Share via

"ErrorAccessDenied Message: Access is denied. Check credentials and try again." When I try to get events in my email

Anson Tsang 30 Reputation points
2023-01-17T06:13:29.1266667+00:00

I encounter error message "ErrorAccessDenied Message: Access is denied. Check credentials and try again." When I try to get calendar events in my email. 


var options = new TokenCredentialOptions
{
	AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};

var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);

var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

graphClient.BaseUrl = "https://graph.microsoft.com/beta";
		
var result = await graphClient.Users[{myEmail}].Events.Request().GetAsync();

At the mean time, it works to get calendar, add/delete a calendar event using same setting. It cannot read calendar event or make a webhook subscription for the calendar event updates.

I am using Azure AD to build clientSecretCredential for my web API.

Azure AD API permission:

User's image

Any configuration that I need to add?

Please let me know if you need more information to repro this issue.

Outlook | Windows | Classic Outlook for Windows | For business
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
Exchange | Other
Exchange | Other
A powerful email and collaboration platform developed by Microsoft, designed to support enterprise-level communication and productivity. Miscellaneous topics that do not fit into specific categories.
0 comments
Answer accepted by question author
  1. Gopinath Chennamadhavuni 2,446 Reputation points
    2023-01-17T10:43:26.02+00:00

    Hi Anson Tsang

    Thanks for reaching out.

    I can reproduce your issue in my test tenant, and I have resolved this issue with below approach.

    Try to remove & revoke all permission of the specific app and grant the required permissions again. Then execute the Graph API: await graphClient.Users[{myEmail}].Events.Request().GetAsync().

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 123K Reputation points MVP Volunteer Moderator
    2023-01-17T07:07:50.5633333+00:00

    You are using application permissions, thus there is no such thing as "my email" - you need to provide the user's objectID/UPN. The /me endpoint only works for delegate permissions.

  2. Stijn Vandenbroucke 0 Reputation points
    2023-02-23T20:27:01.3333333+00:00

    Hi, is there somewhere a complete answer? I have exactly the same issue, and I see different forums with all the same questions....

                var options = new TokenCredentialOptions
            {
                AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
            };

            var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
            GraphServiceClient graphServiceClient = new GraphServiceClient(clientSecretCredential, scopes);

            try
            {
                IGraphServiceUsersCollectionPage users = graphServiceClient.Users.Request().GetAsync().Result;
                Console.WriteLine($"Found {users.Count()} users in the tenant");

                User user = null;

                foreach (User loopUser in users)
                {
                    if (loopUser.Mail.ToLower().Contains("car"))
                    {
                        user = loopUser;
                        break;
                    }
                }

                if (user == null) return;

                Console.WriteLine("User: "+ (user.Id + " - " + user.DisplayName));

                IUserRequestBuilder iUserRequestBuilder = graphServiceClient.Users[user.Mail];

                Calendar userCalendar = iUserRequestBuilder.Calendar.Request().GetAsync().Result;
                Console.WriteLine("Calendar: "+ (userCalendar.Id + " - " + userCalendar.Name));

                ICalendarEventsCollectionPage events = iUserRequestBuilder.Calendar.Events.Request().GetAsync().Result;
                Console.WriteLine($"Found {events.Count()} events in the calendar");
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception: " + $"{e}");
            }
    0 comments
  3. rumaana begum 1 Reputation point
    2024-04-23T05:18:48.4766667+00:00

    any update on this, im stuck with this error now,

    curl --location 'https://graph.microsoft.com/v1.0/users/******@p.eu.g/calendar/events' \

    --header 'Authorization: Bearer eyJ0eXAiOiJKV1...' \

    --header 'Prefer: outlook.timezone="Pacific Standard Time"' \

    --header 'Content-Type: application/json' \

    --data-raw '{

    "subject": "Let'''s go for lunch",

    "body": {

    "contentType": "HTML",

"content": "Does noon work for you?"
```  },

  "start": {

```sql
  "dateTime": "2017-04-15T12:00:00",

  "timeZone": "Pacific Standard Time"
```  },

  "end": {

```sql
  "dateTime": "2017-04-15T14:00:00",

  "timeZone": "Pacific Standard Time"
```  },

  "location":{

```sql
  "displayName":"Harry'\''s Bar"
```  },

  "attendees": [

```ruby
{

  "emailAddress": {

    "address":"******@gmail.com",

    "name": "Rumaana"

  },

  "type": "required"

}
```  ],

  "allowNewTimeProposals": false,

  "isOnlineMeeting": true

  

}'

this is an example body only but in both original and example i get this 

{

```scala
"error": {

    "code": "ErrorAccessDenied",

    "message": "Access is denied. Check credentials and try again."

}
```}
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.