Giter Site home page Giter Site logo

Comments (11)

jmprieur avatar jmprieur commented on August 24, 2024

@RegisStGelais : do your applications have the same client ID?
Applications can only share tokens if they have the same client ID (3P)

from microsoft-authentication-extensions-for-dotnet.

RegisStGelais avatar RegisStGelais commented on August 24, 2024

Yes.
In fact all the MSAL code is inside a dll.
Both the UI APP and the service call the same dll.

Also, I specify a path where to put the cache file that is not based on the windows user.

from microsoft-authentication-extensions-for-dotnet.

jmprieur avatar jmprieur commented on August 24, 2024

What does it mean, @RegisStGelais for your system not being able to access it? do you have repro steps? errors? exceptions?

from microsoft-authentication-extensions-for-dotnet.

RegisStGelais avatar RegisStGelais commented on August 24, 2024

It does not give me an exception, It just do not return the cached account. and then of coarse, AcquireTokenSilent fails with the expected exception when no account info is passed to it
MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call.
I will investigate further but it's a bit harder to debug a dll when it is called by a service.
The same dll works perfectly when called from the UI app.

from microsoft-authentication-extensions-for-dotnet.

RegisStGelais avatar RegisStGelais commented on August 24, 2024

I found how to attach the debugger to my running service.
What I found so far is that GetAccountsAsync returns an accounts object with an count of 0 and that accounts.FirstOrDefault() returns null.
I will keep digging.

from microsoft-authentication-extensions-for-dotnet.

RegisStGelais avatar RegisStGelais commented on August 24, 2024

Here are the exceptions that I get while debugging the service at the moment it tries to get the token:

Exception thrown: 'System.Security.Cryptography.CryptographicException' in System.Security.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
'UmtSyncService.exe' (CLR v4.0.30319: UmtSyncService.exe): Loaded 'C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll'. Symbols loaded.
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in Microsoft.Identity.Client.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
Exception thrown: 'Microsoft.Identity.Client.MsalUiRequiredException' in mscorlib.dll
MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call.

from microsoft-authentication-extensions-for-dotnet.

RegisStGelais avatar RegisStGelais commented on August 24, 2024

Looks like the cryptography does not like the fact that the service is not logged to the same window user as the UI app.
Is there a way to tell the cachehelper to not use the cryptography and to store as plain text like it is possible to do if running on a linux platform ?

I tried to use WithLinuxUnprotectedFile but since I'm not on linux environment, the library ignore that setting (see MaslCacheStorage.cs at line 74

from microsoft-authentication-extensions-for-dotnet.

RegisStGelais avatar RegisStGelais commented on August 24, 2024

I ended up cresting my own simple token cache helper based on the serialization sample code on this page: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-token-cache-serialization

from microsoft-authentication-extensions-for-dotnet.

jmprieur avatar jmprieur commented on August 24, 2024

@RegisStGelais
did you try to move your .NET framework app to .NET framework 4.7.2?

from microsoft-authentication-extensions-for-dotnet.

RegisStGelais avatar RegisStGelais commented on August 24, 2024

also tried with 4.8

The issue is clear. The library uses the Microsoft cryptographie and that lib encode and decode based on the windows user.
Since my service and my UI app are not using the same windows user then it can't work.

I simply configure the tokenCache.SetBeforeAccess and tokenCache.SetAfterAccess events to my own cache file read and write functions and I encrypt/decrypt using a cryptography routine that is not based on the authentified windows user.

from microsoft-authentication-extensions-for-dotnet.

jmprieur avatar jmprieur commented on August 24, 2024

Thanks for the full explanation, @RegisStGelais

from microsoft-authentication-extensions-for-dotnet.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.