Error inside my azure function:- This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant

john john 926 Reputation points
2023-02-27T15:50:04.3+00:00

I have this CSOM code inside my Azure Function inside Visual Studio 2022:-

var certificate = GetCertificateByThumbprint(Environment.GetEnvironmentVariable("CertificateThumbPrint"));

                    // Set up the MSAL client
                    var clientApplication = ConfidentialClientApplicationBuilder
                        .Create(Environment.GetEnvironmentVariable("ClientId"))
                        .WithCertificate(certificate)
                        .WithAuthority($"https://login.microsoftonline.com/{Environment.GetEnvironmentVariable("TenantId")}")
                        .Build();

                    // Acquire an access token
                    var scopes = new[] { Environment.GetEnvironmentVariable("SiteUrl")+ ".default" };
                    var authenticationResult = await clientApplication.AcquireTokenForClient(scopes).ExecuteAsync();
                    var accessToken = authenticationResult.AccessToken;

                    // Set up the SharePoint context
                    var clientContext = new ClientContext(Environment.GetEnvironmentVariable("SiteUrl"));
                    clientContext.ExecutingWebRequest += (sender, e) =>
                    {
                        e.WebRequestExecutor.RequestHeaders["Authorization"] =
                            "Bearer " + accessToken;
                    };
                    clientContext.Load(clientContext.Web);
                    clientContext.ExecuteQuery();

but i am getting this error on var authenticationResult = await clientApplication.AcquireTokenForClient(scopes).ExecuteAsync();

{"AADSTS500011: The resource principal named https://****.sharepoint.com/sites/DocumentManagement was not found in the tenant named ***. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: 99efd092-ee23-4519-9c41-43f2d8db2101\r\nCorrelation ID: f4aa1bb1-2209-4674-a763-652fa123d554\r\nTimestamp: 2023-02-27 14:51:35Z"}

Here is the Azure Active Directory APP i am using, which i configured it to have access to a single site using this powershell command:-

$siteUrl = "https://***.sharepoint.com/sites/DocumentManagement/"

$clientId = "***"

$certThumbprint = "***"

$tenant = "***.onmicrosoft.com"

Connect-PnPOnline -Url $siteUrl -Interactive

$writeperm = Grant-PnPAzureADAppSitePermission -Permissions "Write" -Site $siteUrl -AppId $clientId -DisplayName "FolderStructure"

$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $clientId

Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions "FullControl"

Here is a screen shot of my Azure AD App:-

https://i.stack.imgur.com/UiH5O.png

Any advice on this please? the error is saying that it can not access this site https://***.sharepoint.com/sites/DocumentManagement/ which is a valid site inside my tenant and i have granted the Azure Ad APP full control on it (as shown in the power shell script)

SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,649 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,345 questions
{count} votes