-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure AD B2C - .NET-Web app calling web api - No account or login hint was passed to the AcquireTokenSilent call #149
Comments
Logged exactly the same ticket with MSFT back in Jan. They were unable/unprepared to provide support for the sample code despite it being from Microsoft. regards |
@BrianS-CF thanks for sharing this with me. This is very strange that Microsoft team is not at all responding. I am sort of stuck with this issue. And there is no way, I can reach out to any of the team mates who worked on MSAL.NET library. |
We will revamp this sample to use Microsoft.Identity.Web - our higher level API https://github.com/AzureAD/microsoft-identity-web/wiki/asp-net If you use ASP.NET Core (all new projects should!), then I recommend looking at the official ASP.NET Core sample: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master |
Hello bgavrilMS, we are not using .NET Core, our app is based on .NET (4.7.2 && MVC 3). We are struggling to know why we are getting account as null. Any pointers for troubleshotting would be very helpful. |
@spalmcc - when you log in the user the first time, you get an auth code and that gets exchanged for a token. This happens here: active-directory-b2c-dotnet-webapp-and-webapi/TaskWebApp/App_Start/Startup.Auth.cs Line 133 in d2a78d9
Look at Next, look at the GetB2CMsalAccountIdentifier / GetAccountsCall. What account id does it compute. What is the value here? (this is the cache GET operation). Note: I think I can alraedy spot a problem - active-directory-b2c-dotnet-webapp-and-webapi/TaskWebApp/Utils/ClaimsPrincipalExtension.cs Line 50 in d2a78d9
|
CC @jmprieur |
@bgavrilMS private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
From sample code we know about we can access the id token. access token / claims. But that's not the issue. We cant to call a end point using WepAPI for that we need to have access to the Access Token in the controller. public async Task Index() private async Task AcquireTokenForScopes(string[] scopes) My configuration of web api on Azure under appservice seems to be correct as I could access the end points by using postman (configured the postman and I can get access token) Following is what you posted in previous post which is not clear to me at all Next, look at the GetB2CMsalAccountIdentifier / GetAccountsCall. What account id does it compute. What is the value here? (this is the cache GET operation). Note: I think I can alraedy spot a problem - Could you please be little more explicit here? |
You had mentioned the following"- Next, look at the GetB2CMsalAccountIdentifier / GetAccountsCall. What account id does it compute. What is the value here? (this is the cache GET operation). And this is what "return $"{userObjectId}-{Globals.SignUpSignInPolicyId}.{tenantId}";" being returned. Hope this would help. |
@bgavrilMS any update would be appreciated. It's not to put any pressure jut wanted to know. |
Hi @spalmcc - I have a PR out with a possible fix. Please try it out.
|
@bgavrilMS |
I tried and I am getting account as null in task controller.
|
@bgavrilMS
|
What is the value of The accountID is made up of:
In many cases the |
@bgavrilMS I am stuck with something at work so not able to further look into this. I will revert back in some time. |
im seeing the same exception flying by using the example from Microsoft |
I'm also facing the same issue. Do we have any solution for that. |
Folks, we now have a sample up and running for ASP.NET + Microsoft.Identity.Web. This library provides higher level APIs and integration with both ASP.ENT and ASP.NET Core. We don't have the B2C variant, but it should be fairly similar. Please see https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect |
Having the same issue myself - code + deployment was working fine two months ago. I'm using a B2C standard sign in and sign up flow but the user is not authenticated after the sign up flow completes. |
Note to all - there seems to have been a bug for my issue that was resolved by bumping packages. I was using Blazor Server for my client UI, connecting to a .NET API. Here is what I've updated to:
|
Hello All,
We have configured web app and web api on Azure as per the sample code and instructions provided by Micosoft (https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi)
What is the issue? When I am trying to access the token in web controller, I am getting the following error: "No account or login hint was passed to the AcquireTokenSilent call."
Refer the following image where we can making a call to get the token.
Refer the following image where the method details are there.
The main issue is, account is coming as null. Refer the following image:-
We are not able to find where is the issue, why account is coming as null.
So I did the following to ensure web api is configured properly:-
Added one more redirect uri on Web Api on Azure (https://www.postman.com/oauth2/callback) for postman
Added all configuration in postman
Started the web api project locally
Manage to get access token
Able to hit one end point successfully to the web api(Get call)
Able one end point successfully to the web api (Post call)
So this test ensures that web api project is configured in Azure and working fine using Azure AD B2C Authentication.
I did a similar test by running a userflow againts the web api project and I could see tokens getting generated (Not sure if this is a legitimate test)
I have been reading the issue on internet.But not able to find an exact issue like this. Any pointers would be very hekpfull.
best regards
The text was updated successfully, but these errors were encountered: