Cache helper in a .NET (Framework) service about microsoft-authentication-extensions-for-dotnet HOT 11 CLOSED

@RegisStGelais : do your applications have the same client ID?
Applications can only share tokens if they have the same client ID (3P)

from microsoft-authentication-extensions-for-dotnet.

Yes.
In fact all the MSAL code is inside a dll.
Both the UI APP and the service call the same dll.

Also, I specify a path where to put the cache file that is not based on the windows user.

from microsoft-authentication-extensions-for-dotnet.

What does it mean, @RegisStGelais for your system not being able to access it? do you have repro steps? errors? exceptions?

from microsoft-authentication-extensions-for-dotnet.

It does not give me an exception, It just do not return the cached account. and then of coarse, AcquireTokenSilent fails with the expected exception when no account info is passed to it
MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call.
I will investigate further but it's a bit harder to debug a dll when it is called by a service.
The same dll works perfectly when called from the UI app.

from microsoft-authentication-extensions-for-dotnet.

I found how to attach the debugger to my running service.
What I found so far is that GetAccountsAsync returns an accounts object with an count of 0 and that accounts.FirstOrDefault() returns null.
I will keep digging.

from microsoft-authentication-extensions-for-dotnet.

Here are the exceptions that I get while debugging the service at the moment it tries to get the token:

Exception thrown: 'System.Security.Cryptography.CryptographicException' in System.Security.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
'UmtSyncService.exe' (CLR v4.0.30319: UmtSyncService.exe): Loaded 'C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll'. Symbols loaded.
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call.

from microsoft-authentication-extensions-for-dotnet.

Looks like the cryptography does not like the fact that the service is not logged to the same window user as the UI app.
Is there a way to tell the cachehelper to not use the cryptography and to store as plain text like it is possible to do if running on a linux platform ?

I tried to use WithLinuxUnprotectedFile but since I'm not on linux environment, the library ignore that setting (see MaslCacheStorage.cs at line 74

from microsoft-authentication-extensions-for-dotnet.

I ended up cresting my own simple token cache helper based on the serialization sample code on this page: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-token-cache-serialization

from microsoft-authentication-extensions-for-dotnet.

@RegisStGelais
did you try to move your .NET framework app to .NET framework 4.7.2?

from microsoft-authentication-extensions-for-dotnet.

also tried with 4.8

The issue is clear. The library uses the Microsoft cryptographie and that lib encode and decode based on the windows user.
Since my service and my UI app are not using the same windows user then it can't work.

I simply configure the tokenCache.SetBeforeAccess and tokenCache.SetAfterAccess events to my own cache file read and write functions and I encrypt/decrypt using a cryptography routine that is not based on the authentified windows user.

from microsoft-authentication-extensions-for-dotnet.

Thanks for the full explanation, @RegisStGelais

from microsoft-authentication-extensions-for-dotnet.