In the instruction document it has the following line:

4.Find the app key ida:RedirectUri and replace the value with the Redirect URI for the TodoListClient from the Azure portal, for example http://TodoListClient .

However, there is no ida:RedirectUri to be found in the code. Wondering what happened to this key and if it is important?

Hi,

This sample demonstrates how to use ADAL to sign in for accessing a Web API from a WPF app. In the call to authContext.AcquireToken it's passing the Resource URL of the web service. What if I just want to prompt the user to sign in to access the desktop client itself and there's no web api? Do you have any samples for that?

We have a web application and a WPF application. We want to have a single sign-on experience between these two. i.e. when user signs-in on the web app, then don't prompt them to sign-in on the WPF app and vice versa. And when the user signs off in one, sign them off on both apps. Is that supported? The application is Multi-Tenant.

Thanks!

I get this error on cloning the latest source

Error 1 NuGet Package restore failed for project TodoListService: Unable to find version '3.5.0.2' of package 'Antlr'.. 0 0

Hi, I was able to successfully configure the desktop app.

I'm trying to enforce MFA for users accessing the application. I have configured a conditional Access Policy for ALL USERS accessing the RESOURCE SERVER from ALL CLIENT APPS but The user is not prompted for MFA during Sign-in.

When I Enforce MFA on a user-level however, the user is prompted for MFA. Please let me know if I'm missing something or if this desktop app supports MFA via Conditional Access.

Thanks in advance!

I got this sample working at home on my Windows 8 machine. But in the office on my Windows 7 box, the same code throws at:
this.Deserialize(File.Exists(CacheFilePath) ? ProtectedData.Unprotect(File.ReadAllBytes(CacheFilePath), null, DataProtectionScope.CurrentUser) : null);
with
'ProtectedData.Unprotect(File.ReadAllBytes(CacheFilePath), null, DataProtectionScope.CurrentUser)' threw an exception of type 'System.Security.Cryptography.CryptographicException' base: {"Key not valid for use in specified state.\r\n"}

Hello,

I downloaded the solution and fixed all of the reference issues other then TokenCache base class used in FileCache.cs I have looked every where and can't trace the providing package.

Please let me know if you have any pointers for me.

Much appreciate.

Thanks!

I've successfully configured service app in azure and everything works fine.

But it seems like it never really validates token claims against AuthenticationOptions.

For example, I'm still able to call API if i put validation parameters like this:

app.UseWindowsAzureActiveDirectoryBearerAuthentication(
	new WindowsAzureActiveDirectoryBearerAuthenticationOptions
	{
		Tenant = "google.com",
		TokenValidationParameters = new TokenValidationParameters
		{
			ValidAudience = "dummy"
		}
	});

We've found that ADAL won't force a password prompt when logging in with an MSA, ie a user that has been imported into the tenant, if the user had previously entered the password, regardless of whether our process has restarted since then. We want to force a password prompt for all accounts on initial login during each process lifetime. This sample would be a good place to add that code...

After setting up the ToDoListClient and ToDoListService, the instructions told the reader to set both projects as startup projects (which I did) and then run it. How do I run it, without VS 2017 wanting to debug it?

Hi,
I've been following the instructions and could not perform step 7 :
"

7. Configure Permissions for your application. To that extent, in the Settings menu, choose the 'Required permissions' section and then, click on Add, then Select an API, and type TodoListService-NativeDotNet in the textbox. Then, click on Select Permissions and select Access 'TodoListService-NativeDotNet'.

"
In Select an API part, the app name appears in the list when I type it in, but grayed out - so I can't actually select it.

As a result [I assume], when I run the code I get an error:
The application named <app name> was not found in the tenant named mytenant.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Any advice will be appreciated!

What should be done if only cookies needed for ADAL apps should be cleared such that other apps are not impacted.

I start the app, authenticate, all it's good, and the cache stores the token in the file.
But everytime I restart the app, although the cache has the token, the authentication process mandates me to insert the credentials again.
Wasn't it supposed to be a Single visual login process?

The sample worked fine locally, but, once it was pushed to an Azure Web Site, when you start the client using the instructions listed, I received a

"AADSTS50001: Resource 'https://xxxxxx' is not registered for the account.

error. To resolve this error, I had to ensure that the “APP ID URI” value (single sign-on section) of the Azure portal, was copied to the following values prior to publishing the site.

web.config :
app.config :
app.config :

Once this was corrected, the native client worked as expected with the Azure published site.

Since the TodoListService largely behaves the same, it is tempting to not go through setting up that part when trying multiple samples and, instead, use the "Load existing project" into the new solution after dropping the TodoListService that came along.

I tried to use the TodoListService from this project for another project that (I think) was not expecting to get a "scope" claim. As a result it threw an exception. Noticed that the TodoListController code in that project actually checked if the claim itself was non-null before trying to read its value.

This is the line in the controller I'm referring to:

if (ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value

After logging out (TokenCache.Clear()) the tokencache isn't working anymore. When starting the client im getting this message:
AADSTS16000: Session is invalid due to expiration or recent password change

If I log-in, then the tokencache file is not saved.

Same here: http://stackoverflow.com/questions/30502926/aadsts16000-session-is-invalid-due-to-expiration-or-recent-password-change

Any input is most appreciated. I have tried this with both windows.net and microsoftonline.com.

Hi guys,

In the documentation and code samples found at the below links, the code samples look for a claim value "user_impersonation" in TodoListController.cs, and when creating the permissions on the app registration the name "access_as_user" is specified.

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi

https://github.com/azure-samples/active-directory-dotnet-native-desktop

When following steps outlined in the documentation at the second link, authentication is successful but exceptions are thrown in the Get and Put methods in TodoListController, reason being is the code samples find the first claim with type "http://schemas.microsoft.com/identity/claims/scope" and is expecting it to have the value "user_impersonation", else it throws an exception. However, the only claim of that type I can see returned is the "access_as_user" one created as part of the setup, needless to say, if I change the code to expect "access_as_user" it works.

Is it correct that the code samples are expecting a claim with value "user_impersonation", or should it be the "access_as_user" permission created during the documentation?

Mind you this is the first time I'm trying to authenticate against Azure AD, so I apologize in advance if this is not an issue and the problem is my lack of understanding/knowledge on the subject.

Regards

The client app does acquireToken using PromptBehavior.Never. It may be preferable to use acquireTokenSilent as we do in on behalf of cases.

Current: attempts silent token acquisition using acquireToken w/ a PromptBehavior.
Proposed: attempt silent token acquisition using acquireTokenSilent.

It took one day to over come this problem but was in vain.
I have checked it many times and tried with some other tenant name but that too in vain.
Please give me a detailed solution so as to get it done in one go....
Thanks.

In the Client console app, there is an appsetting:

ida:AppKey" value="[Enter app key as obtained from Azure Portal, e.g. NgT0Xhr71CoWyVgnNzmLAeo2RfRREh2nlQDx4gztOLk=]

It would be helpful to know where this value is sourced from. This would be a good thing to include in the setup instructions.

The interesting information is in the ErrorCode more so than the Message.