Azure AD Silent Authentication from Desktop App C#

Question

I am trying to have silent authentication with Azure AD from a desktop app. I am using MSAL.NET 4.72.2, specifically this particular call. It is not recommended by Microsoft for some specific reasons, none of them applies to my case. However, it is supposed to work silently, like in a traditional case, you pop up a login WinForm in the app and provide user name and password. Then click OK and eventually it comes down to this call:

 authResult = await app.AcquireTokenByUsernamePassword(
              scopes,
              ClientApp.SafeStorage.DecryptString(ClientApp.Username),
              ClientApp.SafeStorage.DecryptString(ClientApp.Pwd))
              .ExecuteAsync(CancellationToken.None)
              .ConfigureAwait(true);

where ClientApp.Username and ClientApp.Pwd are username and password. The problem is that this call fails against Azure AD without MFA enabled for that account:

Microsoft.Identity.Client.MsalServiceException: 'A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 50d49e42-d5e4-4cd8-984d-540c3d538a00 Correlation ID: 7874e878-1084-4f32-9679-69030a2dbed8 Timestamp: 2022-11-02 23:09:46Z'

Answer 1

You need to enable Public Client Flows on your app registration. As below: