Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Unauthorized error when following "Desktop app calls Web API" instructions
See original GitHub issuePlease provide us with the following information:
This issue is for a: (mark with an x)
- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
Minimal steps to reproduce
Follow the instructions completely. Then change the tenant to
commonin both App.config and appsettings.json. Then, sign in with personal microsoft account
Any log messages given by the failure
“An error occurred while getting /api/todolist > Unauthorized”
Expected/desired behavior
No errors.
OS and Version?
Windows 10 19042
Versions
Mention any other details that might be useful
I understand that the instructions say “this sample does not work with personal microsoft accounts”. What do I have to do in order to protect an API using personal microsoft accounts? This sample is everything that I need, except that I just need to accept personal MSAs from users. Please help!
Thanks! We’ll be in touch soon.
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks for the update @dpaulino I didn’t know either. I wonder if this is recent.
@jennyf19 @henrik-me : let’s try to improve the error message if we can at the level of Microsoft.Identity.Web (and possibly MSAL (@jennyf19 @henrik-me @bgavrilMS @trwalke @pmaytak)
cc: @lnalepa @SaeedAkhter-MSFT for the feedback …
I figured out the issue. By sheer luck, I discovered that Azure AD’s free-tier has a Single Sign-On limitation. You can only have 10 app registrations for SSO to work. I had 11. I reduced this down to 8, and then this sample code magically started working.
I’m extremely frustrated by this whole experience. The error messages I’m getting from Microsoft Identity made no mention of the SSO limitation. I’m just thankful that in my desperation, I was browsing through AAD’s settings pages to see if I missed a setting somewhere.
Perhaps you may want to add a warning like this in your docs: “Be aware that Azure AD has a limit of 10 app registrations when it comes to SSO authentication. This sample code will ask you to create 2 new app registrations, so please make sure you are not over the 10-app limit after creating them.” Or something like that.
So this issue is resolved, but I recommend adding the warning. Feel free to close this ticket as you see fit.