Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Learn from the best! Meet the four finalists headed to the FINALS of the Power BI Dataviz World Championships! Register now

Reply
syedaliammar
Frequent Visitor

403 Forbidden error when creating Dataset using REST API

‎08-23-2016 04:50 AM

Hi,

I have an ASP.NET web app that would push data to a PowerBI real-time dashboard. Following the steps of "Push data into dashboard", I registered my web-app and got a client id and secret.

The following code gets me the token:

AuthenticationContext authContext = new AuthenticationContext(authorityUri);
ClientCredential cc = new ClientCredential(clientID, clientSecret);
Task<AuthenticationResult> task = authContext.AcquireTokenAsync(resourceUri, cc);
AuthenticationResult ar = task.Result;
string token = ar.AccessToken;

I use this since I do not want an interactive logon. The web-app will just keep pushing data to the dashboard every time it has something new. The token is successfully received and is then used to create a dataset.

 

The server responds with a 403 Forbidden error message. The only reason that comes to my mind is that it might be because I have two Active Directories. My web-app is in AAD 1 (the corporate AAD) while the dev.powerbi.com/apps page registers the application to AAD 2.

I unfortunately do not have access to add applications to AAD1 and hence must wait for the admin to respond.

 

My question: Have I correctly identified the root cause of the problem or is it something else that I might have completely left out?

Labels:
Message 1 of 3
1,812 Views
0
2 REPLIES 2
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎08-24-2016 02:14 AM

@syedaliammar

 

@syedaliammar wrote:

Hi,

I have an ASP.NET web app that would push data to a PowerBI real-time dashboard. Following the steps of "Push data into dashboard", I registered my web-app and got a client id and secret.

The following code gets me the token:

AuthenticationContext authContext = new AuthenticationContext(authorityUri);
ClientCredential cc = new ClientCredential(clientID, clientSecret);
Task<AuthenticationResult> task = authContext.AcquireTokenAsync(resourceUri, cc);
AuthenticationResult ar = task.Result;
string token = ar.AccessToken;

I use this since I do not want an interactive logon. The web-app will just keep pushing data to the dashboard every time it has something new. The token is successfully received and is then used to create a dataset.

 

The server responds with a 403 Forbidden error message. The only reason that comes to my mind is that it might be because I have two Active Directories. My web-app is in AAD 1 (the corporate AAD) while the dev.powerbi.com/apps page registers the application to AAD 2.

I unfortunately do not have access to add applications to AAD1 and hence must wait for the admin to respond.

 

My question: Have I correctly identified the root cause of the problem or is it something else that I might have completely left out?

@syedaliammar

 

I got confused by the bold part, isn't the web-app regisitered  on the dev.powerbi.com/apps? if the same thing, how come two AAD invloved in this case?

Message 2 of 3
1,781 Views
0
syedaliammar
Frequent Visitor
In response to Eric_Zhang

‎08-24-2016 08:24 AM

@Eric_Zhang Honestly, I am also a bit confused here. Let me try to provide you further details that might help you identify the problem.

I have a corporate Azure account (ending with "...onmicrosoft.com") that I use for PowerBI as well as the Azure Portal. The portal shows me two directories when I login, AD1 and AD2.

 

All work is done in the company's globally managed Azure AD1 and this is where the web-app also exists. Following the steps, I then added this web-app to the Azure AD by going to https://dev.powerbi.com/apps, logging in with my onmicrosoft.com account, filling the details in and clicking on the "Register App" button.

 

However, this registers the web-app in AD2. My concerns here:

  1. Is it because AD1 is managed by global admins and I don't have permissions to add apps to it?
  2. I can see it listed in the list of applications under AD2. How did it choose AD2 and not AD1 when I clicked the Register App button?

Moving on, I attempted to create the dataset using the snippet provided here with the token received and failed by getting the 403 Forbidden error response.

 

If I Create a dataset using Apiary, it is created without any problems which is again confusing to me. Do I need to authenticate the web-app first and then use the following?

AuthenticationResult AR = AC.AcquireTokenByAuthorizationCode(code, new Uri(redirectUri), cc);

I'd really appreciate any help you could provide. 

Message 3 of 3
1,773 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

February Power BI Update Carousel

Power BI Monthly Update - February 2026

Check out the February 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All