Search code examples
c#asp.netwebformsmicrosoft-graph-apiazure-ad-msal

MSAL for Webforms on .Net 4.8 conversion issue

I am trying to implement MSAL authentication for one of many legacy webforms applications at my company running .NET 4.8. I've installed the Microsoft.Identity.Client and related nuget packages and created the following authentication helper class:

using Flurl.Http;
using Microsoft.Identity.Client;
using Newtonsoft.Json;
using System.Web;
using System.Configuration;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Threading.Tasks;

public static class Auth
{
    public static async Task<string> Authenticate()
    {
        string clientId = ConfigurationManager.AppSettings["ClientId"];
        string tenantId = ConfigurationManager.AppSettings["TenantId"];
        string authority = "https://login.microsoftonline.com/" + tenantId;


        IPublicClientApplication app = PublicClientApplicationBuilder.Create(clientId)
            .WithRedirectUri("https://localhost:44374/")
            .Build();

        var scopes = new string[] {
            "https://graph.microsoft.com/user.read"
        };

        var result = await app.AcquireTokenInteractive(scopes)
            .ExecuteAsync();

        string json = await "https://graph.microsoft.com/v1.0/me"
            .WithOAuthBearerToken(result.AccessToken)
            .GetStringAsync();

        dynamic user = JsonConvert.DeserializeObject(json);
        string displayName = user.displayName;
        string userName = user.userPrincipalName;

        HttpContext.Current.Session["displayname"] = displayName;
        HttpContext.Current.Session["username"] = userName;
        return json;

    }
}

The webforms application builds without issue, but when the Auth.Authenticate() method is called I get the following exception:

exception

Microsoft.IdentityModel.Abstractions 6.29.0 was installed by nuget. After receiving the exception I added this binding redirection to the web.config but it did not clear up the exception:

            <dependentAssembly>
                <assemblyIdentity name="Microsoft.IdentityModel.Abstractions" publicKeyToken="31bf3856ad364e35" culture="neutral" />
                <bindingRedirect oldVersion="0.0.0.0-6.22.0.0" newVersion="6.22.0.0" />
            </dependentAssembly>

Can you point out mistakes I am making?

Solution

  • I had the same problem. What I found was that Microsoft.Identity.Client has a dependency for Microsoft.IdentityModel.Abstractions (>= 6.22.0) but is explicitly depending on version 6.22.0 and nothing higher. Meanwhile NuGet is installing the latest version of Microsoft.IdentityModel.Abstractions, for me version 7.4.0. When Identity.Client is called in your code, the dll is looking for it's reference to IdentityModel.Abstractions 6.22.0 and it cannot find it and errors out.

    The solution is to install Microsoft.IdentityModel.Abstractions version 6.22.0 in the NuGet package manager.

    Hopefully Microsoft will fix this soon.