Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,521 questions
Create new app role in B2C via Microsoft Graph
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 5%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHT%3C/text%3E%3C/svg%3E)
Heather Turner
66
Reputation points
Hello, Im trying to create a new app role using Microsoft Graph via B2C. Is this possible using graph or only approleassignments with already existing app roles? Here is a code snippet that I am using:
var application = new Application
{
DisplayName = "HeathersTestApp022321c",
Description ="HeatherDescription"
};
await _graphServiceClient.Applications
.Request()
.AddAsync(application);
var appRole = new AppRole()
{
Id = Guid.NewGuid(),
DisplayName = "MyAppRole",
IsEnabled = true,
Description = "MyAppRoleDescription",
AllowedMemberTypes = new List<string>() { "User", "Application" }
};
application.AppRoles = new List<AppRole>() { appRole };
await _graphServiceClient.Applications[http://application.Id]
.Request()
.UpdateAsync(application);
Im getting the following error on the last line when calling UpdateAsync on the application: Specified HTTP method is not allowed for the request targetenter code here
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 32%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jitendra Rai 231 Reputation points2021-02-25T06:18:30.773+00:00 Thanks @Heather and could you please verify the permission of the registered application such as Application.ReadWrite.All, Directory.ReadWrite.All and AppRoleAssignment.ReadWrite.All.
Please share the fiddle trace graph api requested with correlation or request id with timestamp to investigate more.
-
Heather Turner 66 Reputation points
2021-02-25T13:39:13.023+00:00 
Screenshot of the permissions
-
Heather Turner 66 Reputation points
2021-02-25T16:02:14.607+00:00 Will the requestId/clientrequestid get you what you need:
"Code: Request_BadRequest\r\nMessage: Specified HTTP method is not allowed for the request target.\r\nInner error:\r\n\tAdditionalData:\r\n\tdate: 2021-02-25T15:57:32\r\n\trequest-id: 184acbfd-c9b7-4832-afcd-bbeb075b34a7\r\n\tclient-request-id: 184acbfd-c9b7-4832-afcd-bbeb075b34a7\r\nClientRequestId: 184acbfd-c9b7-4832-afcd-bbeb075b34a7\r\n"
-
Heather Turner 66 Reputation points
2021-02-25T16:38:36.117+00:00 Sorry that requestid was for beta, as I was testing both.
Here is the correct one:
{"Code: Request_BadRequest\r\nMessage: Specified HTTP method is not allowed for the request target.\r\nInner error:\r\n\tAdditionalData:\r\n\tdate: 2021-02-25T16:37:14\r\n\trequest-id: 509e1a47-44bf-46d1-82ec-6ba8535d8989\r\n\tclient-request-id: 509e1a47-44bf-46d1-82ec-6ba8535d8989\r\nClientRequestId: 509e1a47-44bf-46d1-82ec-6ba8535d8989\r\n"} -
JamesTran-MSFT 36,361 Reputation points Microsoft Employee2021-03-01T23:14:14.813+00:00 @Heather Turner
Thank you for your time and patience throughout this issue!I've reached out to our engineering team and @Jitendra Rai regarding this issue to see if we can provide any more insights on the error message you're receiving.
In the meantime, if you'd like to work closer with our support engineering team to get this issue resolved, please let me know.
Thank you again! -
Jitendra Rai 231 Reputation points
2021-03-02T05:15:18.747+00:00 Thanks @Heather Turner for the information provided for the request id and timestamp. I investigated and the http response code is 405 and it is the not supported on Azure B2C tenant. Could you please refer the required design scenarios mentioned in the document . However the permission looks good .
- https://learn.microsoft.com/en-us/graph/api/resources/approle?view=graph-rest-1.0
- https://learn.microsoft.com/en-us/graph/api/resources/approleassignment?view=graph-rest-1.0
Could you please verify:- allowedMemberTypes - The "Application" value is only supported for app roles defined on application entities.
-
Heather Turner 66 Reputation points
2021-03-02T14:06:04.687+00:00 Thanks for your response @Jitendra Rai . Are you saying that for Azure B2C it is not supported to add a new app role for an application or that the AllowedMemberTypes is wrong? I am adding this on an application object, so having Application as the AllowedMembersTypes I think supports your response. If its the first (adding an application role not supported in B2C on the application obj), is there any other way programmatically we can create a new app role via Graph in B2C?
-
Jitendra Rai 231 Reputation points
2021-03-03T07:04:18.823+00:00 Thanks HeatherTurner-8540 and could you please follow this document for more information on Azure B2C with App Roles. There is workaround mentioned way to create approles programmatically.
https://learn.microsoft.com/en-us/answers/questions/229991/index.html.
As AppRole UI is in preview mode in the Azure Portal and there is more information mentioned in the document such as using App Manifest editor.
Azure B2C portal UI need to update as Azure Portal UI for App roles.
Sign in to comment