Microsoft Graph client error : Authentication challenge is required error

ajit goel 1 Reputation point
2021-04-11T22:48:43.043+00:00

Tagging @AmanpreetSingh-MSFT for help.

I am working on a Blazor server side .Net 5.0 application that allows a user to delete a user from Azure AD B2C after he has logged in. I am using the information contained in this article. I am getting a Message: Authentication challenge is required. error.

What could I be missing?

Code to delete user using Azure AD B2C:

using Microsoft.Graph;  
using Microsoft.Graph.Auth;  
using Microsoft.Identity.Client;  
public async Task DeleteUser(string id)  
  
        {  
            var confidentialClientApplication = ConfidentialClientApplicationBuilder  
                .Create(this.azureADB2C.ClientId)  
                .WithRedirectUri(this.azureADB2C.RedirectUri)  
                .WithClientSecret(this.azureADB2C.ClientSecret)  
                .Build();  
            var authorizationCodeProvider = new AuthorizationCodeProvider(confidentialClientApplication);  
            var graphClient = new GraphServiceClient( authorizationCodeProvider );  
            await graphClient.Users[id].Request().DeleteAsync();  
        }  

AppSettings.json:

"AzureADB2C": {  
    "Instance": "https://InstaTranscribe.b2clogin.com/",  
    "Domain": "InstaTranscribe.onmicrosoft.com",  
    "ClientId": "<ClientId>",  
    "SignUpSignInPolicyId": "B2C_1_SignUpSignInUserFlow",  
    "ResetPasswordPolicyId": "B2C_1_PasswordResetUserFlow",  
    "EditProfilePolicyId": "B2C_1_ProfileEditingUserFlow",  
    "CallbackPath": "/signin-oidc",  
    "RedirectUri": "http://localhost:20000/signin-oidc",  
    "ClientSecret": "<ClientSecret>"  
  },   

Platform Configuration:

86633-5x86v.png

API Permissions

86560-sb2zm.png

Exception Stack:

Status Code: 0  
Microsoft.Graph.ServiceException: Code: generalException  
Message: An error occurred sending the request.  
  
 ---> Microsoft.Graph.Auth.AuthenticationException: Code: authenticationChallengeRequired  
Message: Authentication challenge is required.  
  
   at Microsoft.Graph.Auth.AuthorizationCodeProvider.AuthenticateRequestAsync(HttpRequestMessage httpRequestMessage)  
   at Microsoft.Graph.AuthenticationHandler.SendAsync(HttpRequestMessage httpRequestMessage, CancellationToken cancellationToken)  
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)  
   at Microsoft.Graph.HttpProvider.SendRequestAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)  
   --- End of inner exception stack trace ---  
   at Microsoft.Graph.HttpProvider.SendRequestAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)  
   at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)  
   at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)  
   at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)  
   at Microsoft.Graph.UserRequest.DeleteAsync(CancellationToken cancellationToken)  
   at Services.SecurityService.DeleteUser(String id) in C:\temp\InstaTranscribeServerSide\Services\SecurityService.cs:line 109  
   at InstaTranscribeServerSide.Pages.DeleteAccountComponent.EditForm_OnValidSubmit() in C:\temp\InstaTranscribeServerSide\server\Pages\DeleteAccount.razor.designer.cs:line 62  
Azure Active Directory External Identities
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,675 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Nandeesh Swami-MSFT 1 Reputation point
    2021-04-21T17:21:41.457+00:00

    Hi,

    Looking at your description, you need ClientCredentialProvider not AuthorizationCodeProvider. Couple of points to verify is Admin Consent and Application Permission in App Registration.
    Let me know if you have any further queries.

    No comments