Resource not found for the segment 'me'

Asked 28/4, 2017 at 2:11 Answered 4/1, 2020 at 13:2

i'm using Graph API to retrieve profile information of user who's currently logged in from the Azure AD, unfortunately i'm receiving the following error message : {"odata.error":{"code":"Request_ResourceNotFound","message":{"lang":"en","value":"Resource not found for the segment 'me'."}}}

Below is my code :

Uri serviceRoot = new Uri(serviceRootURL);
ActiveDirectoryClient adClient = new ActiveDirectoryClient(
                serviceRoot,
                async () => await GetAppTokenAsync());

var user = (User)await adClient.Me
            .Expand(x => x.Manager)
            .ExecuteAsync();

And below is my code for GetAppTokenAsync() :

private static async Task<string> GetAppTokenAsync()
        {
            // Instantiate an AuthenticationContext for my directory (see authString above).
            AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);

            // Create a ClientCredential that will be used for authentication.
            // This is where the Client ID and Key/Secret from the Azure Management Portal is used.
            ClientCredential clientCred = new ClientCredential(clientID, clientSecret);

            // Acquire an access token from Azure AD to access the Azure AD Graph (the resource)
            // using the Client ID and Key/Secret as credentials.
            AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(resAzureGraphAPI, clientCred);

            // Return the access token.            
            return authenticationResult.AccessToken;
        }

Noncombatant answered 28/4, 2017 at 2:11 Comment(0)

From your code "await GetAppTokenAsync()" , you are getting an app-only token , which using application identity, instead of as a user's identity . The "(User)await adClient.Me" won't work if that token is not associated with a user .

To use app token to get user manager information ,you need to specify the user you want to query , code below is for your reference :

            try
            {
                User manager = (User)await adClient.Users.GetByObjectId("5eba8883-c258-45d0-8add-a286a1ec1e91").Manager.ExecuteAsync();
            }
            catch (Exception ex)
            {

                throw;
            }

Update

You could use authorization code flow for delegated permissions(user's identity) . If you want a client library code sample , you could refer to this code sample . After user sign in , you could use below code to get manager of current login user :

            ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient();
            User manager = (User)await client.Me.Manager.ExecuteAsync();

Bots answered 28/4, 2017 at 2:35 Comment(7)

Thank you for your info, but unfortunately i've tried Googling and unable to find a clear answer on how I can get a User Identity token instead of an app token. Can you give me some suggestions ? I've edited my question above to include the code i'm using for GetAppTokenAsync(). TQ :) – Noncombatant 28/4, 2017 at 4:42

I tried the above suggestion, but it requires admin privileges to run. I've currently only assigned the "Sign in and read user profile" authorization to the app, as I only need to read the current logged-in user's profile information. – Noncombatant 28/4, 2017 at 4:57

@DurairajVeeraSinnaiah ,please refer to my updated answer . – Bots 28/4, 2017 at 5:5

@DurairajVeeraSinnaiah , any update ? Please feel free to let me know if you have any problem to make the code sample work . – Bots 1/5, 2017 at 2:59

Hi, sorry for the late reply. I still got the same error message : {"odata.error":{"code":"Request_ResourceNotFound","message":{"lang":"en","value":"Resource not found for the segment 'me'."}}} I'm suspecting it could be due to the authorization given to the App registered in Azure AD, which is currently only give the following authorization : "Sign in and read user profile" I thought this permission should be sufficient for a user to get his/her own AD info, but seems not to be the case. Could this be a reason ? – Noncombatant 3/5, 2017 at 4:46

I have anyway requested the Admin to add the "Read directory data" permission to this app, and waiting to see if that makes any difference. – Noncombatant 3/5, 2017 at 4:48

so now you are using app identity or user identity? – Bots 3/5, 2017 at 4:52

I used an application identity with the legacy Azure Active Directory api and the 'Application.ReadWrite.OwnedBy' permission to work around the Resource not found for the segment 'me' error. The same permission exists in the Microsoft Graph api, but the behavior is not identical. More information here.

Preordain answered 4/1, 2020 at 13:2 Comment(0)

Recommended topics

Hot tags