Search code examples
c#azure.net-5azure-ad-msalwindows-server-2016

Azure login Desktop Error on .NET 5 with MSAL WAM (Windows Server 2016)

I am experiencing an issue with my WPF application (.NET 5) which attempts to authenticate the user interactively with a registered Azure AD Native application.

I would be grateful for any suggestions you guys might have on this issue.

My code follows the Microsoft tutorial https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-windows-desktop and the basic snippet follows the code like Microsoft shows in its sample https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-windows-desktop.

With the regard to .NET 5, the code uses WAM and the project is configured for: net5.0-windows10.0.17763.0 with the SupportedOSPlatformVersion = 7 as required. The only one Nuget package used is: Microsoft.Identity.Client 4.39.0.

Now the code works perfect on Windows 10, it fails on Windows Server 2016.

What happens on Windows 2016 is the Azure login prompt appears on the screen, then it disappears. Exception is returned with the message "Broker response returned error: User canceled authentication.". There is an error in the Event Log from the Broker Plugin - below. The WAM was supposed to work on Windows 2016 wasn't it?

Event log:

Faulting application name: Microsoft.AAD.BrokerPlugin.exe, version: 10.0.14393.4704, time stamp: 0x615bdfaa
Faulting module name: AAD.Core.dll, version: 10.0.14393.4704, time stamp: 0x615bdfc2
Exception code: 0xc0000005

(...)
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AAD.Core.dll
Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy

I'm including the code snippet below - it is almost like in the Microsoft sample app.

var builder = PublicClientApplicationBuilder.Create(ClientId)
    .WithAuthority($"{Instance}{Tenant}")
    .WithRedirectUri("http://localhost")
    .WithBroker();

var clientApp = builder.Build();

var authResult = await clientApp.AcquireTokenInteractive(scopes)
    .WithAccount(firstAccount)
    .WithParentActivityOrWindow(new WindowInteropHelper(this).Handle)
    .WithPrompt(Prompt.SelectAccount)
    .ExecuteAsync();
Solution

  • This was a bug which was fixed in later versions of MSAL library. Use 4.48.0 and you'll see that on Windows Server 2016 a browser will be used automatically to perform auth.