question

SyncTestUser1-5226 avatar image
0 Votes"
SyncTestUser1-5226 asked TEJENDRAPRASADPATEL-1709 edited

MSAL AcquireTokenInteractive code hangs / infinte loop when web application hosts on IIS


I am using this chunk of code to get the access token. code is working fine on IIS Express but when I host web app in to IIS then code hangs and went in to infinite loop.

                 authResult = await app.AcquireTokenInteractive(scopes).WithUseEmbeddedWebView(true)
                 .ExecuteAsync();

I also opened the firewall ports on windows.

azure-ad-libraries
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SyncTestUser1-5226 Are you getting any error in IIS logs ? Is IIS hosted on a VM ? Are you following any documentation ?

0 Votes 0 ·

No, IIS is at my local System , do I need to open the ports ?
I am debugging application in Visual Studio and hosted on IIS. When I changes properties to use IIS Express its work fine and return me a token.

0 Votes 0 ·

Hi Saurabh , Please guide us we are stuck at this stage

0 Votes 0 ·

@SyncTestUser1-5226 I am checking internally on this issue and let you know on my findings.

0 Votes 0 ·
Show more comments
SaurabhSharma-msft avatar image
0 Votes"
SaurabhSharma-msft answered SaurabhSharma-msft commented

@SyncTestUser1 Thanks for sharing your code. Your web apps should use IConfidentialClientApplication and not PublicClientApplicationOptions. Publicclientapplication is not intended to be used like that. Also, as your IIS runs under a differential credential set but cannot interact with the current login user session and being a remote process IIS is not capable of launching a browser as compared to IIS express your calls are stuck. Please let me know how it goes after the modification.

Also, it may be good idea to use aync/await pattern instead of wait() in your code.


· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Saurabh our problem solved with using IConfidentialClientApplication .
Now we wants to get the user and groups info from Azure AD.
Can you guide us which authentication provider we will use of Microsoft Graph.

0 Votes 0 ·

try

         {
             IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
                 .Create(clientId)
                 .WithTenantId(tenantId)
                 .WithClientSecret(clientSecret)
                 .Build();
             ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication, scopes);            
             GraphServiceClient graphServiceClient = new GraphServiceClient(authenticationProvider);              
             **var me = await graphServiceClient.Me.Request().WithForceRefresh(true).GetAsync();**  // stuck again here
         }
         catch (Exception ex)
         {
             string e = ex.ToString();
         }
0 Votes 0 ·

@SyncTestUser1-5226 Good to hear that. Please try to use the DelegateAuthenticationProvider. Refer to blog for code reference.



Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

0 Votes 0 ·
Show more comments
TEJENDRAPRASADPATEL-1709 avatar image
0 Votes"
TEJENDRAPRASADPATEL-1709 answered TEJENDRAPRASADPATEL-1709 edited

Hi,

I am trying to acquire Token using certificate to connect Graph API. Its works in console application and local IIS express.

However, when hosted same in IIS it get stuck and timed out.


 var msalClient = ConfidentialClientApplicationBuilder
             .Create(config.ClientID)
             .WithCertificate(GetCertificateByThumbprint(config.ApplicationThumbprint))
             .WithAuthority(AadAuthorityAudience.AzureAdMyOrg, true)
             .WithTenantId(config.TenantID)
             .Build();
    
          result = await msalClient.AcquireTokenForClient(scopes).ExecuteAsync(); // ****Gets Stuck** - IT DOES NOT EVEN GO TO NEXT STEP**
    
         requestMessage.Headers.Authorization =
             new AuthenticationHeaderValue("bearer", await GetAccessTokenAsync());
    
         var users = await graphClient.Users.Request().Filter($"mail eq '{emailAddress}'").GetAsync();


I have createD ASP.NET MVC for poc and will convert into Web API.

I do not want to use user login token or such... There is no login page and we want to interact MS Graph API using application specific Client ID.

Please some one help on this.

thank you!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.