topic Re: PowerBI API in WebAPI - How to call from UI with token in Developer

PowerBI API in WebAPI - How to call from UI with token

PowerBourn — Thu, 16 Jan 2025 00:52:02 GMT

Scenario: ASP.net MVC Application which is authenticated using Azure AD will call ASP.net WebAPI. WebAPI is calling PowerBI Service to return list of report or Embedded report.

In this case how do get access token? Does this suppose to come from front-end UI?

I am getting below error

"message":"Operation returned an invalid status code 'Forbidden'"

This is what I have in WebAPI. If token needs to passed from UI, please suggest me how?

public static async Task<string> GetAccessTokenAsync(string tenantId, string clientId, string clientSecret, string resourceUri) { // Construct the authority URL string authority = $"https://login.microsoftonline.com/{tenantId}"; // Create a confidential client application var app = ConfidentialClientApplicationBuilder.Create(clientId) .WithClientSecret(clientSecret) .WithAuthority(new Uri(authority)) .Build(); // Define the scope (resource URI with /.default at the end) string[] scopes = new string[] { $"https://analysis.windows.net/powerbi/api/.default" }; // Acquire the token var authResult = await app.AcquireTokenForClient(scopes).ExecuteAsync(); return authResult.AccessToken; } private static PowerBIClient GetPowerBiClientSun(string token) { var tokenCredentials = new TokenCredentials(token, "Bearer"); return new PowerBIClient(new Uri("https://api.powerbi.com/"), tokenCredentials); } public async Task<bool> GetReportEmbeddingData(string token) { PowerBIClient pbiClient = GetPowerBiClientSun(token); var apps = await pbiClient.Apps.GetAppsAsync(); var report = await pbiClient.Reports.GetReportInGroupAsync(new Guid("111111-222-333-44-5555"), new Guid("aaaa-bbb-ccc-ddd-eeeeee")); var embedUrl = report.EmbedUrl; var reportName = report.Name; GenerateTokenRequest generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view"); string embedToken = (await pbiClient.Reports.GenerateTokenInGroupAsync(new Guid("111111-222-333-44-5555"), report.Id, generateTokenRequestParameters)).Token; return true; }

Re: PowerBI API in WebAPI - How to call from UI with token

PowerBourn — Thu, 16 Jan 2025 16:42:30 GMT

Morning Community. Any one has comments on this?

Re: PowerBI API in WebAPI - How to call from UI with token

Anonymous — Fri, 17 Jan 2025 05:29:18 GMT

Hi, @PowerBourn
Thanks for reaching out to the Microsoft fabric community forum.

You can use the OAuth 2.0 Authorization Code Flow to obtain an access token. After the user logs in and grants authorization, Azure AD will return an authorization code. The front end uses this authorization code to request an access token from Azure AD:

1. Application registration details:

const clientCredentials = { client_id: "awesome_app_72910", client_secret: "8a7b4c2e9f3d6h5j8k1m", redirect_uri: "https://myawesomeapp.com/redirect", scope: "product.model.read" };

2.Construct the authorization request:

class AuthorizationManager { constructor(credentials) { this.credentials = credentials; this.authEndpoint = 'https://auth.example.com/oauth/authorize'; } generateAuthUrl() { const state = crypto.randomBytes(16).toString('hex'); const params = new URLSearchParams({ response_type: 'code', client_id: this.credentials.client_id, redirect_uri: this.credentials.redirect_uri, scope: this.credentials.scope, state: state }); return `${this.authEndpoint}?${params.toString()}`; } }

3.Handle the authorization callback:

pp.get('/redirect', async (req, res) => { try { // Validate the state parameter to prevent CSRF attacks if (req.query.state !== req.session.oauthState) { throw new Error('State parameter mismatch, potential CSRF attack'); } // Exchange the authorization code for an access token const tokenResponse = await fetch('https://auth.example.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic ' + Buffer.from( `${clientCredentials.client_id}:${clientCredentials.client_secret}` ).toString('base64') }, body: new URLSearchParams({ grant_type: 'authorization_code', code: req.query.code, redirect_uri: clientCredentials.redirect_uri }) }); const tokens = await tokenResponse.json(); // Save the tokens await sessionManager.saveAuthTokens(req.session, tokens); // Redirect to the original page res.redirect(req.session.returnTo || '/'); } catch (error) { console.error('Failed to handle authorization callback:', error); res.redirect('/error'); } });

Additionally, you may need to pay attention to token lifecycle management. Here are some relevant documentation screenshots that might be helpful to you:

Access tokens in the Microsoft identity platform - Microsoft identity platform | Microsoft Learn
Of course, if you have any new discoveries or questions, please feel free to get in touch with us.

Best Regards,

Leroy Lu

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.