device in Azure

0
votes

I am using https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-dotnet-iwa-v2/active-directory-dotnet-iwa-v2/#step-2-register-the-sample-with-your-azure-active-directory-tenant https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-dotnet-iwa-v2/active-directory-dotnet-iwa-v2/#step-2-register-the-sample-with-your-azure-active-directory-tenant to generate token and I have followed the procedure as mentioned in the above link. I have provided clientID in appsetting.json file and it keeps keeping Failed to get user name error.

I have used the admin account to generated the app.

screenshot of error: Joined with window:

enter image description here

enter image description here

1
c#asp.netazureazure-active-directorytoken
I tested this sample but didn't get this error. Please share a screenshot about your error. Besides, did you do anything other than create an Azure AD app and configure the client ID into the appsettings.json file? - Allen Wu
I am getting this Failed to get user name Press any key to exit from this catch (MsalClientException) - Abhishek Singh
What kind of account are you using to log in? Is it an Azure AD user or personal account? - Allen Wu
azure AD account - Abhishek Singh
I have tried github.com/AzureAD/microsoft-authentication-library-for-dotnet/… too. It is showing me that i am managed user in error. I need to be federated user and i dont know how to do it. - Abhishek Singh

1 Answers

1
votes

Based on our discussion, this issue should have been resolved. I will summarize the solution here.

As the sample overview says:

This sample demonstrates how to use MSAL.NET from apps that run on a domain joined or AAD joined Windows machine.

So you need to use an AAD joined Windows machine to test this sample.

Firstly, you need to add your Windows machine into your AAD domain.

Then when you run this sample, you may encounter the following error: The user or administrator has not consented to use the application with ID '{appId}' named '{appName}'.

This is because you haven't got user consent for this app in your AAD. You need to call AcquireTokenInteractive instead of AcquireTokenByIntegratedWindowsAuth in line 93 in PublicAppUsingIntegratedWindowsAuthentication.cs file. And then call AcquireTokenByIntegratedWindowsAuth again.

Now you can get the user signed-in on the Windows machine successfully.

Update:

Based on Constraints, IWA supports federated users only, meaning users created in Active Directory and backed by Azure AD. Users created directly in Azure AD, without Active Directory backing (managed users) can't use this authentication flow.

So if you want to use IWA(Integrated Windows Authentication), you need a federated account to test it.