MSAL AcquireTokenInteractive code hangs / infinte loop when web application hosts on IIS

SyncTestUser1 1

I am using this chunk of code to get the access token. code is working fine on IIS Express but when I host web app in to IIS then code hangs and went in to infinite loop.

                authResult = await app.AcquireTokenInteractive(scopes).WithUseEmbeddedWebView(true)
                .ExecuteAsync();

I also opened the firewall ports on windows.

Saurabh Sharma 23,671 Reputation points Microsoft Employee

2020-09-10T23:37:13.457+00:00

@SyncTestUser1 Are you getting any error in IIS logs ? Is IIS hosted on a VM ? Are you following any documentation ?
SyncTestUser1 1 Reputation point

2020-09-11T10:16:40.193+00:00

No, IIS is at my local System , do I need to open the ports ?
I am debugging application in Visual Studio and hosted on IIS. When I changes properties to use IIS Express its work fine and return me a token.
SyncTestUser1 1 Reputation point

2020-09-14T08:56:10.79+00:00

Hi Saurabh , Please guide us we are stuck at this stage
Saurabh Sharma 23,671 Reputation points Microsoft Employee

2020-09-14T17:06:24.673+00:00

@SyncTestUser1 I am checking internally on this issue and let you know on my findings.
SyncTestUser1 1 Reputation point

2020-09-14T17:18:31+00:00
appoptions = new PublicClientApplicationOptions() { ClientId = clientId };
app = PublicClientApplicationBuilder.CreateWithApplicationOptions(appoptions)
.WithAuthority(new Uri($"https://login.microsoftonline.com/{tenantId}"))
.WithRedirectUri(redirectURI)
.Build();

try
{
var taskres = app.AcquireTokenInteractive(scopes).WithUseEmbeddedWebView(false)
.WithSystemWebViewOptions(options).ExecuteAsync();
taskres.Wait(); // this line is waiting state
AuthenticationResult res = taskres.Result;

} catch(Exception ex1) { string exc = ex1.ToString(); }

2 answers

Saurabh Sharma 23,671 Reputation points Microsoft Employee

2020-09-14T23:17:15.777+00:00

@SyncTestUser1 Thanks for sharing your code. Your web apps should use IConfidentialClientApplication and not PublicClientApplicationOptions. Publicclientapplication is not intended to be used like that. Also, as your IIS runs under a differential credential set but cannot interact with the current login user session and being a remote process IIS is not capable of launching a browser as compared to IIS express your calls are stuck. Please let me know how it goes after the modification.

Also, it may be good idea to use aync/await pattern instead of wait() in your code.
Please sign in to rate this answer.
SyncTestUser1 1 Reputation point

2020-09-16T08:20:02.983+00:00

Thanks Saurabh our problem solved with using IConfidentialClientApplication .
Now we wants to get the user and groups info from Azure AD.
Can you guide us which authentication provider we will use of Microsoft Graph.

SyncTestUser1 1 Reputation point

2020-09-16T10:49:53.493+00:00

try

{ IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(clientId) .WithTenantId(tenantId) .WithClientSecret(clientSecret) .Build(); ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication, scopes); GraphServiceClient graphServiceClient = new GraphServiceClient(authenticationProvider); **var me = await graphServiceClient.Me.Request().WithForceRefresh(true).GetAsync();** // stuck again here } catch (Exception ex) { string e = ex.ToString(); }

Saurabh Sharma 23,671 Reputation points Microsoft Employee

2020-09-16T23:30:20.71+00:00

@SyncTestUser1 Good to hear that. Please try to use the DelegateAuthenticationProvider. Refer to blog for code reference.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

SyncTestUser1 1 Reputation point

2020-09-17T10:22:40.213+00:00

public async Task<IGraphServiceUsersCollectionPage> getUsersAsyncGraph()
{

string[] scopes = new string[] { "https://graph.microsoft.com/.default" }; var token = confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync().Result; GraphServiceClient graphClient = new GraphServiceClient("https://graph.microsoft.com/v1.0", new DelegateAuthenticationProvider(async (requestMessage) => { requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", token.AccessToken); })); var tsk = graphClient.Users.Request().GetAsync().ConfigureAwait(false); return tsk.GetAwaiter().GetResult(); }

// code stull stuck in the last code statement, we tries different Async/await mechanisms , in console app its working fine but in Web //asp.Net code is stuck here.

Saurabh Sharma 23,671 Reputation points Microsoft Employee

2020-09-17T18:23:35.703+00:00

@SyncTestUser1 Are you getting any errors ?

SyncTestUser1 1 Reputation point

2020-09-18T06:45:52.783+00:00

No Error / No Exception, code just went in to infinite loop . Nothing returned.
Working fine in console application but not in web app.

Saurabh Sharma 23,671 Reputation points Microsoft Employee

2020-09-22T05:24:39.547+00:00

@SyncTestUser1 I am checking on this one and get back to you.

Saurabh Sharma 23,671 Reputation points Microsoft Employee

2020-09-23T05:48:25.42+00:00

@SyncTestUser1 Please can you try replacing

var tsk = graphClient.Users.Request().GetAsync().ConfigureAwait(false);
return tsk.GetAwaiter().GetResult();

with:

var tsk = graphClient.Users.Request().GetAsync().ConfigureAwait(false);
return await tsk;
Sign in to comment

TEJENDRA PRASAD PATEL 111

Hi,

I am trying to acquire Token using certificate to connect Graph API. Its works in console application and local IIS express.

However, when hosted same in IIS it get stuck and timed out.

var msalClient = ConfidentialClientApplicationBuilder
            .Create(config.ClientID)
            .WithCertificate(GetCertificateByThumbprint(config.ApplicationThumbprint))
            .WithAuthority(AadAuthorityAudience.AzureAdMyOrg, true)
            .WithTenantId(config.TenantID)
            .Build();

         result = await msalClient.AcquireTokenForClient(scopes).ExecuteAsync(); // ****Gets Stuck** - IT DOES NOT EVEN GO TO NEXT STEP**

        requestMessage.Headers.Authorization =
            new AuthenticationHeaderValue("bearer", await GetAccessTokenAsync());

        var users = await graphClient.Users.Request().Filter($"mail eq '{emailAddress}'").GetAsync();

I have createD ASP.NET MVC for poc and will convert into Web API.

I do not want to use user login token or such... There is no login page and we want to interact MS Graph API using application specific Client ID.

Please some one help on this.

thank you!