Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] netcore_daemon sample not working

See original GitHub issue

Which Version of MSAL are you using ? 4.7.1 Platform netcoreapp3.0 What authentication flow has the issue? Device code flow (browserless)

Is this a new or existing app? This is a straight download of https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-netcore-daemon ; the only changes are setting the Tenant, ClientId and ClientSecret in appsettings.json.

Repro Follow the steps from https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-netcore-daemon, which are summarized as: Download the sample. Register a new app on the Azure portal. Create a client secret for it. Add User.Read.All to its API and grant it admin consent. Populate appsettings.json with the Tenant, ClientId and ClientSecret generated by the portal page. Run the app.

Expected behavior The app outputs a list of users in the tenant.

Actual behavior The app fails; after enabling logging, it outputs:

MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) MSAL MSAL.NetCore with assembly version '4.7.1.0'. CorrelationId(6a1c22a2-cafa-40dc-bada-f3d366651994)
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False

MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0)
=== Request Data ===
Authority Provided? - True
Scopes - https://graph.microsoft.com/.default
Extra Query Params Keys (space separated) -

MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) === Token Acquisition (ClientCredentialRequest) started:

        Authority Host: login.microsoftonline.com
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) Looking up access token in the cache.
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) Filtering by tenant id item count before 0 after 0
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) No matching entry found for user or assertion
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) Fetching instance discovery from the network from host login.microsoftonline.com
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) Resolving authority endpoints... Already resolved? - FALSE
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:08 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) ScopeSet was missing from the token response, so using developer provided scopes in the result.
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:09 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) Checking client info returned from the server..
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:09 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) Saving Token Response to cache..
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:09 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) Looking for scopes for the authority in the cache which intersect with https://graph.microsoft.com/.default
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:09 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) Intersecting scope entries count - 0
MSAL Info False (False) MSAL 4.7.1.0 MSAL.NetCore Microsoft Windows 10.0.18363 [11/24/2019 17:25:09 - 6a1c22a2-cafa-40dc-bada-f3d366651994] (UnknownClient: 0.0.0.0) === Token Acquisition finished successfully. An access token was returned with Expiration Time: 11/24/2019 18:25:08 +00:00 ===
Token acquired
Failed to call the Web Api: Forbidden
Content: {
  "error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "524235d5-5faf-4b54-9b4b-2109df8c5e51",
      "date": "2019-11-24T17:25:09"
    }
  }
}

I’ve played around with this for a while, but I don’t know why it’s not working. The token should be good for the registered app, and the registered app should have the relevant privilege. I’ve tried adding force refresh, but it doesn’t seem to change anything.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:9 (4 by maintainers)

github_iconTop GitHub Comments

2reactions
FilippoPolocommented, Nov 26, 2019

Hey, wait… looking at our screenshots, the “type” field is “application” for you and “delegate” for me. Is that relevant? I’m off to search about it…

Edit: all right! I read up about that, and after sorting out the issue, it works.

I wish I could recommend some change to allow detecting this situation and warning the user, but I can’t think of how that would be possible…

Thanks for your assistance!

0reactions
FilippoPolocommented, Nov 26, 2019

Yes: Cattura

Read more comments on GitHub >

github_iconTop Results From Across the Web

A .NET Core daemon console application using MSAL. ...
A .NET Core daemon console application using MSAL. ... This sample will not work with a Microsoft account (formerly Windows Live account).
Read more >
c# - What is the proper way to work with the OneDrive API?
I want to interact with OneDrive in my WinForms application. Sadly, the Azure quick start samples do not include WinForms, just UWD. The...
Read more >
Extremely Buggy and Unreliable Fix for Naturalist Role ...
So like a lot of people who recently got the Naturalist Role my field guide does not count Samples as being collected, thus...
Read more >
Microsoft Graph API and .NET Core - unop
Graphs are awesome and a great way of showing trends. However, this post is about a different sort of graph, not the worrying...
Read more >
Samples not working correctly in browser (DEF-3339) - Bugs
Hi, I'm new here. I just started using Defold and I've already found a lot of bugs. RPG map sample Desktop version works...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Feature Request] MSAL support for other IdP's such as Okta

Next page

[Bug] MSAL on UWP not working with Http Proxy (WAB does not take OS proxy)