question

VoiculetCatalin-3724 avatar image
0 Votes"
VoiculetCatalin-3724 asked ·

Problem loging in from desktop app and fetching users

Hello, I am having trouble fetching users and logging in to my active directory from inside a desktop application. I am trying to make a testing application for trying out user login and groups, before that I downloaded an example application namely the "active-directory-wpf-msgraph". I registered the application inside my active directory, I modified the client id and tenant inside the example application along with the redirect url, I create a publicclientapp object and use it to get the accounts and to login, the directory and registered application has 3 users, one being my own user and 2 other test users, the GetAccountsAsync method doesn't return anything and trying to get a token by username and password using a test account tells me that the password is expired. I have tried to follow documentation examples step by step and I had no results. I am trying to do this with a trial account to test out user login, I wish to use the active directory system if it works to manage users inside my desktop application with it.

azure-active-directory
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@VoiculetCatalin-3724, Thank you for reaching out. I have used this sample personally and it works for me. In case its failing on your end, it would be good to start from a point of understanding the exact error being thrown in the code.

Also would like to know if for the user for whom it tells "password expired", is that user able to login to the Azure Portal normally, or even while trying to log in to the Azure Portal, the portal is also throwing the same error.

We would have to isolate the point of failure first to get his issue fixed. Do let me know the details as mentioned above.

0 Votes 0 ·
VoiculetCatalin-3724 avatar image
0 Votes"
VoiculetCatalin-3724 answered ·

I have managed to login from code on my test user after signin in to the portal and resetting password, I had to grant admin permissions for the last error. I still cannot fetch accounts using GetAccountsAsync and I wish to have users not require to reset password the first time, any help on how I can do that ?

· 9 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@VoiculetCatalin-3724, That's awesome, first hurdle done, we got in the application. Now if GetAccountAsync is not able to pull the details, ideally it should be making Graph API calls, so the next step would be to make sure if the proper permission applied on the app registration on the Graph API. Do check that once and if it still fails, do share the error as you had shared earlier so that we can take a look into that.

You can email me the details on azcommunity[at]microsoft[dot]com and do share the following details also along with the error message in the email:

  • Tenant ID/Tenant Name:

  • Subscription ID:

  • Application ID/Application Name:


0 Votes 0 ·

Thank you, I have added three more permisions, namely :
Read all users' full profiles, Read all users' basic profiles and
Read and write all users' full profiles. The application now fetches only one account, it being the one that I also logged in with, weirdly now I don't seem to be able to see the users inside my app registration anymore, I know I have three users, one of them being another test which I have not logged in for the first time and the other being my own account, why do I not see them anymore there and why can't I fetch my own account ?

0 Votes 0 ·
soumi-MSFT avatar image soumi-MSFT VoiculetCatalin-3724 ·

@VoiculetCatalin-3724, If you are saying that you are not able to find the other users details inside that app by clicking that "Call to Microsoft Graph API" button, that if I remember correctly, that sample only implements the following graph call "https://graph.microsoft.com/v1.0/me", which can only list details of the current logged in user in whose context the token is submitted to Graph.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.



0 Votes 0 ·
Show more comments
VoiculetCatalin-3724 avatar image
0 Votes"
VoiculetCatalin-3724 answered ·

Thank you for the fast response. I have tried to log in to the portal with that account, it asked me to reset the password because it's the first time I'm logging in, is there any way to have accounts not need to do this the first time? After doing so and trying again to run the application, I still don't fetch any accounts using GetAccountsAsync method and the AcquireTokenByUsernamePassword with the user I just logged in the portal with now says :
'A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: 5910082f-da05-4804-ae11-028ac4575200
Correlation ID: 7d319c9c-3d31-440d-ac44-0bce4fafad48
Timestamp: 2020-05-11 08:59:22Z'

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Update: I have changed the manifest to allow public users, but now I get this error : 'AADSTS65001: The user or administrator has not consented to use the application with ID '83722f48-9941-445b-9a5f-b8f97d3cedd2' named 'test'. Send an interactive authorization request for this user and resource.

0 Votes 0 ·