Share via

C# GraphAPI, how to use delegated permissions

MatthewCameron-5322 51 Reputation points
2022-07-20T05:36:58.75+00:00

Hi,

Since there are some Group properties (AutoSubscribeNewMembers, HideFromAddressLists, HideFromOutlookClients) that can only be updated with delegated permissions and not application permissions. So i've been trying to get it to work with using OnBehalfOfCredential.

I'm still getting the "The request is currently not supported on the targeted entity set" error.

I've got delegated API permissions, a scope for my application and it's getting the token fine with the application being consented for the user.
Any thoughts would be helpful, I might be missing something!

Example code: 

   var scopes = new[] { "api://(code)/access-as-user", "https://graph.microsoft.com/Group.ReadWrite.All" };  
   var graphScopes = new[] { "https://graph.microsoft.com/.default" };  
     
   var tenantId = "(tenant id here)";  
   var clientId = "(client id)";  
   var clientSecret = "(client secret)";  
     
   var app = PublicClientApplicationBuilder.Create(clientId)  
   	.WithTenantId(tenantId)  
   	.Build();  
     
   var userToken = app.AcquireTokenByUsernamePassword(scopes, "username", new System.Net.NetworkCredential("", "password").SecurePassword)  
   					.ExecuteAsync()  
   					.Result;  
     
   var credential = new OnBehalfOfCredential(tenantId, clientId, clientSecret, userToken.AccessToken);  
     
     
   var graphClient = new GraphServiceClient(credential, graphScopes);  
     
   var groupId = "(groupId here)";  
     
   var update = new Group  
   {  
   	Id = groupId,  
   	AutoSubscribeNewMembers = true,  
   };  
     
   graphClient.Groups[groupId].Request().UpdateAsync(update).Wait();
Microsoft Security Microsoft Graph
Developer technologies C#
0 comments
Accepted answer
  1. CarlZhao-MSFT 46,371 Reputation points
    2022-07-20T06:47:40.49+00:00

    Hi anonymous user

    Combined with your context, I suggest you use ROPC flow to get access token and update group. Refer to the complete code: 

    using Azure.Identity;  
using Microsoft.Graph;  
  
  
var scopes = new[] { "Group.ReadWrite.All" };  
  
// Multi-tenant apps can use "common",  
// single-tenant apps must use the tenant ID from the Azure portal  
var tenantId = "tenant id";  
  
// Value from app registration  
var clientId = "client id";  
  
  
// using Azure.Identity;  
var options = new TokenCredentialOptions  
{  
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud  
};  
  
var userName = "user name";  
var password = "password";  
  
// https://learn.microsoft.com/dotnet/api/azure.identity.usernamepasswordcredential  
var userNamePasswordCredential = new UsernamePasswordCredential(  
    userName, password, tenantId, clientId, options);  
  
var graphClient = new GraphServiceClient(userNamePasswordCredential, scopes);  
  
var group = new Group  
{  
    AutoSubscribeNewMembers = true  
};  
  
await graphClient.Groups["group id"]  
    .Request()  
    .UpdateAsync(group);

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    1 deleted comment

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.