Friday 11 February 2022

AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

 How to Get Access Token from Postman when you have an MFA enabled in the AD


First, Let's learn how to get an access token if MFA is not enabled.
To get the token you need to pass the below parameters.

  • grant_type (password - hard code)
  • client_id
  • client_secret
  • scope (user.read)
  • username (AD username)
  • password (AD password)


For TenantId, ClientId and Client_Secret. You can log in to the Azure portal and then the Azure active directory --> App Registrations --> Check your app registration or add new registration.




















Once you call this method, you will get the access token.


Note: If MFA is enabled then you will get the below error.


















To solve this issue, you need to do the below steps.


Step 1: You need to open the URL in the browser mentioned below. Make sure to add your tenantId, clientId, and redirect URL. Redirect URL, you can set any value in the redirect URL in App Registration of Azure Portal and pass the same redirect URL here.


https://login.microsoftonline.com/{{tenantId}}/oauth2/v2.0/authorize?
client_id={{clientId}}
&response_type=code
&redirect_uri=https://localhost:44321/
&response_mode=query
&scope=https://graph.microsoft.com/User.Read
&state=12345







The below snapshot is just to explain to you that you can get a set redirect URL in App Registration.














Step 2: Copy the URL and paste it into the notepad. You will see this URL has 3 parameters 
  • Code
  • State
  • Session_state

Copy only the code part.


https://localhost:44321/?code=0.AUUAV8CEcnhAcEGSwBvLEcVSaUBShxdFPBtDqBWzMDbIrtRFAH4.AQABAAIAAAD--DLA3VO7QrddgJg7WevrOJWL51jAIIL76f1jPOMwfGpCGDOkHmxnYhixC2A4SFRJE5cf_AOpaELqjrxJA-MbPvCIBDfWLZtjo2zVw2AQ2CfagTN2gMsErjuSsTzsFNwg7AGEMBZ1D_hpekpVjwS7OpliDUAL1iS4fiUq0iWWbDZNohQFFtQbgmKLh-EKCuyFRyqMSiZZPOW20S6J-6r6TCB-SPMEG7RrlsWaXMxLuSJpripTV9_4FlXJg0oZmvogiGmuVQ9U1ckhTsMZmFps4F-3PNxEZRXAvLFEbDQPP5KnB8zGKGB_px5B5m1NTDkKhck9-WW0yTVeJiuyTmbtofvu1exYQLJv8we6F11rUaEG6ogtW6qAZQbOElIrtNQ_aYQ5Gkd9KUnJNFOFGmtEsVXAhxVfFZ6uFLio6TzjcDm12u_CUNeewDCrR5QuOK1JrDeq2yjHx3lD-h0SMAFD6CG5K6vqpwgv7MqVPONJas09AvD3rQpoFgpGuSF997NJiCguYPkXpW6fYYH9-1aJE9Qob3GGzlcSCTO0OBseN95oprKTT4246scT-_VsOXMca36bgPOsNDPMRfxTy9nSZaZmugJDxlijfKEUXcYbFtUZjKD2Cz3OQC1rGJF03db7cOdYuRGCSTy-C28CnYikIAA&state=12345&session_state=9e429398-8f47-4210-a2b4-72866178d144#


Step 3: Call the endpoint again in the postman. This time parameters are different. We need to pass below 5 parameters. Code parameter is where we need to paste that code.

  • grant_type (authorization_code - hard code)
  • client_id
  • client_secret
  • code (authorization code that you recently get from the browser)
  • redirect_uri (same that you passed in the above parameter)















Once you will send the request, you can see you have an access token.
























Now you have your access token. I hope you like the article. Thank you.

at No comments:
Subscribe to: Posts (Atom)

How to find the reason of HTTP Error 500.30 - ASP.NET Core app failed to start in Azure App Service

HTTP Error 500.30 - The ASP.NET Core app failed to start If your web app is throwing an error HTTP error 500.30 then how to find the root ca...