Hello, I am having trouble fetching users and logging in to my active directory from inside a desktop application. I am trying to make a testing application for trying out user login and groups, before that I downloaded an example application namely the "active-directory-wpf-msgraph". I registered the application inside my active directory, I modified the client id and tenant inside the example application along with the redirect url, I create a publicclientapp object and use it to get the accounts and to login, the directory and registered application has 3 users, one being my own user and 2 other test users, the GetAccountsAsync method doesn't return anything and trying to get a token by username and password using a test account tells me that the password is expired. I have tried to follow documentation examples step by step and I had no results. I am trying to do this with a trial account to test out user login, I wish to use the active directory system if it works to manage users inside my desktop application with it.

I have managed to login from code on my test user after signin in to the portal and resetting password, I had to grant admin permissions for the last error. I still cannot fetch accounts using GetAccountsAsync and I wish to have users not require to reset password the first time, any help on how I can do that ?

Thank you for the fast response. I have tried to log in to the portal with that account, it asked me to reset the password because it's the first time I'm logging in, is there any way to have accounts not need to do this the first time? After doing so and trying again to run the application, I still don't fetch any accounts using GetAccountsAsync method and the AcquireTokenByUsernamePassword with the user I just logged in the portal with now says : 'A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 5910082f-da05-4804-ae11-028ac4575200 Correlation ID: 7d319c9c-3d31-440d-ac44-0bce4fafad48 Timestamp: 2020-05-11 08:59:22Z'

Problem loging in from desktop app and fetching users

Accepted answer

Voiculet Catalin 96 Reputation points

2020-05-11T09:13:53.65+00:00

I have managed to login from code on my test user after signin in to the portal and resetting password, I had to grant admin permissions for the last error. I still cannot fetch accounts using GetAccountsAsync and I wish to have users not require to reset password the first time, any help on how I can do that ?
Please sign in to rate this answer.
soumi-MSFT 11,716 Reputation points Microsoft Employee

2020-05-11T09:37:07.947+00:00

@Voiculet Catalin , That's awesome, first hurdle done, we got in the application. Now if GetAccountAsync is not able to pull the details, ideally it should be making Graph API calls, so the next step would be to make sure if the proper permission applied on the app registration on the Graph API. Do check that once and if it still fails, do share the error as you had shared earlier so that we can take a look into that.

You can email me the details on azcommunity[at]microsoft[dot]com and do share the following details also along with the error message in the email:

Tenant ID/Tenant Name:

Subscription ID:

Application ID/Application Name:

Voiculet Catalin 96 Reputation points

2020-05-11T09:47:32.317+00:00

Thank you, I have added three more permisions, namely :
Read all users' full profiles, Read all users' basic profiles and
Read and write all users' full profiles. The application now fetches only one account, it being the one that I also logged in with, weirdly now I don't seem to be able to see the users inside my app registration anymore, I know I have three users, one of them being another test which I have not logged in for the first time and the other being my own account, why do I not see them anymore there and why can't I fetch my own account ?

soumi-MSFT 11,716 Reputation points Microsoft Employee

2020-05-11T10:12:47.207+00:00

@Voiculet Catalin , If you are saying that you are not able to find the other users details inside that app by clicking that "Call to Microsoft Graph API" button, that if I remember correctly, that sample only implements the following graph call "*https://graph.microsoft.com/v1.0/me*", which can only list details of the current logged in user in whose context the token is submitted to Graph.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.

Voiculet Catalin 96 Reputation points

2020-05-11T10:23:30.013+00:00

This is indeed the case, but I have changed the code, I am simply creating an IPublicClientApplication like this :
_clientApp = PublicClientApplicationBuilder.Create(ClientId)
.WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
.WithAuthority(AzureCloudInstance.AzurePublic, Tenant)
.Build();
And then using it to get the accounts and to login I do not use the graphAPIEndpoint anywhere. There's also the issue I have with new users needing to log in once to reset their password. I will make sure to accept the response as answer after !

soumi-MSFT 11,716 Reputation points Microsoft Employee

2020-05-11T10:26:43.04+00:00

@Voiculet Catalin , Great!!, that should get you what you are trying to get. Also, I am redeploying the code in my test environment also once again. Incase any further queries, feel free to reach out.

Voiculet Catalin 96 Reputation points

2020-05-11T10:44:34.67+00:00

Is there any way to have new users not need to log in the first time to reset their password ?

soumi-MSFT 11,716 Reputation points Microsoft Employee

2020-05-11T10:52:27.317+00:00

@Voiculet Catalin , There is a way, if you use a synced user from an on-prem domain, in that case, the new user wont be asked to change its password, since its password would be maintained in the on-prem Active Directory Environment. But in case you have users created directly in Azure or in future you would create users directly in Azure, then Azure would always asks users to change the password during their first login. But that should not be an issue, if you application supports MSAL which your application does use, it would be able to open up a mini browser and perform similar activities just as you could see while logging on to Azure Portal with a new user for the first time.

Voiculet Catalin 96 Reputation points

2020-05-11T10:54:42.033+00:00

I understand, thank you for the help !

soumi-MSFT 11,716 Reputation points Microsoft Employee

2020-05-11T10:59:10.127+00:00

@Voiculet Catalin , i just tried out that same application with a newly create Azure User, and I did find the option to update the password while trying to login to the app. Please refer to the screenshot below:
Sign in to comment

Problem loging in from desktop app and fetching users

1 additional answer