0

Im trying to set label using MIP SDK. However while executing AddEngineAsync, I am getting access denied error. I am able to get access token from AAD APP. Any help would be great.

Code:

var engine = Task.Run(async () => await profile.AddEngineAsync(engineSettings)).Result;

Error:

Unhandled Exception: System.AggregateException: One or more errors occurred. ---> Microsoft.InformationProtection.Exceptions.AccessDeniedException: The service didn't accept the auth token. Challenge:['']
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at MipSdkDotNetQuickstart.Action.<>c__DisplayClass10_0.<<CreateFileEngine>b__0>d.MoveNext() in C:\Users\wb561362\Mip_ServicePrincipalAuth\mip-sdk-dotnet-file-SPA\Action.cs:line 178
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at MipSdkDotNetQuickstart.Action.CreateFileEngine(Identity identity) in C:\Users\wb561362\Mip_ServicePrincipalAuth\mip-sdk-dotnet-file-SPA\Action.cs:line 178
   at MipSdkDotNetQuickstart.Action..ctor(ApplicationInfo appInfo) in C:\Users\wb561362\Mip_ServicePrincipalAuth\mip-sdk-dotnet-file-SPA\Action.cs:line 113
   at MipSdkDotNetQuickstart.Program.Main(String[] args)

Following is the access we have enter image description here

Improve this question

1 Answer 1

Reset to default
1

You should validate you're getting a token for the correct resource. Typically, we see this error when people have hard coded or improperly handled the auth challenge in their auth delegate implementation.

Be sure that you're not hard coding the resource and that you're passing the resource provided as a parameter to AcquireToken() to your MSAL or ADAL implementation.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks Tom I am not hard coding resource. May I know what are the base permissions required to read labels using MIP SDK? I'm not tenant admin or having any edit access on azure.
The API permissions are described here. You must have an application registered that has UnifiedPolicy.User.Read. learn.microsoft.com/en-us/information-protection/develop/…
Thanks Tom, it was native client redirect URI not configured correctly. Works now.
Thanks Tom. 'UnifiedPolicy.User.Read' is required if you are using delegated permissions. 'UnifiedPolicy.Tenant.Read' permission worked for me because I was using application permissions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.