Access is denied. Check credentials and try again. calendar events

Reto Rümmeli 5 Reputation points
2023-01-29T12:44:55.89+00:00

I have the same problem as in this case:

https://learn.microsoft.com/en-us/answers/questions/1161426/erroraccessdenied-message-access-is-denied-check-c

I have tried for several days to find a solution, unfortunately without success. I have created a variant with API and a variant with the SDK.

I have deleted and reset the permissions on Azure several times. (see Permisions below)

I create a daemon application and want to access all events of the users.

Insert update, delete an event work fine.

var evsend = await graphClient.Users[userid].Events.Request().AddAsync(@event);
var evsend = await graphClient.Users[userid].Events[eventid].Request().UpdateAsync(@event);
await graphClient.Users[userid].Events[eventid].Request().DeleteAsync();

But listing the events does not work.

var events = await graphClient.Users[userid].Events.Request().GetAsync();

Message: Access is denied. Check credentials and try again.

What am I doing wrong.

I would be extremely glad for help.

User's image

Outlook
Outlook
A family of Microsoft email and calendar products.
3,041 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,715 questions
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,911 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bhanu Kiran 3,526 Reputation points
    2023-01-30T01:02:37.7533333+00:00

    Hi @Reto Rümmeli ,

    "Access is Denied" usually occurs when generated token does not have sufficient permissions or the consented permission are not granted by Admin. As per the documentation Calendars.Read, Calendars.ReadWrite Permissions (from least to most privileged) is required to run the above Graph API endpoint.

    Please make sure you have the above permissions in your token. You can check your permissions by decoding your token using Jwt.io.

    If the permissions are present in the token, I would suggest you register a new application with new set of ClientID, Secret and required permissions and validate the issue.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments
  2. Reto Rümmeli 5 Reputation points
    2023-01-31T06:23:31.9133333+00:00

    Hi BhanuKiran

    I must preface that this is my first experience with the Graph SDK. I am developing a Deamon application.
    I have set up a new application in Azure and reset the permissions. (see the Permissions below)

    But unfortunately it does not work

    I wonder why the Event.add, Event.update and Event.delete queries work, but the listing does not.

    Here is the code for creating the GraphserviceClient. Here i dont see the Token.

     public GraphServiceClient GetGraphClientWithIdentity() {

        if (_graphServiceClient != null)
            return _graphServiceClient;

        var instance = _configuration.GetValue<string>("AzureAd:Instance");
        var apiurl = _configuration.GetValue<string>("AzureAd:ApiUrl");
        var tenant = _configuration.GetValue<string>("AzureAd:Tenant");
        var tenantId = _configuration.GetValue<string>("AzureAd:TenantId");
        var clientId = _configuration.GetValue<string>("AzureAd:ClientId");
        var clientSecret = _configuration.GetValue<string>("AzureAd:ClientSecret");
        string[] scopes = new[] { "https://graph.microsoft.com/.default" };
        
        //var authority = String.Format(CultureInfo.InvariantCulture, instance, tenant);

        // TokenCredentialOptions for Cloud
        var options = new TokenCredentialOptions
        {
            AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
        };

        var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
        var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

        return graphClient;

    }

    Here is the code for the requests that work. 

    // Create Client
var graphClient = _graphClient.GetGraphClientWithIdentity();

// OK
users = await graphClient.Users.Request().GetAsync();
calendars = await graphClient.Users[userid].Calendars.Request().GetAsync();
mailfolders = await graphClient.Users[userid].MailFolders.Request().GetAsync();
organizations = await graphClient.Organization.Request().GetAsync();
categories = await graphClient.Users[userid].Outlook.MasterCategories.Request().GetAsync();

var evsendInsert = await graphClientService.Users[userid_1].Events.Request().AddAsync(@event);
// Event Update OK
var evsendUpdate = await graphClientService.Users[userid_1].Events[eventid].Request().UpdateAsync(@event);
// Event Delete OK
await graphClientService.Users[userid_1].Events[eventid].Request().DeleteAsync();


    // Do not Work
var events = await graphClient.Users[userid].Events.Request().GetAsync();


var events = await graphClient.Users[userid].Calendars[firstCalendarID].Events.Request().GetAsync();

    Here all the Permissions.

    User's image

    0 comments