Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Visitor 1

Microsoft.Store.PartnerCenter.Exceptions:Unauthorized access

We are continue developing the solution for CSP program with new mandatory security requirements. And faced with this issue:

1 step. We call these methods for authorizing:

IPartnerCredentials partnerCredentials = PartnerCredentials.Instance.GenerateByApplicationCredentials(applicationId, appSecret, domainPrefix);

IAggregatePartner partnerOperations = PartnerService.Instance.CreatePartnerOperations(partnerCredentials);

After that we try to get data about subscription by using the call:

var result = partnerOperations.Customers.ById(pcCustomerId).Subscriptions.ById(pcSubscriptionId).Get()

Но получаем исключение "Unauthorized access":


        "ErrorCategory": 2,

        "ServiceErrorCode": null,

        "PartnerContext": {

                "RequestId": "9e51c710-bd00-4841-a9f5-a8b731227b56",

                "CorrelationId": "da0e8da4-b90b-42bf-b387-6ddf8588f8d3",

                "Locale": "en-US"


        "ClassName": "Microsoft.Store.PartnerCenter.Exceptions.PartnerException",

        "Message": "Unauthorized access",

        "Data": null,

        "InnerException": null,

        "HelpURL": null,

        "StackTraceString": "   in Microsoft.Store.PartnerCenter.PartnerService.SynchronousExecute[T](Func`1 operation)

                                in Microsoft.Store.PartnerCenter.Subscriptions.SubscriptionOperations.Get()

        "RemoteStackTraceString": null,

        "RemoteStackIndex": 0,

        "ExceptionMethod": "8\nSynchronousExecute\nMicrosoft.Store.PartnerCenter, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35\nMicrosoft.Store.PartnerCenter.PartnerService\nT SynchronousExecute[T](System.Func`1[System.Threading.Tasks.Task`1[T]])",

        "HResult": -2146233088,

        "Source": "Microsoft.Store.PartnerCenter",

        "WatsonBuckets": null


In the attach full text of requests and answers which we send and get, trying to ask information about subscriptions quantity for Russian (test) and Kirgizstan (prod)  subscriptions.

These screenshots from  https://portal.azure.com -> Azure Active Directory -> "Registered applications" you can see our detailed info about MFA accounts.



Hi @AlexeySolovyev

Based on the code snippets you shared you are using app only authentication. This type of authentication is not impacted by the new security changes. With this type of authentication you will receive a HTTP 401 error if the application in question is not registered in Partner Center as well. So, I would recommend verifying that the application is register in the App management section of Partner Center. 

Certian operations within the Partner Center API can only be performed using app + user authentication. With this in mind it might be easier to only use the app + user authentication flow.