Share via

VssUnauthorisedException using Azure Devops REST API with VssAadCredentials generated with Access Token from MSAL

Joseph Ward 5 Reputation points
2023-12-08T16:52:08.6633333+00:00

I am migrating an application to .Net Core from .Net Framework and replacing the VSS Windows authentication it used to access Azure Devops REST API's with MSAL since the VSS Windows authentication no longer works in .Net core.

After some faffing in MS Azure, I am now being returned an Access Token after an interactive login prompt, however when I use when generating a VssConnection:

new VssConnection("https://dev.azure.com/[ORGANISATION]", new VssAadCredential(new VssAadToken(authResult.TokenType, authResult.AccessToken))));

And then try to use the connection:

connection.GetClient<GitHttpClient>();

I get a VssUnauthorisedException with no further detail.

I have no idea what I need to do to get access to this, I can't see any useful service connection types to add to Azure Devops. It still works in .Net Framework but we would prefer to be able to upgrade to .Net Core

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
Developer technologies | C#
Developer technologies | C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Joseph Ward 5 Reputation points
    2023-12-08T17:58:34.3633333+00:00

    Turns out the scope for azure devops user impersonation that azure portal gave us was wrong, reverting to the one from this example https://github.com/microsoft/azure-devops-auth-samples/blob/master/ManagedClientConsoleAppSample/Program.cs started working.

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.