Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

Reply
powerbi_doors
Regular Visitor

401 error for embedded powerbi report app owns data with master account

‎01-27-2025 09:50 PM

Hi,

I am following this link :

https://learn.microsoft.com/en-us/power-bi/developer/embedded/register-app?tabs=customers

to create an embeded report with powerbi. 

I created all of this already, Microsoft Entra tenant and an organizational (master) user, Power BI Pro account

I am using "Embed for your customers" with a master user account. 

I followed the tutorial step by step, also I downloaded the sample code. I give the registered all of the permissions to read write, workspace, dataset, reports, gateway, etc. 

 

Here is part of the code. 

var tokenRequest = new GenerateTokenRequestV2(

reports: new List<GenerateTokenRequestV2Report>() { new GenerateTokenRequestV2Report(reportId) },

datasets: datasetIds.Select(datasetId => new GenerateTokenRequestV2Dataset(datasetId.ToString())).ToList(),

targetWorkspaces: targetWorkspaceId != Guid.Empty ? new List<GenerateTokenRequestV2TargetWorkspace>() { new GenerateTokenRequestV2TargetWorkspace(targetWorkspaceId) } : null
);

// Generate Embed token
var embedToken = pbiClient.EmbedToken.GenerateToken(tokenRequest);
return embedToken;

 

The embedToken throws the exception with Status: Unauthorized (401).

 

Any help will be appreciated!

 

Labels:
Message 1 of 7
675 Views
0
1 ACCEPTED SOLUTION
ibarrau
Super User
Super User
In response to powerbi_doors

‎01-30-2025 04:33 AM

It could be. The docs request using V2 generation. That states: https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token#generatetokenrequestv...

However it doesn't specify if it's a required parameter for the body.

Before changing code, make sure you permission at the app registrarion in azure are ok. You need:

  • Content.Create, required if a target workspace is specified in GenerateTokenRequestV2.
  • Report.ReadWrite.All or Report.Read.All, required if a report is specified in GenerateTokenRequestV2.
  • Report.ReadWrite.All, required if the allowEdit flag is specified for at least one report in GenerateTokenRequestV2.
  • Dataset.ReadWrite.All or Dataset.Read.All

Regards


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

View solution in original post

Message 4 of 7
631 Views
0
6 REPLIES 6
powerbi_doors
Regular Visitor

‎02-02-2025 09:40 PM

Hi ibarrau,

Finally I figured out where I did it wrong. When I registered the app, I did not give the write permission, I thought that I did not need it, read only could work. I also think that I could make the changes from the API permission, but it's different. Thanks for the help!

Regards,

 

Message 7 of 7
601 Views
powerbi_doors
Regular Visitor

‎01-29-2025 09:31 PM

Hi ibarrau,

Thank you for the link. 

Here is the method that I used and it's generated automatically by the Microsoft. I used the master account with username and password. Does it look like I need to add log on identity to it? 

public static async Task<EmbedToken> GetEmbedToken(Guid reportId, IList<Guid> datasetIds, [Optional] Guid targetWorkspaceId)
{
using (var pbiClient = await GetPowerBiClient())
{
// Create a request for getting Embed token
// This method works only with new Power BI V2 workspace experience
var tokenRequest = new GenerateTokenRequestV2(

reports: new List<GenerateTokenRequestV2Report>() { new GenerateTokenRequestV2Report(reportId) },

datasets: datasetIds.Select(datasetId => new GenerateTokenRequestV2Dataset(datasetId.ToString())).ToList(),

targetWorkspaces: targetWorkspaceId != Guid.Empty ? new List<GenerateTokenRequestV2TargetWorkspace>() { new GenerateTokenRequestV2TargetWorkspace(targetWorkspaceId) } : null
);

// Generate Embed token
var embedToken = pbiClient.EmbedToken.GenerateToken(tokenRequest);
return embedToken;


}
}

 

 

Message 3 of 7
639 Views
0
ibarrau
Super User
Super User
In response to powerbi_doors

‎01-30-2025 04:33 AM

It could be. The docs request using V2 generation. That states: https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token#generatetokenrequestv...

However it doesn't specify if it's a required parameter for the body.

Before changing code, make sure you permission at the app registrarion in azure are ok. You need:

  • Content.Create, required if a target workspace is specified in GenerateTokenRequestV2.
  • Report.ReadWrite.All or Report.Read.All, required if a report is specified in GenerateTokenRequestV2.
  • Report.ReadWrite.All, required if the allowEdit flag is specified for at least one report in GenerateTokenRequestV2.
  • Dataset.ReadWrite.All or Dataset.Read.All

Regards


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 4 of 7
632 Views
0
powerbi_doors
Regular Visitor
In response to ibarrau

‎02-02-2025 06:11 PM

Hi ibarrau,

I think I found the problem, I am using the username password for a quick test. But the user is the powerbiAdmin already, I am not sure why that user does not have the write permission. How do I give that user write permission? 

 

powerbi_doors_0-1738548651875.png

 

Regards,

Message 6 of 7
607 Views
0
powerbi_doors
Regular Visitor
In response to ibarrau

‎02-02-2025 03:05 PM

Hi ibarrau,

I gave all of the permissions already. But it still did not work. 

 

powerbi_doors_0-1738537429126.png

I was able to get the accessToken, but not the embeded token. 

public static async Task<string> GetAccessToken()
{
AuthenticationResult authenticationResult = null;
if (ConfigValidatorService.AuthenticationType.Equals("masteruser", StringComparison.InvariantCultureIgnoreCase))
{
IPublicClientApplication clientApp = PublicClientApplicationBuilder
.Create(ConfigValidatorService.ApplicationId)
.WithAuthority(m_authorityUrl)
.Build();
var userAccounts = await clientApp.GetAccountsAsync();

try
{
authenticationResult = await clientApp.AcquireTokenSilent(m_scope, userAccounts.FirstOrDefault()).ExecuteAsync();
}
catch (MsalUiRequiredException)
{
SecureString secureStringPassword = new SecureString();
foreach (var key in ConfigValidatorService.Password)
{
secureStringPassword.AppendChar(key);
}
authenticationResult = await clientApp.AcquireTokenByUsernamePassword(m_scope, ConfigValidatorService.Username, secureStringPassword).ExecuteAsync();
}
}

// Service Principal auth is recommended by Microsoft to achieve App Owns Data Power BI embedding
else if (ConfigValidatorService.AuthenticationType.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase))
{
// For app only authentication, we need the specific tenant id in the authority url
var tenantSpecificURL = m_authorityUrl.Replace("organizations", ConfigValidatorService.Tenant);

IConfidentialClientApplication clientApp = ConfidentialClientApplicationBuilder
.Create(ConfigValidatorService.ApplicationId)
.WithClientSecret(ConfigValidatorService.ApplicationSecret)
.WithAuthority(tenantSpecificURL)
.Build();

authenticationResult = await clientApp.AcquireTokenForClient(m_scope).ExecuteAsync();
}

return authenticationResult.AccessToken;
}

 

Regards,

 

Message 5 of 7
617 Views
0
ibarrau
Super User
Super User

‎01-29-2025 11:07 AM

Hi. Make sure the prerequisites, considerations, permission and limitations of the request are not broken in this case.

https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 2 of 7
657 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All