Sora-8410 avatar image
0 Votes"
Sora-8410 asked Deva-MSFT edited

ImmutableID of the user missing when trying to acquire a token for MS Graph API (Windows auth)


I'm developing an API that uses the Microsoft Graph Client SDK to make multiples calls to a Sharepoint site.

To authenticate the users making the calls to the API, I'm using the Integrated Windows Provider method, with this very simple code:

 var clientApp = PublicClientApplicationBuilder
 var token = clientApp.AcquireTokenByIntegratedWindowsAuth(new string[] { _apiSettings.Value.MicrosoftGraphApiScopeUrl })

When calling the method containing this code in local, it works flawlessly. But when I deploy the app to our test server, and by using the NTLM authentication with the same user than in local, I'm having this error:

Microsoft.Identity.Client.MsalUiRequiredException: AADSTS90020: The SAML 1.1 Assertion is missing ImmutableID of the user.

When printing the content of the HttpContext.User, I see that the same user, connected to the same group, is both used on the "online" and the local version.

I already tried adding this header, but it's not doing anything:

 var immId = new Dictionary<string, string>();
 immId.Add("Prefer", "IdType=\"ImmutableId\"");
 var token = clientApp.AcquireTokenByIntegratedWindowsAuth(new string[] { _apiSettings.Value.MicrosoftGraphApiScopeUrl })

What can I do ?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers