Comments (11)
@RegisStGelais : do your applications have the same client ID?
Applications can only share tokens if they have the same client ID (3P)
from microsoft-authentication-extensions-for-dotnet.
Yes.
In fact all the MSAL code is inside a dll.
Both the UI APP and the service call the same dll.
Also, I specify a path where to put the cache file that is not based on the windows user.
from microsoft-authentication-extensions-for-dotnet.
What does it mean, @RegisStGelais for your system not being able to access it? do you have repro steps? errors? exceptions?
from microsoft-authentication-extensions-for-dotnet.
It does not give me an exception, It just do not return the cached account. and then of coarse, AcquireTokenSilent fails with the expected exception when no account info is passed to it
MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call.
I will investigate further but it's a bit harder to debug a dll when it is called by a service.
The same dll works perfectly when called from the UI app.
from microsoft-authentication-extensions-for-dotnet.
I found how to attach the debugger to my running service.
What I found so far is that GetAccountsAsync returns an accounts object with an count of 0 and that accounts.FirstOrDefault() returns null.
I will keep digging.
from microsoft-authentication-extensions-for-dotnet.
Here are the exceptions that I get while debugging the service at the moment it tries to get the token:
Exception thrown: 'System.Security.Cryptography.CryptographicException' in System.Security.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
'UmtSyncService.exe' (CLR v4.0.30319: UmtSyncService.exe): Loaded 'C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll'. Symbols loaded.
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call.
from microsoft-authentication-extensions-for-dotnet.
Looks like the cryptography does not like the fact that the service is not logged to the same window user as the UI app.
Is there a way to tell the cachehelper to not use the cryptography and to store as plain text like it is possible to do if running on a linux platform ?
I tried to use WithLinuxUnprotectedFile but since I'm not on linux environment, the library ignore that setting (see MaslCacheStorage.cs at line 74
from microsoft-authentication-extensions-for-dotnet.
I ended up cresting my own simple token cache helper based on the serialization sample code on this page: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-token-cache-serialization
from microsoft-authentication-extensions-for-dotnet.
@RegisStGelais
did you try to move your .NET framework app to .NET framework 4.7.2?
from microsoft-authentication-extensions-for-dotnet.
also tried with 4.8
The issue is clear. The library uses the Microsoft cryptographie and that lib encode and decode based on the windows user.
Since my service and my UI app are not using the same windows user then it can't work.
I simply configure the tokenCache.SetBeforeAccess and tokenCache.SetAfterAccess events to my own cache file read and write functions and I encrypt/decrypt using a cryptography routine that is not based on the authentified windows user.
from microsoft-authentication-extensions-for-dotnet.
Thanks for the full explanation, @RegisStGelais
from microsoft-authentication-extensions-for-dotnet.
Related Issues (20)
- [Bug] Null Reference Exception Thrown in RegisterCache on Mac HOT 5
- CrossPlatLock does not work on UWP HOT 1
- Improved error message to steer users to .WithLinuxUnprotectedFile() or host workaround HOT 2
- How to prompt for account selection and then check the cache for a token instead of always requiring a password? HOT 4
- 1st party app using RPS HOT 2
- How to handle the locked default collection of Linux keyring when using msal storage? HOT 2
- LocalMachine-scoped cache serialization HOT 2
- Protect plaintext files with 600 permissions HOT 1
- "Operation is not supported on this platform." When trying to create cache in .NET MAUI in Mac Catalyst HOT 2
- Race condition in setting 600 permissions HOT 1
- Perf issue - Process.GetCurrentProcess() takes a long time
- Cannot build Xamarin.iOS App when Azure.Identity Nugets are installed. If I remove them then it builds and runs fine HOT 31
- When cache file directory does not exist, MsalCacheHelper crashes HOT 2
- Obsolete code in documentation HOT 1
- Non-async methods? HOT 1
- MsalCacheHelper.UserRootDirectory returns empty string when run in Azure function environment HOT 1
- Bug in CrossPlatLock? HOT 2
- Do I need to use this library? HOT 1
- On the encryption problem of AcquireTokenInteractive storage tokens HOT 4
- GitHub Releases Appear Outdated HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microsoft-authentication-extensions-for-dotnet.