaEQzaG05Q1Fia1A1TVF5VSJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8zZmM5ZjI1Yy1iNDE2LTQzOTQtYTdhOC0yZDE1NDNmNDNhMTgvIiwiaWF0IjoxNzEzODQ3NjgxLCJuYmYiOjE3MTM4NDc2ODEsImV4cCI6MTcxMzg1MjAzMiwiYWNjdCI6MCwiYWNyIjoiMSIsImFpbyI6IkFUUUF5LzhXQUFBQWdMS1FjR1hWNTRlWElZTE81bTQ3M0dhTEN4czJFMWdZZGRad1VaNEZRNnpKYm80L3BkQjJqR1UvVG50cGM0T2IiLCJhbXIiOlsicHdkIl0sImFwcF9kaXNwbGF5bmFtZSI6IklGTCBPVVRMT09LIC0gWk9ITyIsImFwcGlkIjoiMGQ1ZTgyYjktNzU5ZC00MzUwLWIxZjUtYTA5Y2M4Mzg3YTJkIiwiYXBwaWRhY3IiOiIxIiwiZ2lhZC5TaGFyZWQgQ2FsZW5kYXJzLlJlYWRXcml0ZSBDYWxlbmRhcnMuUmVhZFdyaXRlLlNoYXJlZCBEaXNyb3NvZnQuY29tIiwidXRpIjoiWExjVlU4YmluVU9Id0hnMXZMMVJBQSIsInZlciI6IjEuMCIsIndpZHMiOlsiNjJlOTAzOTQtNjlmNS00MjM3LTkxOTAtMDEyMTc3MTQ1ZTEwIiwiYjc5ZmJmNGQtM2VmOS00Njg5LTgxNDMtNzZiMTk0ZTg1NTA5Il0sInhtc19zdCI6eyJzdWIiOiI2eVVDUWxyX2hFdjI0ak1SQkgtUGZoMnF1OHBxaDFNS0w3dWcyMHR3MUZZIn0sInhtc190Y2R0IjoxNTc1MDIxNjA2fQ.MJTv_PKAUarLEV1wuL9GqcsM84_7-F28WAYmBgxMRDcWwEv1IzbdRdCaftzbul8pEf4iJ4DL3fk_OBwSvuY5CMVOy0QSbRTaTTHf8xAiZhzfQ1sIqIMOzTT75Cxg4Q-iJsDH2OITnTtEk7M1QQ3ojuC192QxEAxUkjFICdhs0nYK2Wn4WZYCuwiKL3QSsgaZgH8YH7RLmyL8n8QWu9eCGTvRPk-TxI5s4QNtPEPyBrW1-cjgPYE4DZj_9yiB2s6zIP1X5ecF0l3XzTTGYg_37ahQK375bi7XHE7poBz5tKcm-tgXaClPbmvkNAuPy5rjjGvRtJrQx85WxnNjth2hSg' \

    --header 'Prefer: outlook.timezone="Pacific Standard Time"' \

    --header 'Content-Type: application/json' \

    --data-raw '{

    "subject": "Let'''s go for lunch",

    "body": {

    "contentType": "HTML",

"content": "Does noon work for you?"

    },

    "start": {

      "dateTime": "2017-04-15T12:00:00",

  "timeZone": "Pacific Standard Time"

    },

    "end": {

      "dateTime": "2017-04-15T14:00:00",

  "timeZone": "Pacific Standard Time"

    },

    "location":{

      "displayName":"Harry'\''s Bar"

    },

    "attendees": [

    {

  "emailAddress": {

    "address":"rumaana@gmail.com",

    "name": "Rumaana"

  },

  "type": "required"

}

    ],

    "allowNewTimeProposals": false,

    "isOnlineMeeting": true

    }'

    this is an example body only but in both original and example i get this

    {

    "error": {

    "code": "ErrorAccessDenied",

    "message": "Access is denied. Check credentials and try again."

}

    }

    0 comments