GetConversationMembersAsync returning 403 (Forbidden)

I'm working on a messaging extension and am trying to get the email address of the user who is using the app.

This app is being used internally and I'm using the email address to query Active Directory for the user's username.

When attempting to use the GetConversationMembersAsync method I receive a 403 (Forbidden) exception.

I am running this through IIS Express in Visual Studio 2017.

    [BotAuthentication, TenantFilter]
public class MessagesController : ApiController
{
    static string AppID = ConfigurationManager.AppSettings["MicrosoftAppId"];
    static string AppPassword = ConfigurationManager.AppSettings["MicrosoftAppPassword"];

    [HttpPost]
    public async Task<HttpResponseMessage> Post([FromBody] Activity activity)
    {
        using (var connector = new ConnectorClient(new Uri(activity.ServiceUrl)))
        {
            var members = await connector.Conversations.GetConversationMembersAsync(activity.Conversation.Id);

System.UnauthorizedAccessException HResult=0x80070005 Message=Authorization for Microsoft App ID XXX failed with status code Forbidden and reason phrase 'Forbidden' Source=Microsoft.Bot.Connector StackTrace: at Microsoft.Bot.Connector.JwtTokenRefresher.d__2.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Net.Http.HttpClient.d__58.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) at Microsoft.Bot.Connector.Conversations.d__10.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Bot.Connector.ConversationsExtensions.d__11.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() at NewApp.Controllers.MessagesController.d__2.MoveNext() in C:\Users\xxxx\source\repos\NewApp\NewApp\Controllers\MessagesController.cs:line 25

Inner Exception 1: HttpRequestException: Response status code does not indicate success: 403 (Forbidden).

I found a similar issue here: Authorization for Microsoft App ID xxx failed with status code Forbidden and reason phrase 'Forbidden'. But that is not specifically for Microsoft Teams. connector-> Credentials->OAuthScope is showing "api.botframework.com/.default" but I believe that is correct for Teams.

My MicrosoftAppId and MicrosoftAppPassword are correct. If I comment out [BotAuthentication, TenantFilter] I get a 401 Unauthorized exception. If I comment out the line with GetConversationMembersAsync the app works.

I'm following the instructions here to attempt to get this context info: https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/bots/bots-context.

I know this is an old question, but I had the same issue and found the solution, in case it helps someone. You need to be sure and add MicrosoftAppCredentials.TrustServiceUrl(serviceURL);, as follows:

using (var connector = new ConnectorClient(new Uri(activity.ServiceUrl)))
{
    // the line below is the new required item
    MicrosoftAppCredentials.TrustServiceUrl(serviceURL);

    var members = await connector.Conversations.GetConversationMembersAsync(activity.Conversation.Id);

...