We are currently developing a user provisioning service for Azure Directory Services using the Azure Graph API.
As part of the service, we need to be able to delete users, much the same way as you would through the web interface.
In order to delete a user, we are first attempting to retrieve them via UPN using the API, then we are calling the GraphConnection.Delete method passing in the User we have just retrieved.
The problem we are having is the GraphConnection.Delete method is throwing an AuthorizationException"Insufficient privileges to complete the operation."
The application we are developing has been added to Azure Services as a 'Web Application'.
I have checked the Application Permissions in the Azure management interface and ensured that ALL permissions have been assigned - these are as follows:
- Delegated Permissions (4): Access your organization's directory (preview), Read and write directory data, Read directory data, Enable sign-on and read user's profiles
- Application Permissions (2): Read and write directory data, Read directory data
The following is an extract of the code we are running:
var clientRequestId = Guid.NewGuid();
var graphSettings = new GraphSettings { ApiVersion = GraphApiVersion, GraphDomainName = GraphDomainName };
var authenticationContext = new AuthenticationContext(AuthString, false);
authResult = authenticationContext.AcquireToken(GraphResourceName, ClientCredential);
token = authResult.AccessToken;
var graphConnection = new GraphConnection(token, clientRequestId, graphSettings);
graphConnection.Delete(User);
Does anyone have any ideas?